Python is dependency is out of date

[BMorinDrifter]

Following the install instructions ran into this after running:
cdk synth --profile brianmorin

[Warning at /CustomIdentityComponentStack/IssuerEndpoint/Resource] AwsSolutions-CFR1: The CloudFront distribution may require Geo restrictions.

[Warning at /CustomIdentityComponentStack/IssuerEndpoint/Resource] AwsSolutions-CFR2: The CloudFront distribution may require integration with AWS WAF.

[Error at /CustomIdentityComponentStack/GenerateKeys/Resource] AwsSolutions-L1: The non-container Lambda function is not configured to use the latest runtime version.

[Error at /CustomIdentityComponentStack/LoginAsGuest/Resource] AwsSolutions-L1: The non-container Lambda function is not configured to use the latest runtime version.

[Error at /CustomIdentityComponentStack/RefreshAccessToken/Resource] AwsSolutions-L1: The non-container Lambda function is not configured to use the latest runtime version.


Found errors

Probably a simple fix, but leaving a tracking issue here.

[BMorinDrifter]

Related, I'm coming at this from Terraform, new to CDK. This confused me as well:
aws/aws-cdk#17942

[juhoaws]

Hi!

Thanks for reporting this! Looks like latest cdk-nag is picking up errors I didn't get before on the new Lambda runtimes. You can bypass the cdk-nag for now to get past this error and I will fix the root cause soon.

Just comment out these lines in the /CustomIdentityComponent/bin/custom_identity_component.ts:

// CDK-nag
  //Aspects.of(app).add(new AwsSolutionsChecks());

  // Suppressions
  //NagSuppressions.addStackSuppressions(identityComponentStack, [
  //  { id: 'AwsSolutions-APIG4', reason: 'The API has to be publicly accessible as it is built for user login and authentication for custom identities.' },
  //  { id: 'AwsSolutions-COG4', reason: 'The API cannot use Cognito User Pools as it is an API built for login and authentication for custom identities.' },
  //]);

And do the same for /BackendComponentSamples/bin/backend_component_samples.ts

[BMorinDrifter]

This was easy enough to work around. I'm in the process of making a bunch of changes to login_with_steam.py and will include updating the Python dependency with that PR.

[juhoaws]

I also added a temporary suppression for that Lambda warning (it's expecting Python 3.11 and we are using 3.10). I'll update the libraries to enable 3.11 support later. I think you have a newer cdk-nag than the one defined for the CDK app which caused this.

And thanks for the heads up on PR, great to get community support for this!

[BMorinDrifter]

I have Python 3.11 working, I had to update the pip platform from manylinux2010_x86_64 to manylinux2014_x86_64. Without this, a very old version of pyjwt is pulled in due to an ffi dependency. The old version of pyjwt had a line that's incompatible with 3.11 and likely has other issues as well.

[BMorinDrifter]

PR:
#9

Still hooking up my Steam test harness, once I have that in place will have another pull request based on lessons learned from a live deployment very similar to this stack.

[BMorinDrifter]

Closed prior PR due to it pulling in other changes that blew up scope.

new PR:
#10

[juhoaws]

Thank you! Now fixed after merging the pull request above