Sahara云大数据>> cfn-cognito-resource-server>> 返回
项目作者: tobilg

项目描述 :
A custom CloudFormation resource for Cognito Resource Servers
高级语言: JavaScript
项目地址: git://github.com/tobilg/cfn-cognito-resource-server.git
创建时间: 2020-01-12T09:50:28Z
项目社区:https://github.com/tobilg/cfn-cognito-resource-server
开源协议:MIT License
下载


cfn-cognito-resource-server

A custom CloudFormation resource for Cognito Resource Servers for the usage with CloudFormation stacks, as well as the Serverless framework.

Usage

CloudFormation

If you just want to use the custom resource, copy the dist/cfn-cognito-resource-server.yml file to your CloudFormation project.

Additionally, you need to add another resource to the stack in whcih you configure the Cognito Resource Server (this assumes you have a Cognito UserPool resource named CognitoUserPool in your stack):

  1. Resources:
  2.   CognitoResourceServer:
  3.     Type: 'Custom::CognitoResourceServer'
  4.     Properties:
  5.       Name: 'example.com API Cognito Resource Server'
  6.       Identifier: 'https://api.example.com'
  7.       UserPoolId: !Ref CognitoUserPool
  8.       Scopes:
  9.         - Name: 'myscope:read'
  10.           Description: 'Read permissions'
  11.         - Name: 'myscope:write'
  12.           Description: 'Write permissions'
  13.       ServiceToken: !GetAtt CustomResourceServerLambda.Arn

You should configure the Name, Identifier and Scopes with your desired values. After that, the custom resource should be usable.

Serverless

For an example configuration with the Serverless framework, you can have a look in the test subfolder. This contains a valid serverless.yml file with a configuration that can be customized.

You basically need three resources:

  • A Cognito UserPool
  • The custom resource for the Cognito Resource Server (see dist/sls-cognito-resource-server.yml)
  • A resource which configures/uses the custom resource for the Cognito Resource Server

It could look like the following once you created the above named resources as files in the resources subfolder of your Serverless project:

  1. service:
  2.     name: 'test-custom-cognito-resource-server'
  4. provider:
  5.   name: aws
  6.   runtime: nodejs10.x
  7.   region: ${opt:region, 'us-east-1'}
  8.   stage: ${opt:stage, 'dev'}
  10. resources:
  11.   - ${file(resources/cognito.yml)}
  12.   - ${file(resources/sls-cognito-resource-server.yml)}
  13.   - ${file(resources/cognito-resource-server.yml)}

The resources/cognito-resource-server.yml could for example look like this:

  1. Resources:
  2.   CognitoResourceServer:
  3.     Type: 'Custom::CognitoResourceServer'
  4.     Properties:
  5.       Name: 'example.com API Cognito Resource Server'
  6.       Identifier: 'https://api.example.com'
  7.       UserPoolId: 
  8.         Ref: CognitoUserPool
  9.       Scopes:
  10.         - Name: 'myscope:read'
  11.           Description: 'Read permissions'
  12.         - Name: 'myscope:write'
  13.           Description: 'Write permissions'
  14.       ServiceToken: 
  15.         'Fn::GetAtt': [CustomResourceServerLambda, Arn]

You should configure the Name, Identifier and Scopes with your desired values. After that, the custom resource should be usable.

Building

After cloning the repo, and running npm i in the project’s path, you can run the build of the custom CloudFormation resources by running npm run build.

This will created/update the following files in the dist subfolder:

  • cfn-cognito-resource-server.yml: The basic custom CloudFormation resource for the creation of Cognito Resource Servers
  • sls-cognito-resource-server.yml: The same resource, but ready for the usage with the Serverless framework