-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sample CDK and CloudFormation templates #4
Comments
If anyone has created a template please share. |
Hi, I am working on it. I guess, I could share my application (with cdk) on this Sunday as reference of how to integrate it. 😊 |
@ShivamJoker please refer my post to get overview and link to full demo app using this library. If it's okay, I would love to contribute to share my demo app as an example of how-to section. 😃 |
This is my implementation: import { SSMClient, GetParameterCommand } from "@aws-sdk/client-ssm";
import { CloudFrontRequestHandler } from "aws-lambda";
import { Authenticator } from "cognito-at-edge";
// Retrieve the parameter configuration and create an Authenticator instance.
// The authenticator instance will be cached between invocations.
const ssm = new SSMClient({ region: process.env.CONFIG_PARAMETER_REGION });
const authenticatorPromise = ssm
.send(new GetParameterCommand({ Name: process.env.CONFIG_PARAMETER_NAME }))
.then(config => new Authenticator({ ...JSON.parse(config.Parameter!.Value!), logLevel: 'trace' }));
export const handler: CloudFrontRequestHandler = async event => {
try {
const authenticator = await authenticatorPromise;
const response = await authenticator.handle(event);
return response;
} catch (error) {
console.error(error);
return { body: '401 Unauthorised', status: '401' };
}
}; On the CDK side, the function can be used like this (click to expand)Imports: import { PolicyStatement } from "aws-cdk-lib/aws-iam";
import { NodejsFunction } from "aws-cdk-lib/aws-lambda-nodejs"; In the Stack: const parameterStoreRegion = "us-east-1";
const viewerRequestLambda = new NodejsFunction(this, "authorizer", {
entry: "lambdas/cognito-authorizer.ts",
bundling: {
define: {
"process.env.CONFIG_PARAMETER_REGION": JSON.stringify(parameterStoreRegion),
"process.env.CONFIG_PARAMETER_NAME": JSON.stringify("COGNITO_CONFIG"),
},
minify: true,
},
awsSdkConnectionReuse: false,
});
viewerRequestLambda.addToRolePolicy(
new PolicyStatement({
actions: ["ssm:GetParameter"],
resources: [`arn:aws:ssm:${parameterStoreRegion}:${this.account}:parameter/COGNITO_CONFIG`],
})
); Note: connection reuse must be false for Lambda@Edge compatibility, otherwise you'll see a warning during synth Please note that this requires to manually prepare a stringified version of the configuration under a known key in the AWS Systems Manager Parameter Store. This is certainly not the only way to do that. Please note that |
What would you like to be added:
Sample CDK and CloudFormation templates to show how to integrate the AWS services together with the package.
Why is this needed:
The desired architecture may be intimidating to users who have not done it before.
The text was updated successfully, but these errors were encountered: