Feature Requests

Got an idea for a feature request? Let us know! Share your ideas on improving existing features or suggest something new. Vote on ideas you find useful!

Make sure to read our guidelines before posting ๐Ÿ“–

support Auth type "AWS_IAM" for lambda webhooks

I want notification policy to trigger lambda function that receives webhooks. For some use cases, we want a lambda function to trigger step functions that perform - pre - track run (start, approve, watch until done) - post I want to reuse the spacelift webhooks as opposed to building out a github integration b/c spacelift tracking webhooks are already getting fired off when we want and contain all of the information that our lambda function needs. I have a POC for this today that does: - named webhook that connects to our lambda function via a public url - approval policy for a stack (so that it will get enqueued, but not be executed, the lambda function will do the approval to control when plan/apply happens) - this is a bit of a workaround that I canโ€™t use an event that happens just when the commit it updated without triggering a stack, but that is a less important ticket for later :)) - tag stacks that should be managed by the step functions - global notificaiton policy that looks for our tagged stacks in QUEUED state to fire off lambda function - lamda function calls a step function that does pre stuff, then approves the stack, then watches until done, then calls post stuff The current approach has the following issues: - if I use a public lambda url I must set auth type to None (unclear if this is going to fly with security beyond POC) - I may need to build out my own auth via api gateway via the shared secret (Iโ€™d prefer not to invent this pattern) - Secrets used for auth are readable in spacelift Ideally, I could integrate with lambda using a webhook that can authorize via Auth type AWS_IAM - this should be possible using either the role assigned to the worker or a stack - although I would prefer using the workers role

๐Ÿ’ก Feature Requests

7 days ago