CCM-12615: APIM Authentication

[simonlabarere]

Description

APIM Key generation / rotation + token generation.

Context

• Lambda to generate a public/private key pair if required. Scheduled to run once a day.
• S3 Bucket to store the public key.
• Cloudfront to expose public key to APIM
• Private key stored in SSM.
• Lambda to generate an auth token using the API key and Private key in SSM. Scheduled to run every 9 minutes.

Testing

Developer portal updated to make the APIM application point at the the public key of this PR

Private and Public keys generated by the key-generation lambda

Public key exposed using Cloudfront

Auth token generated by the refresh-apim-access-token lambda

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[gareth-allan]

Some minor comments from a look through the TF changes. I still need to look over the actual lambda code.

[gareth-allan]

Looks good!