Services to pull, transform and sync information from BSI to the CDR
The client provides the data manager with visibility with what information has been sent to the CDR and if the CDR has successfully received it
You will need the latest version of node.js to get started and get access to npm
Download the LTS version from https://nodejs.org/en/
Install Serverless Framework
npm i serverless -g
Configure Serverless with AWS credentials
serverless config credentials --provider aws --key your_key_here --secret your_secret_here --profile vai
Install required packages
npm i
Install required packages for client
cd client
npm i
..
To test you code, you can have serverless invoke your function
serverless invoke --function your_function_name
Serverless also allows for limited local testing, depending on the services needed
Note: Some services cannot be simulated locally
serverless invoke local --function your_function_name
Serverless will deploy most of the resouces based on the configuration, but there are a few things you still need to do
You can deploy your functions and AWS resources using serverless directly
serverless deploy
or
serverless deploy --verbose
There are a few things not deployed due to security or due to difficulty in configuration the first time
Once deployment is done, replace the RoleMappings IdentityProvider key with the resource ids that were deployed
- Open cognito-identity-pool.yml
- Find CognitoIdentityPoolRoles > Properties > RoleMappings
- Uncomment block and update cognito-idp.YOUR_REGION.amazonaws.com/YOUR_COGNITO_USERPOOL_ID:YOUR_COGNITO_CLIENT_ID
- Deploy updated values using 'serverless deploy'
- Open the Cognito User Pool serverless framework created for you
- (Optional) Configure Federation
- Go to Sign-in experience > Federated identity provider sign-in > Add identity provider
- Select SAML
- Provide configuration:
- Provider name
- metadata document endpoint URL
- attribute mappings (e.g., email -> email, name -> name, preferred_username -> email)
- Go to Sign-in experience > Federated identity provider sign-in > Add identity provider
- Configure App Integration
- Go to App integration > App Clients > Create app client
- Provide App client settings:
- Select Public client
- App client name
- Provide Hosted UI settings:
- Allowed callback URL
- Allowed sign-out URL
- Identity provider created in step 2
- OAuth 2.0 grant types (e.g., Authorization code grant)
- OpentID Connect scopes (e.g, Profile, Email, OpenID)
- Provide App client settings:
- Go to App integreation > Domain
- Add a domain prefix or bring your own
- (Optional) Go to UI Customization
- Upload an image or change any CSS you want to change to the hosted login page
- Go to App integration > App Clients > Create app client
Secrets aren't automatically deployed due not wanting secrets (such as api keys) in configuration files
- Open Secrets Manager on the AWS Console
- Click Store New Secret
- Select Other Type of Secrets
- Enter Secret Information
- Click Next
- Enter Secret Name
- Add costcenter to tags
- Click Next
- Click Next
- Click Store
Build React project using the client project
cd client
npm run build
cd ..
Create S3 bucket with bucket owner enforced
aws s3api create-bucket --bucket <bucket> --create-bucket-configuration LocationConstraint=<region> --object-ownership BucketOwnerEnforced
aws s3api put-public-access-block --bucket <bucket> --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
Upload client code
aws s3 cp client/build s3://<bucket>/ --recursive
Create CloudFront distribution:
- Origin domain:
<bucket>.s3.<region>.amazonaws.com - Origin access > Origin access control settings > Create control setting
- Copy policy, Go to S3 bucket permissions, update <bucket> Bucket policy
- Default root object:
index.html
- Serverless documentation (https://serverless.com/framework/docs/providers/aws/)
- Serverless AWS Alerts documentation (https://github.com/ACloudGuru/serverless-plugin-aws-alerts)