Login
September 18, 2023|
Voiced by Amazon Polly |
Overview
In today’s connected world, managing user access to multiple systems and applications is critical to any organization’s IT infrastructure. Azure Active Directory (Azure AD) is a powerful identity and access management solution from Microsoft; AWS Lambda provides automation capabilities. In this blog, we will explore combining these two technologies to enable Azure AD users to use AWS Lambda and Node.js.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Introduction
User account management is required in Azure Active Directory (Azure AD), Microsoft’s powerful identity management system. However, this task can be difficult, especially in large organizations where users change frequently.
The key to meeting this challenge is automation. Azure AD provides APIs that allow you to manage user accounts, while AWS Lambda provides serverless resources that allow you to execute code in response to various interactions. In this tutorial, we’ll explore how we can leverage the power of this technology by using AWS Lambda and Node.js to automate the creation of Azure AD users.
Pre-requisites
Before diving into creating Azure AD users using AWS Lambda and Node.js, ensuring you have the necessary prerequisites is important. These prerequisites will help you lay the foundation for success. You will need the following:
- Azure AD account – You must have access to an Azure AD account with the necessary permissions to create and manage applications.
- Azure AD Application – Create an Azure AD application to represent programmatic access to Azure AD. You must install this app with appropriate permissions.
- Azure AD Tenant ID – Note the Azure AD Tenant ID that identifies your Azure AD instance.
- AWS Account – You must have an AWS account to create and deploy AWS Lambda functions.
- js and npm – Ensure you have Node.js and npm (package manager) installed on your development machine. You will write Node.js code for the lambda function.
- Azure AD Application Credentials – Get the Client ID and Client Secret for the Azure AD application. These credentials are required for authentication with Azure AD.
- AWS Lambda IAM role – Create an AWS Identity and Access Management (IAM) role with permissions to execute the AWS Lambda function and access Azure AD API.
- Development Environment – Create your favorite development environment, such as Visual Studio Code or a code editor of your choice.
When you’re sure the prerequisites are met, you’ll be ready to follow the next steps in this tutorial. These considerations are required to securely connect Azure AD and AWS Lambda to serve client applications.
Setting Up Azure AD Application
To interact with Azure AD programmatically, you must create an Azure AD application. This application acts as a bridge between policy and Azure AD.
The important steps in this process include:
- Register the new application in Azure AD.
- Improve the authorization implementation to provide the ability to create and manage users.
- Get the client ID and client secret that the Node.js code will use for authentication.
- Configuring the Azure AD application correctly is critical to providing secure and authorized access to Azure AD resources.
Setting Up AWS Lambda Function
You will configure an AWS Lambda function to execute the code for creating an Azure AD user. This includes:
- Create a new AWS Lambda function using the Node.js runtime.
- Enable an environment variable to store Azure AD credentials securely.
- Ensure the AWS Lambda function has the appropriate AWS IAM role, full permissions, and Azure AD access.
- Configuring AWS Lambda functions effectively is critical to running smoothly in the AWS environment.
Node.js Code
Below is a simple Node.js code example for creating a user in Azure AD using the @azure/identity and @azure/graph libraries. You need to install these libraries via npm.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 |
import axios from 'axios'; import AWS from 'aws-sdk'; export const handler = async (event, context) => { try { const accessKey = process.env.CLIENT_ID; const secretKey = process.env.CLIENT_SECRET; const getTokenOptions = { method: 'POST', url: 'https://api.raven360.com/gettoken', headers: { 'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2', 'Content-Type': 'application/json', }, data: { client_id: accessKey, client_secret: secretKey, }, }; const tokenResponse = await axios(getTokenOptions); const tokenData = tokenResponse.data; console.log("tokenData",tokenData.data.token); const currentTimestamp = Date.now(); const expirationTimestamp = new Date(tokenData.data.valid_to).getTime(); if (expirationTimestamp > currentTimestamp) { var data = JSON.stringify({ "learningobject_type": "Content", "from_date": "01-01-2022", "to_date": "10-01-2022" }); const learningObjectsOptions = { method: 'POST', url: 'https://api.raven360.com/administration/catalog/learningobjects', headers: { 'x-api-key': 'Zju2Y4of4C5BOSafLEf428cIp1bxg6oE3dp2qeK2', 'Authorization': tokenData.data.token, 'Accept': 'application/json', 'Content-Type': 'application/json' }, data:data }; const learningObjectsResponse = await axios(learningObjectsOptions); const learningObjectsData = learningObjectsResponse.data; const jsonContent = JSON.stringify(learningObjectsData); AWS.config.update({ region: 'ap-south-1' }); // Create a new instance of the S3 client const s3 = new AWS.S3(); // Specify the parameters for the S3 operation const params = { Bucket: 'freecloudcourses', Key: 'learning_objects.json', Body: jsonContent, ContentType: 'application/json', }; // Upload the file to S3 await s3.putObject(params).promise(); return learningObjectsData; } else { return { error: 'Token has expired' }; } } catch (error) { console.error('Error fetching data:', error); return { error: 'Failed to fetch data' }; } } |
Deploy AWS Lambda Function
Deploy your Lambda function to AWS and configure the necessary trigger (e.g., an API Gateway, CloudWatch event, etc.) to execute the AWS Lambda function when needed.
Test the AWS Lambda Function
You can test your AWS Lambda function to ensure it successfully creates a user in Azure AD. Monitor the Lambda logs for any errors or issues.
Ensure you replace “YOUR_AZURE_TENANT_ID” and other placeholders with your Azure AD and user information.
Remember that this is a simplified example, and in a production environment, you should consider error handling, logging, and security best practices. Follow Azure AD and AWS security recommendations to protect your credentials and resources.
Conclusion
This tutorial explored the best solution for creating Azure AD users using AWS Lambda and Node.js. By leveraging the API capabilities of Azure AD and the serverless computing power of AWS Lambda, you can easily personalize and access the management process.
Drop a query if you have any questions regarding Azure AD Users using AWS Lambda and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.
FAQs
1. Can I use this solution to work with other Azure AD management systems other than user creation?
ANS: – Although this tutorial focuses on building client applications, you can use the same principles to perform many Azure AD management tasks programmatically. With Azure AD’s extensive API capabilities, you can perform tasks such as user authentication, group management, and even applications.
2. How will sensitive evidence used in this process be protected?
ANS: – Safety is the number one concern. To protect your Azure AD credentials and ensure secure communication, use AWS Secrets Manager or AWS Parameter Store to store your secrets such as Azure AD Client Secrets, securely. This ensures that sensitive data remains encrypted and accessible only to authorized services and functions.
WRITTEN BY Shreya Shah
PREV
Comments