Preview
Open Original
AgentShield Proxy
A minimal PII-safe proxy on AWS (API Gateway + Lambda) using the Serverless Framework. It redacts emails & SSNs from request bodies and (optionally) tests Postgres connectivity.
โจ Features
- ๐ PII redaction: emails โ
[REDACTED_EMAIL], SSNs โ[REDACTED_SSN] - ๐ Optional DB check:
SELECT 1viapsycopg2whenPG_DSNis set - ๐ API key required in prod (via API Gateway usage plan)
- ๐งฑ Tiny bundles: deps live in an AWS Lambda Layer; function zip stays small
- ๐ก๏ธ Security blocks: Automatic blocking of admin DELETE operations
๐ Quick Start
Prerequisites
- Node 18+ and
npx - AWS CLI configured with deploy permissions
- Python 3.9 (only for building the psycopg2 layer)
1๏ธโฃ Build the psycopg2 Layer
chmod +x...AgentShield Proxy
A minimal PII-safe proxy on AWS (API Gateway + Lambda) using the Serverless Framework. It redacts emails & SSNs from request bodies and (optionally) tests Postgres connectivity.
โจ Features
- ๐ PII redaction: emails โ
[REDACTED_EMAIL], SSNs โ[REDACTED_SSN] - ๐ Optional DB check:
SELECT 1viapsycopg2whenPG_DSNis set - ๐ API key required in prod (via API Gateway usage plan)
- ๐งฑ Tiny bundles: deps live in an AWS Lambda Layer; function zip stays small
- ๐ก๏ธ Security blocks: Automatic blocking of admin DELETE operations
๐ Quick Start
Prerequisites
- Node 18+ and
npx - AWS CLI configured with deploy permissions
- Python 3.9 (only for building the psycopg2 layer)
1๏ธโฃ Build the psycopg2 Layer
chmod +x build-psycopg2-layer.sh
./build-psycopg2-layer.sh
2๏ธโฃ Deploy to AWS
# Install Serverless Framework globally
npm install -g serverless
# Deploy to development stage
serverless deploy --stage dev
3๏ธโฃ Get Your API Key
# Make the script executable
chmod +x print-api-key.sh
# Get API key for development
./print-api-key.sh dev
4๏ธโฃ Test Your Deployment
# Update the curl-test.sh with your actual API Gateway URL
# Replace <your-gateway-id> in the BASE URL
# Make executable and test
chmod +x curl-test.sh
export API_KEY="your-api-key-from-step-3"
./curl-test.sh dev
๐งช Example Request
curl -X POST "https://your-api.execute-api.us-east-2.amazonaws.com/dev/proxy/test" \
-H "Content-Type: application/json" \
-H "X-Agent-ID: test-agent" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"email": "user@example.com",
"ssn": "123-45-6789",
"name": "John Doe"
}'
Example Response
{
"status": "processed",
"agent_id": "test-agent",
"redacted": true,
"body": {
"email": "[REDACTED_EMAIL]",
"ssn": "[REDACTED_SSN]",
"name": "John Doe"
}
}
๐๏ธ Architecture
API Gateway โ Lambda Function โ (Optional) PostgreSQL
โ โ
โ โโโ PII Redaction
โ โโโ Security Guards
โ โโโ DB Health Checks
โ
โโโ API Key Validation
โโโ CORS Handling
๐ง Configuration
Environment Variables
PG_DSN: PostgreSQL connection string (stored in AWS SSM)
API Endpoints
POST /proxy/test- Main proxy endpoint with optional DB checkDELETE /proxy/admin/drop- Blocked endpoint (security demo)
๐ค Contributing
We welcome contributions! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
โญ Support AgentShield
If this project helped you, please give it a star on GitHub! โญ
Why starring matters:
- Helps more developers discover AgentShield
- Shows appreciation for open-source work
- Motivates further development and features
๐ข Share Your Experience
Tested AgentShield? Weโd love to hear from you!
- Open an issue with feedback or feature requests
- Share on social media and tag #AgentShield
- Tell your colleagues about secure API proxying
๐ Need Help?
- ๐ Documentation: Check this README
- ๐ Issues: Open a GitHub issue
- ๐ฌ Discussions: Start a GitHub discussion
Ready to secure your APIs? Deploy AgentShield Proxy today! ๐
Give us a star โญ if this project helps you build more secure applications!