func-api-registration-keys-get
Overview
Deploys the Lambda function that handles GET /registration-keys. Returns the active registration keys generated by the authenticated user (scoped by Cognito sub). Powers the Registration Keys page in the management console. The route is authenticated via the Cognito JWT authorizer (any authenticated user).
CloudFormation Stack
firefly-func-api-registration-keys-get
CloudWatch Logs
| Setting | Value |
|---|---|
| Log group | /aws/lambda/firefly-func-api-registration-keys-get |
| Retention | 30 days |
Dependencies
Deploy Dependencies
| Workflow | Reason |
|---|---|
| api-gateway | ApiId and AuthorizerId resolved from stack outputs |
| dynamodb-registration-keys | Table must exist before the function is deployed and granted scan access |
| shared-layer | Lambda layer must exist before function deployment |
Delete Dependencies
None — this workflow has no prerequisites.
Required By
Required By Deploy
| Workflow | Reason |
|---|---|
| run-integration-tests | Endpoint must be live before integration tests run |
Required By Delete
| Workflow | Reason |
|---|---|
| delete-api-gateway | Route registration must be removed before the API Gateway stack is deleted |
| delete-dynamodb-registration-keys | IAM permissions referencing the table must be removed first |
| delete-shared-layer | Layer reference must be removed before the layer stack is deleted |
IAM Permissions
The Lambda execution role (firefly-func-api-registration-keys-get-role) is granted:
dynamodb:Scanonfirefly-registration-keysappconfig:StartConfigurationSession,appconfig:GetLatestConfigurationon*
Deploy Workflow
Description
Resolves the HTTP API Gateway ID, JWT Authorizer ID, shared layer ARN, and AppConfig extension layer ARN from CloudFormation stack outputs, then performs a SAM deploy.
Steps
- Configure AWS credentials.
- Look up
ApiIdfrom thefirefly-api-gatewaystack output. - Look up
AuthorizerIdfrom thefirefly-api-gatewaystack output. - Look up
SharedLayerArnfrom thefirefly-shared-layerstack output. - Look up
AppConfigExtensionLayerArnfrom thefirefly-shared-layerstack output. - SAM deploy
firefly-func-api-registration-keys-getwith parameters:ApiIdAuthorizerIdSharedLayerArnAppConfigExtensionLayerArn
Delete Workflow
Description
Calls sam delete to remove the Lambda function, its IAM role, and the API Gateway route integration. Also deletes the CloudWatch log group.
Steps
- Configure AWS credentials.
- SAM delete
firefly-func-api-registration-keys-get. - Delete CloudWatch log group
/aws/lambda/firefly-func-api-registration-keys-get.
Failure Scenarios
| Scenario | Behavior |
|---|---|
firefly-api-gateway stack not found | describe-stacks returns an error; workflow fails before SAM deploy. Deploy api-gateway first. |
firefly-dynamodb-registration-keys stack not deployed | Function deploys but returns errors at runtime. Deploy dynamodb-registration-keys first. |
firefly-shared-layer stack not found | Layer ARN lookup fails; SAM deploy is not attempted. Deploy shared-layer first. |