authentication - Authenticate AWS Service to access data from SharepointOnline site

Question

We are building a Lambda service running on AWS, which on a specified frequency will retrieve content from the SharePoint Online site by calling the SharePoint API (GetByTitle('')/Items).

The SharePoint online site is protected by Azure AD.

The authentication approach does not require user interaction so that it will be a service to service authentication. Hence we are choosing Client Credential Grant Flow.

The question I have is, for the Lambda service to authenticate and access content in the SharePoint online site, can it directly authenticate using Azure AD or is there any other service that needs to be setup ex: AzureAD Connect.

I am new to AWS, any help, additional information will be much appreciated.

question from:https://stackoverflow.com/questions/65880189/authenticate-aws-service-to-access-data-from-sharepointonline-site

Answer 1

To use client credential grant service to service flow ,

1. you need to register web API within your Azure AD Tenant directory.

2. Furthermore create a client ID and client secret to be used by the AWS lambda

   For step 1) and 2) please refer this document from Microsoft.

3. You can go for OAuth client credential flow as described in this article to make service to service calls. This is another way make service to service calls.

4. In AWS Lambda, you can invoke receptive Microsoft Azure AD REST APIs.

Following are some useful reference about, AWS lambda integration with an external IdP. You can skip not need AWS resources/components mentioned in the following setup;

1. Use AWS Lambda authorizers with a third-party identity provider

2. Lambda authorizer Auth workflow