Managing access to information can be a delicate task. You may need to expose certain data to a client but not grant full access. Cloud functions on AWS and Google Cloud Platform (GCP) can be a great way to achieve this controlled access.
I’ll use GCP for my current example.
Below, I will walk you through the steps to create a cloud function using GCP. The example we’ll use involves retrieving and filtering data from a third-party service.
Creating a cloud function like the one below involves several specific steps, including setting up IAM (Identity and Access Management) rules, and using a zip file to upload the code. Here’s a step-by-step guide:
My example function
let axios = require('axios');
let options = {
method: 'get',
headers: {
Authorization:
'Bearer Token-For-Your-Service'
}
};
exports.GetMyData = async (req, res) => {
try {
let details = [];
# Fetches a list of some clienst and projects
let response = await axios(
'https://api.the-special-service.com/api/to/some/function',
options
);
# Do your filtering and logic on that data, and expose what is needed
# This is just an example so no copy and paste ok :)
let filtered_list_for_client = response.data.our_sites.filter(
i => i.id.match(/my-client-id/) && i.type.match(/report-on-site/i)
);
# Make a new endpoint with the filtered data, preferably you would secure this endpoint aswell.
for (let check_site of filtered_list_for_client) {
let res = await axios(
`https://api.the-special-service.com/api/to/some/function/check-site/${check_site.id}`,
options
);
details.push(res.data.check);
}
res.status(200).send(details);
} catch (err) {
res.status(500).send({ error: err });
}
};
package.json
{
"name": "my-report-for_my_client",
"version": "1.0.0",
"description": "",
"dependencies": {
"axios": "^0.19.2"
}
}
Step 1: Prepare Your Function
- Create your
index.jsandpackage.jsonfiles, as shown in the previous example. - Write your logic, this can be a full node app as you normally write your apps.
- It is important to note what you named your exported function in the index.js as its needed when setting up the entrypoint function.
- Zip the entire directory containing your
index.js,package.json, andnode_modulesfolder. - Make sure to include everything required for your function to run.
Step 2: Set Up IAM Roles
- Go to the IAM & Admin page in the Google Cloud Console.
- Click on “Create Role” and define the permissions required for your function. Common permissions might include Cloud Functions Developer, Cloud Functions Invoker, and additional permissions depending on your specific use case.
- Assign the role to the service account or user that will deploy or invoke the function.
Step 3: Create the Cloud Function
- Navigate to the Cloud Functions page in the Google Cloud Console.
- Click on “Create Function.”
- Fill in the required details
- Name: A unique name for the function.
- Memory allocated: Adjust based on your function’s requirements.
- Trigger: Choose HTTP as the trigger.
- Source code: Upload your index.js and package.json files.
- Set the function entrypoint to execute in my example it would be
exports.GetMyData.
Step 4: Configure the Authentication
- If your function requires authentication, consider using environment variables to store sensitive information like the bearer token.
- Alternatively, you may leverage Google Cloud Secret Manager for handling secrets.
- Click on “Create” to deploy the function.
- Once deployed, you will see the URL endpoint to which you can send requests.
Well this was a boilerplate setup but you get the gist of it and now create your own tool if you need it.
Buy Me a Coffee