chore: add DevX owner tag to auth lambda

[jacobwinch]

What does this change?

DevX maintains the application code and infrastructure definition for the auth-lambda (which is part of https://github.com/guardian/cognito-auth-lambdas).

We don't expect teams to modify this Lambda directly themselves, however they do need to keep its infrastructure up to date by upgrading GuCDK when necessary.

This PR adds an Owner tag to try to make this split of responsibilities clearer to teams.

How to test

Grafana uses the relevant Google Auth feature, so I've created an example PR which pulls in this change. Note that the Lambda and its IAM role both get this tag; I think this is fine as we expect DevX to manage both of these resources via library and cognito-auth-lambdas changes.

How can we measure success?

The main motivation for this change is the fact that we're about to send comms publicising the runtimes that AWS will deprecate this year. The auth-lambda is using the provided.al2 runtime which will be deprecated this summer.

As this Lambda is provisioned in several AWS accounts, it'd be nice to clarify ownership for teams so they don't think that they need to upgrade this runtime themselves.

DevX Reliability and Operations have a Trello goal for upgrading this runtime.

Have we considered potential risks?

The split of responsibilities here is a little unusual. Normally infrastructure with this Owner tag is maintained and deployed by DevX (example). I'd be interested to hear whether others think this new tag actually makes things clearer or not!

[changeset-bot]

🦋 Changeset detected

Latest commit: 06ac215

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@guardian/cdk	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR