AWS CDK user pool authorizer
I\'m trying to create an API gateway using the AWS-CDK and protect the REST endpoints with a Cognito user pool authorizer.
I cannot find any examples how one would do th
-
Indeed. there is no example to do this via copy and paste ;). here is my example to create AWS cognito user pool and connect user pol authorizer with API gateway and lambda function using AWS CDK based on Java with Version 0.24.1.
This example ist just an example to provide an protected API for function called "Foo".
- Cognito User Pool
- API Gateway
- Lambda
DynamoDB
// ----------------------------------------------------------------------- // Cognito User Pool // ----------------------------------------------------------------------- CfnUserPool userPool = new CfnUserPool(this, "cognito", CfnUserPoolProps.builder() .withAdminCreateUserConfig( AdminCreateUserConfigProperty.builder() .withAllowAdminCreateUserOnly(false) .build()) .withPolicies( PoliciesProperty.builder() .withPasswordPolicy( PasswordPolicyProperty.builder() .withMinimumLength(6) .withRequireLowercase(false) .withRequireNumbers(false) .withRequireSymbols(false) .withRequireUppercase(false) .build() ) .build() ) .withAutoVerifiedAttributes(Arrays.asList("email")) .withSchema(Arrays.asList( CfnUserPool.SchemaAttributeProperty.builder() .withAttributeDataType("String") .withName("email") .withRequired(true) .build())) .build()); // ----------------------------------------------------------------------- // Cognito User Pool Client // ----------------------------------------------------------------------- new CfnUserPoolClient(this, "cognitoClient", CfnUserPoolClientProps.builder() .withClientName("UserPool") .withExplicitAuthFlows(Arrays.asList("ADMIN_NO_SRP_AUTH")) .withRefreshTokenValidity(90) .withUserPoolId(userPool.getRef()) .build()); // ----------------------------------------------------------------------- // Lambda function // ----------------------------------------------------------------------- Function function = new Function(this, "function.foo", FunctionProps.builder() // lamda code located in /functions/foo .withCode(Code.asset("functions/foo")) .withHandler("index.handler") .withRuntime(Runtime.NODE_J_S810) .build()); // ----------------------------------------------------------------------- // DynamoDB Table // ----------------------------------------------------------------------- Table table = new Table(this, "dynamodb.foo", TableProps.builder() .withTableName("foo") .withPartitionKey(Attribute.builder() .withName("id") .withType(AttributeType.String) .build()) .build()); // GRANTS function -> table table.grantReadWriteData(function.getRole()); // ----------------------------------------------------------------------- // API Gateway // ----------------------------------------------------------------------- // API Gateway REST API with lambda integration LambdaIntegration lambdaIntegration = new LambdaIntegration(function); RestApi restApi = new RestApi(this, "foo"); // Authorizer configured with cognito user pool CfnAuthorizer authorizer = new CfnAuthorizer(this, "authorizer", CfnAuthorizerProps.builder() .withName("cognitoAuthorizer") .withRestApiId(restApi.getRestApiId()) .withIdentitySource("method.request.header.Authorization") .withProviderArns(Arrays.asList(userPool.getUserPoolArn())) .withType("COGNITO_USER_POOLS") .build()); // Bind authorizer to API ressource restApi.getRoot().addMethod("ANY", lambdaIntegration, MethodOptions .builder() .withAuthorizationType(AuthorizationType.Cognito) .withAuthorizerId(authorizer.getAuthorizerId()) .build());
加载中...
- 热议问题