A Guide to Create Azure AD Users Using AWS Lambda and Node.js

Overview

In today’s connected world, managing user access to multiple systems and applications is critical to any organization’s IT infrastructure. Azure Active Directory (Azure AD) is a powerful identity and access management solution from Microsoft; AWS Lambda provides automation capabilities. In this blog, we will explore combining these two technologies to enable Azure AD users to use AWS Lambda and Node.js.

Introduction

User account management is required in Azure Active Directory (Azure AD), Microsoft’s powerful identity management system. However, this task can be difficult, especially in large organizations where users change frequently.

The key to meeting this challenge is automation. Azure AD provides APIs that allow you to manage user accounts, while AWS Lambda provides serverless resources that allow you to execute code in response to various interactions. In this tutorial, we’ll explore how we can leverage the power of this technology by using AWS Lambda and Node.js to automate the creation of Azure AD users.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Pre-requisites

Before diving into creating Azure AD users using AWS Lambda and Node.js, ensuring you have the necessary prerequisites is important. These prerequisites will help you lay the foundation for success. You will need the following:

Azure AD account – You must have access to an Azure AD account with the necessary permissions to create and manage applications.
Azure AD Application – Create an Azure AD application to represent programmatic access to Azure AD. You must install this app with appropriate permissions.
Azure AD Tenant ID – Note the Azure AD Tenant ID that identifies your Azure AD instance.
AWS Account – You must have an AWS account to create and deploy AWS Lambda functions.
js and npm – Ensure you have Node.js and npm (package manager) installed on your development machine. You will write Node.js code for the lambda function.
Azure AD Application Credentials – Get the Client ID and Client Secret for the Azure AD application. These credentials are required for authentication with Azure AD.
AWS Lambda IAM role – Create an AWS Identity and Access Management (IAM) role with permissions to execute the AWS Lambda function and access Azure AD API.
Development Environment – Create your favorite development environment, such as Visual Studio Code or a code editor of your choice.

When you’re sure the prerequisites are met, you’ll be ready to follow the next steps in this tutorial. These considerations are required to securely connect Azure AD and AWS Lambda to serve client applications.

Setting Up Azure AD Application

To interact with Azure AD programmatically, you must create an Azure AD application. This application acts as a bridge between policy and Azure AD.

The important steps in this process include:

Register the new application in Azure AD.
Improve the authorization implementation to provide the ability to create and manage users.
Get the client ID and client secret that the Node.js code will use for authentication.
Configuring the Azure AD application correctly is critical to providing secure and authorized access to Azure AD resources.

Setting Up AWS Lambda Function

You will configure an AWS Lambda function to execute the code for creating an Azure AD user. This includes:

Create a new AWS Lambda function using the Node.js runtime.
Enable an environment variable to store Azure AD credentials securely.
Ensure the AWS Lambda function has the appropriate AWS IAM role, full permissions, and Azure AD access.
Configuring AWS Lambda functions effectively is critical to running smoothly in the AWS environment.

Node.js Code

Below is a simple Node.js code example for creating a user in Azure AD using the @azure/identity and @azure/graph libraries. You need to install these libraries via npm.

 import axios from 'axios'; 

import AWS from 'aws-sdk'; 

  

export const handler = async (event, context) => { 

  try { 

    const accessKey = process.env.CLIENT_ID; 

    const secretKey = process.env.CLIENT_SECRET; 

  

    const getTokenOptions = { 

      method: 'POST', 

      url: 'https://api.raven360.com/gettoken', 

      headers: { 

        'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2', 

        'Content-Type': 'application/json', 

      }, 

      data: { 

        client_id: accessKey, 

        client_secret: secretKey, 

      }, 

    }; 

  

    const tokenResponse = await axios(getTokenOptions); 

    const tokenData = tokenResponse.data; 

     

    console.log("tokenData",tokenData.data.token); 

     

    const currentTimestamp = Date.now(); 

    const expirationTimestamp = new Date(tokenData.data.valid_to).getTime(); 

     

    

  

    if (expirationTimestamp > currentTimestamp) { 

       

    var data = JSON.stringify({ 

      "learningobject_type": "Content", 

      "from_date": "01-01-2022", 

      "to_date": "10-01-2022" 

    });       

    const learningObjectsOptions = { 

            method: 'POST', 

            url: 'https://api.raven360.com/administration/catalog/learningobjects', 

            headers: { 

              'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2', 

              'Authorization': tokenData.data.token, 

              'Accept': 'application/json', 

              'Content-Type': 'application/json' 

            }, 

            data:data 

      }; 

      const learningObjectsResponse = await axios(learningObjectsOptions); 

       

      const learningObjectsData = learningObjectsResponse.data; 

  

      const jsonContent = JSON.stringify(learningObjectsData); 

       

      AWS.config.update({ region: 'ap-south-1' }); 

       

      // Create a new instance of the S3 client 

      const s3 = new AWS.S3(); 

       

      // Specify the parameters for the S3 operation 

      const params = { 

        Bucket: 'freecloudcourses', 

        Key: 'learning_objects.json', 

        Body: jsonContent, 

        ContentType: 'application/json', 

      }; 

  

      // Upload the file to S3 

      await s3.putObject(params).promise(); 

  

      return learningObjectsData; 

    } else { 

      return { error: 'Token has expired' }; 

    } 

   

  } 

   catch (error) { 

    console.error('Error fetching data:', error); 

    return { error: 'Failed to fetch data' }; 

  } 

}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

import axios from 'axios';

import AWS from 'aws-sdk';

export const handler = async (event, context) => {

try {

const accessKey = process.env.CLIENT_ID;

const secretKey = process.env.CLIENT_SECRET;

const getTokenOptions = {

method: 'POST',

url: 'https://api.raven360.com/gettoken',

headers: {

'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2',

'Content-Type': 'application/json',

data: {

client_id: accessKey,

client_secret: secretKey,

};

const tokenResponse = await axios(getTokenOptions);

const tokenData = tokenResponse.data;

console.log("tokenData",tokenData.data.token);

const currentTimestamp = Date.now();

const expirationTimestamp = new Date(tokenData.data.valid_to).getTime();

if (expirationTimestamp > currentTimestamp) {

var data = JSON.stringify({

"learningobject_type": "Content",

"from_date": "01-01-2022",

"to_date": "10-01-2022"

});

const learningObjectsOptions = {

method: 'POST',

url: 'https://api.raven360.com/administration/catalog/learningobjects',

headers: {

'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2',

'Authorization': tokenData.data.token,

'Accept': 'application/json',

'Content-Type': 'application/json'

data:data

};

const learningObjectsResponse = await axios(learningObjectsOptions);

const learningObjectsData = learningObjectsResponse.data;

const jsonContent = JSON.stringify(learningObjectsData);

AWS.config.update({ region: 'ap-south-1' });

// Create a new instance of the S3 client

const s3 = new AWS.S3();

// Specify the parameters for the S3 operation

const params = {

Bucket: 'freecloudcourses',

Key: 'learning_objects.json',

Body: jsonContent,

ContentType: 'application/json',

};

// Upload the file to S3

await s3.putObject(params).promise();

return learningObjectsData;

} else {

return { error: 'Token has expired' };

}

catch (error) {

console.error('Error fetching data:', error);

return { error: 'Failed to fetch data' };

}

Deploy AWS Lambda Function

Deploy your Lambda function to AWS and configure the necessary trigger (e.g., an API Gateway, CloudWatch event, etc.) to execute the AWS Lambda function when needed.

Test the AWS Lambda Function

You can test your AWS Lambda function to ensure it successfully creates a user in Azure AD. Monitor the Lambda logs for any errors or issues.

Ensure you replace “YOUR_AZURE_TENANT_ID” and other placeholders with your Azure AD and user information.

Remember that this is a simplified example, and in a production environment, you should consider error handling, logging, and security best practices. Follow Azure AD and AWS security recommendations to protect your credentials and resources.

Conclusion

This tutorial explored the best solution for creating Azure AD users using AWS Lambda and Node.js. By leveraging the API capabilities of Azure AD and the serverless computing power of AWS Lambda, you can easily personalize and access the management process.

Automating user configuration not only saves time and reduces the risk of errors but also increases the efficiency of your IT organization. Armed with the knowledge gained from this course, you are ready to simplify user management and take an important step towards more effective and sustainable self-management.

Drop a query if you have any questions regarding Azure AD Users using AWS Lambda and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, AWS EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.

FAQs

1. Can I use this solution to work with other Azure AD management systems other than user creation?

ANS: – Although this tutorial focuses on building client applications, you can use the same principles to perform many Azure AD management tasks programmatically. With Azure AD’s extensive API capabilities, you can perform tasks such as user authentication, group management, and even applications.

2. How will sensitive evidence used in this process be protected?

ANS: – Safety is the number one concern. To protect your Azure AD credentials and ensure secure communication, use AWS Secrets Manager or AWS Parameter Store to store your secrets such as Azure AD Client Secrets, securely. This ensures that sensitive data remains encrypted and accessible only to authorized services and functions.