aws-solutions-library-samples
diff --git a/‎CustomIdentityComponent/lambda/login_with_steam.py‎
Lines changed: 61 additions & 4 deletions b/‎CustomIdentityComponent/lambda/login_with_steam.py‎
Lines changed: 61 additions & 4 deletions
diff --git a/‎CustomIdentityComponent/lib/custom_identity_component-stack.ts‎
Lines changed: 15 additions & 8 deletions b/‎CustomIdentityComponent/lib/custom_identity_component-stack.ts‎
Lines changed: 15 additions & 8 deletions
@@ -11,11 +11,16 @@
 import requests
 from aws_lambda_powertools import Tracer
 from aws_lambda_powertools import Logger
+from aws_lambda_powertools import Metrics
+from aws_lambda_powertools import single_metric
+from aws_lambda_powertools.metrics import MetricUnit
 from aws_lambda_powertools.utilities import parameters
 import time
 
 tracer = Tracer()
 logger = Logger()
+metrics = Metrics()
+metrics.set_default_dimensions(function=os.environ['AWS_LAMBDA_FUNCTION_NAME'])
 config = Config(connect_timeout=2, read_timeout=2)
 dynamodb = boto3.resource('dynamodb', config=config)
 
@@ -25,6 +30,20 @@
 # Steam Web Api key from Secrets manager, cached between requests for 15 minutes
 steam_web_api_secret_max_age = 15 * 60
 
+def record_success_metric():
+ metrics.add_metric(name="success", unit=MetricUnit.Count, value=1)
+
+
+def record_failure_metric(reason: str):
+ with single_metric(
+ name="failure",
+ unit=MetricUnit.Count,
+ value=1,
+ default_dimensions=metrics.default_dimensions
+ ) as metric:
+ metric.add_dimension(
+ name="reason", value=reason)
+
 # Creates a new user when there's no existing user for the Steam ID
 @tracer.capture_method
 def create_user(steam_id):
@@ -47,6 +66,8 @@ def create_user(steam_id):
  logger.info("User already exists")
  return None
 
+ metrics.add_metric(name="created_user", unit=MetricUnit.Count, value=1)
+ 
  return user_id
 
 @tracer.capture_method
@@ -99,7 +120,7 @@ def get_existing_user(steam_id):
 @tracer.capture_method
 def add_new_user_to_steam_table(user_id, steam_id):
  try:
- steam_id_user_table_name = os.getenv("STEAM_USER_TABLE");
+ steam_id_user_table_name = os.getenv("STEAM_USER_TABLE")
  steam_id_user_table = dynamodb.Table(steam_id_user_table_name)
  steam_id_user_table.put_item(
  Item={
@@ -109,12 +130,14 @@ def add_new_user_to_steam_table(user_id, steam_id):
  return True
  except Exception as e:
  logger.info("Exception adding user to Steam ID table: ", e)
+
+ metrics.add_metric(name="new_steam_user", unit=MetricUnit.Count, value=1)
 
  return False
 
 def link_steam_id_to_existing_user(user_id, steam_id):
  try:
- user_table_name = os.getenv("USER_TABLE");
+ user_table_name = os.getenv("USER_TABLE")
  user_table = dynamodb.Table(user_table_name)
  # Update existing user
  user_table.update_item(
@@ -130,6 +153,8 @@ def link_steam_id_to_existing_user(user_id, steam_id):
  return True
  except Exception as e:
  logger.info("Exception linking user to existing user: ", e)
+
+ metrics.add_metric(name="linked_user", unit=MetricUnit.Count, value=1)
 
  return False
 
@@ -143,9 +168,19 @@ def check_steam_token(token: str) -> str:
  params={'key': steam_web_api_key, 'appid': os.environ['STEAM_APP_ID'], 'ticket': token})
  elapsed_ms = round(((datetime.datetime.utcnow()-send_time).microseconds)/1000)
  logger.debug(f'Steam response', elapsed_ms=elapsed_ms, code=response.status_code, headers=response.headers, body=response.text)
+
+ with single_metric(
+ name="duration",
+ unit=MetricUnit.Milliseconds,
+ value=elapsed_ms,
+ default_dimensions=metrics.default_dimensions
+ ) as metric:
+ metric.add_dimension(name="partner", value='Steam')
+ metric.add_dimension(name="api", value='ISteamUserAuth/AuthenticateUserTicket/v1')
 
  if response.status_code != 200:
  logger.error("Steam returned an error", response_code=response.status_code)
+ record_failure_metric(f'Steam returned {response.status_code}')
  return None
 
  response_body = response.json()
@@ -155,30 +190,44 @@ def check_steam_token(token: str) -> str:
  break
 
  logger.info("Received 103, retrying after a delay")
+ with single_metric(
+ name="retry",
+ unit=MetricUnit.Count,
+ value=1,
+ default_dimensions=metrics.default_dimensions
+ ) as metric:
+ metric.add_dimension(name="partner", value='Steam')
+ metric.add_dimension(name="api", value='ISteamUserAuth/AuthenticateUserTicket/v1')
  time.sleep(1)
 
  response_dict = response_body.get('response', {}).get('params', {})
  if not 'result' in response_dict or response_dict['result'] != 'OK':
- logger.info("Result in not OK", result= response_dict['result'])
+ result = response_dict['result']
+ logger.info("Result in not OK", result=result)
+ record_failure_metric(f'Steam result {result}')
  return None
 
  if not 'steamid' in response_dict:
  logger.error("steamid missing", response=response_dict)
+ record_failure_metric(f'steamid missing')
  return None
  steam_user_id = response_dict['steamid']
 
  if 'vacbanned' in response_dict and response_dict['publisherbanned']:
  logger.info("User is VAC Banned", steam_user_id=steam_user_id)
+ record_failure_metric(f'VAC Banned')
  return None
 
  if 'publisherbanned' in response_dict and response_dict['publisherbanned']:
- logger.info("User is Published Banned", steam_user_id=steam_user_id)
+ logger.info("User is Publisher Banned", steam_user_id=steam_user_id)
+ record_failure_metric(f'Publisher Banned')
  return None
 
  return steam_user_id
 
 
 # define a lambda function that returns a user_id
+@metrics.log_metrics
 @tracer.capture_lambda_handler
 def lambda_handler(event, context):
 
@@ -200,10 +249,12 @@ def lambda_handler(event, context):
  if steam_user_id:
  logger.info("Received Steam user ID: ", steam_user_id=steam_user_id)
  else:
+ # failure metrics handled by check_steam_token
  return generate_error('Error: Failed to validate Steam token')
 
  except Exception as e:
  logger.error("exception in check_steam_token", error=e)
+ record_failure_metric(f'exception in check_steam_token {e}')
  return generate_error('Error: Token validation error')
 
  if steam_user_id != None:
@@ -214,6 +265,7 @@ def lambda_handler(event, context):
  existing_user_request_success, user_id = get_existing_user(steam_user_id)
  # If there was a problem getting existing user, abort as we don't want to create duplicate
  if existing_user_request_success is False:
+ record_failure_metric(f'Failed the try getting existing user')
  return generate_error('Error: Failed the try getting existing user')
  else:
  success = True # Successfully tried getting existing user, might still be None (not found)
@@ -227,12 +279,14 @@ def lambda_handler(event, context):
  # Validate the auth_token
  decoded_backend_token = decrypt(query_params['auth_token'])
  if decoded_backend_token is None:
+ record_failure_metric(f'Failed to authenticate with existing identity')
  return generate_error('Error: Failed to authenticate with existing identity')
  # Set the user_id
  user_id = decoded_backend_token['sub']
  # Try to link the new user to an existing user
  success = link_steam_id_to_existing_user(user_id, steam_user_id)
  if success is False:
+ record_failure_metric(f'Failed to link new user to existing user')
  return generate_error('Error: Failed to link new user to existing user')
 
  # OPTION 3: Else If no user yet and we didn't request linking to an existing user, create one and add to user table
@@ -244,6 +298,7 @@ def lambda_handler(event, context):
  user_id = create_user(steam_user_id)
  tries += 1
  if user_id == None:
+ record_failure_metric(f'Failed to create user')
  return generate_error('Error: Failed to create user')
 
  # Add user to Appe Id User table in both cases (linking and new user)
@@ -257,7 +312,9 @@ def lambda_handler(event, context):
  # Create for scope "authenticated" so backend can differentiate from guest users if needed
  auth_token, refresh_token, auth_token_expires_in, refresh_token_expires_in = encrypt(payload, "authenticated")
  # NOTE: We might want to send back all attached identities from user table?
+ record_success_metric()
  return generate_success(user_id, steam_user_id, auth_token, refresh_token, auth_token_expires_in, refresh_token_expires_in)
 
  # Failed to return success, return final error
+ record_failure_metric(f'Invalid request')
  return generate_error('Error: Failed to authenticate')
@@ -114,7 +114,8 @@ export class CustomIdentityComponentStack extends Stack {
  environment: {
  "ISSUER_BUCKET": issuer_bucket.bucketName,
  "ISSUER_ENDPOINT": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": secret.secretName,
  }
  });
@@ -210,7 +211,7 @@ export class CustomIdentityComponentStack extends Stack {
  // Define an API Gateway for the authentication component public endpoint
  const logGroup = new logs.LogGroup(this, "CustomIdentityAPiAccessLogs");
  const api_gateway = new apigw.RestApi(this, 'ApiGateway', {
- restApiName: 'CustomIdentityComponentApi',
+ restApiName: 'CustomIdentityComponent',
  description: 'Custom Identity Component API',
  deployOptions: {
  accessLogDestination: new apigw.LogGroupLogDestination(logGroup),
@@ -268,7 +269,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": secret.secretName,
  "USER_TABLE": user_table.tableName
  }
@@ -315,7 +317,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": secret.secretName,
  "USER_TABLE": user_table.tableName
  }
@@ -396,7 +399,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": secret.secretName,
  "USER_TABLE": user_table.tableName,
  "APPLE_APP_ID": appId,
@@ -457,7 +461,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": privateKeySecret.secretName,
  "USER_TABLE": user_table.tableName,
  "STEAM_APP_ID": appId,
@@ -528,7 +533,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": privateKeySecret.secretName,
  "USER_TABLE": user_table.tableName,
  "GOOGLE_PLAY_CLIENT_ID": googlePlayClientId,
@@ -598,7 +604,8 @@ export class CustomIdentityComponentStack extends Stack {
  memorySize: 2048,
  environment: {
  "ISSUER_URL": "https://"+distribution.domainName,
- "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponentApi",
+ "POWERTOOLS_METRICS_NAMESPACE": "AWS Game Tech",
+ "POWERTOOLS_SERVICE_NAME": "CustomIdentityComponent",
  "SECRET_KEY_ID": secret.secretName,
  "USER_TABLE": user_table.tableName,
  "FACEBOOK_APP_ID" : appId,