DSM Accelerator Webservice Deployment on AWS Lambda

1.0 Introduction

The Fortanix-Data-Security-Manager (DSM) Accelerator Webservice distribution is packaged in a way that makes it versatile for multiple different strategies.

This article describes the procedure to deploy the Fortanix DSM Accelerator Webservice on Amazon Web Services (AWS) Lambda.

2.0 Overview

The AWS Lambda functions operate on an event-driven architecture, while the Fortanix DSM Accelerator Webservice primarily follows a REST-based paradigm. A new binary has been introduced to ensure seamless operation of the Fortanix DSM Accelerator Webservice within the Lambda environment, despite the architectural disparities. This Fortanix DSM Accelerator Webservice image is compatible and can be used in both container deployments and Lambda function deployments, ensuring a consistent experience across different deployment scenarios.

For more information, refer to the Official AWS GitHub repository. This project includes all the essential components necessary for compiling a Rust binary that is compatible with Lambda.

NOTE

This binary differs from the Fortanix DSM Accelerator Webservice binary and is specifically intended for use with the Lambda service. As this binary resides within the same container image, additional steps must be undertaken during the container image deployment process.

3.0 Deployment Procedure

Perform the following steps to utilize the Fortanix DSM Accelerator image and publish it to their ECR for deploying a Lambda function:

1. Go to the AWS Lambda Home page.

2. Click Create Function.

3. Select the Container Image option as the deployment method, as the image will be sourced from ECR.

4. Set the function name and choose the ECR image.

5. Configure the necessary permissions.
   For more information, refer to the AWS official documentation.

6. Click the Create Function button.

After successful creation, you can access the function's details page.

4.0 Configure the Image Entrypoint

Lambda provides the capability to override the ENTRYPOINT specified in the Docker file, allowing the utilization of the Fortanix DSM Accelerator Webservice image while ensuring that the Lambda binary is executed.

Perform the following steps to configure the image entrypoint:

1. Scroll to the Image Configuration section in the Image tab of the Function page.

2. Click Edit to override the entrypoint to /app/dsma-lambda.
   For more information, refer to the AWS official documentation.

5.0 Configure the Environment Variables

Perform the following steps to configure the environment variables:

1. Navigate to the Configuration tab and select the Environment Variables option.

2. Click Edit.

3. Update the value for the FORTANIX_API_ENDPOINT environment variable to specify the DSM Accelerator Webservice endpoint.

For more information, refer to the AWS official documentation.

6.0 Create a Function URL

A function URL facilitates interaction with Fortanix DSM Accelerator Webservice APIs using the REST interface. The function URL effectively serves as the host for the Fortanix DSM Accelerator Webservice and can be employed in REST calls accordingly. For more information, refer to the AWS official documentation.

To monitor Fortanix DSM Accelerator Webservice logs and function performance, similar to running a standalone Fortanix DSM Accelerator Webservice container, you can utilize CloudWatch. For more information, refer to the AWS official documentation.

You can now seamlessly operate the Fortanix DSM Accelerator Webservice container image as an AWS Lambda Function within the AWS ecosystem.

7.0 Examples for Other Fortanix DSM Accelerator Offerings

This section describes examples of other Fortanix DSM Accelerator offerings for AWS Lambda configuration.

7.1 AWS Lambda for JCE Provider

Click the package below to download the Fortanix DSM Accelerator JCE Provider example for AWS Lambda:

For more information on the build and deployment steps, refer to the README file available in the package.