Documentation ¶
Index ¶
- func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
- type AuthenticateCognitoAction
- type AuthenticateCognitoActionProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticateCognitoAction_AuthenticateOidc ¶
func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements
func AuthenticateCognitoAction_FixedResponse ¶
func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
Return a fixed response. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#fixed-response-actions
func AuthenticateCognitoAction_Forward ¶
func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func AuthenticateCognitoAction_Redirect ¶
func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
Redirect to a different URI.
A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.
You can reuse URI components using the following reserved keywords:
- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`
For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions
func AuthenticateCognitoAction_WeightedForward ¶
func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups which are weighted differently. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func NewAuthenticateCognitoAction_Override ¶
func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
Types ¶
type AuthenticateCognitoAction ¶
type AuthenticateCognitoAction interface { awselasticloadbalancingv2.ListenerAction Next() awselasticloadbalancingv2.ListenerAction // Called when the action is being used in a listener. Bind(scope constructs.Construct, listener awselasticloadbalancingv2.IApplicationListener, associatingConstruct constructs.IConstruct) // Render the actions in this chain. RenderActions() *[]*awselasticloadbalancingv2.CfnListener_ActionProperty // Renumber the "order" fields in the actions array. // // We don't number for 0 or 1 elements, but otherwise number them 1...#actions // so ELB knows about the right order. // // Do this in `ListenerAction` instead of in `Listener` so that we give // users the opportunity to override by subclassing and overriding `renderActions`. Renumber(actions *[]*awselasticloadbalancingv2.CfnListener_ActionProperty) *[]*awselasticloadbalancingv2.CfnListener_ActionProperty }
A Listener Action to authenticate with Cognito.
Example:
import cognito "github.com/aws/aws-cdk-go/awscdk"import ec2 "github.com/aws/aws-cdk-go/awscdk"import elbv2 "github.com/aws/aws-cdk-go/awscdk"import awscdk "github.com/aws/aws-cdk-go/awscdk"type App awscdk.App type CfnOutput awscdk.CfnOutput type Stack awscdk.Stackimport _ "github.com/aws-samples/dummy/constructs"import actions "github.com/aws/aws-cdk-go/awscdk" cognitoStack struct { stack } lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &applicationLoadBalancerProps{ vpc: vpc, internetFacing: jsii.Boolean(true), }) userPool := cognito.NewUserPool(this, jsii.String("UserPool")) userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), &userPoolClientProps{ userPool: userPool, // Required minimal configuration for use with an ELB generateSecret: jsii.Boolean(true), authFlows: &authFlow{ userPassword: jsii.Boolean(true), }, oAuth: &oAuthSettings{ flows: &oAuthFlows{ authorizationCodeGrant: jsii.Boolean(true), }, scopes: []oAuthScope{ cognito.*oAuthScope_EMAIL(), }, callbackUrls: []*string{ fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName), }, }, }) cfnClient := userPoolClient.node.defaultChild.(cfnUserPoolClient) cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1)) cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{ jsii.String("COGNITO"), }) userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), &userPoolDomainProps{ userPool: userPool, cognitoDomain: &cognitoDomainOptions{ domainPrefix: jsii.String("test-cdk-prefix"), }, }) lb.addListener(jsii.String("Listener"), &baseApplicationListenerProps{ port: jsii.Number(443), certificates: []iListenerCertificate{ certificate, }, defaultAction: actions.NewAuthenticateCognitoAction(&authenticateCognitoActionProps{ userPool: userPool, userPoolClient: userPoolClient, userPoolDomain: userPoolDomain, next: elbv2.listenerAction.fixedResponse(jsii.Number(200), &fixedResponseOptions{ contentType: jsii.String("text/plain"), messageBody: jsii.String("Authenticated"), }), }), }) NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{ value: lb.loadBalancerDnsName, }) app := NewApp() NewCognitoStack(app, jsii.String("integ-cognito")) app.synth()
func NewAuthenticateCognitoAction ¶
func NewAuthenticateCognitoAction(options *AuthenticateCognitoActionProps) AuthenticateCognitoAction
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
type AuthenticateCognitoActionProps ¶
type AuthenticateCognitoActionProps struct { // What action to execute next. // // Multiple actions form a linked chain; the chain must always terminate in a // (weighted)forward, fixedResponse or redirect action. Next awselasticloadbalancingv2.ListenerAction `json:"next" yaml:"next"` // The Amazon Cognito user pool. UserPool awscognito.IUserPool `json:"userPool" yaml:"userPool"` // The Amazon Cognito user pool client. UserPoolClient awscognito.IUserPoolClient `json:"userPoolClient" yaml:"userPoolClient"` // The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. UserPoolDomain awscognito.IUserPoolDomain `json:"userPoolDomain" yaml:"userPoolDomain"` // The query parameters (up to 10) to include in the redirect request to the authorization endpoint. AuthenticationRequestExtraParams *map[string]*string `json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"` // The behavior if the user is not authenticated. OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"` // The set of user claims to be requested from the IdP. // // To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. Scope *string `json:"scope" yaml:"scope"` // The name of the cookie used to maintain session information. SessionCookieName *string `json:"sessionCookieName" yaml:"sessionCookieName"` // The maximum duration of the authentication session. SessionTimeout awscdk.Duration `json:"sessionTimeout" yaml:"sessionTimeout"` }
Properties for AuthenticateCognitoAction.
Example:
import cognito "github.com/aws/aws-cdk-go/awscdk"import ec2 "github.com/aws/aws-cdk-go/awscdk"import elbv2 "github.com/aws/aws-cdk-go/awscdk"import awscdk "github.com/aws/aws-cdk-go/awscdk"type App awscdk.App type CfnOutput awscdk.CfnOutput type Stack awscdk.Stackimport _ "github.com/aws-samples/dummy/constructs"import actions "github.com/aws/aws-cdk-go/awscdk" cognitoStack struct { stack } lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &applicationLoadBalancerProps{ vpc: vpc, internetFacing: jsii.Boolean(true), }) userPool := cognito.NewUserPool(this, jsii.String("UserPool")) userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), &userPoolClientProps{ userPool: userPool, // Required minimal configuration for use with an ELB generateSecret: jsii.Boolean(true), authFlows: &authFlow{ userPassword: jsii.Boolean(true), }, oAuth: &oAuthSettings{ flows: &oAuthFlows{ authorizationCodeGrant: jsii.Boolean(true), }, scopes: []oAuthScope{ cognito.*oAuthScope_EMAIL(), }, callbackUrls: []*string{ fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName), }, }, }) cfnClient := userPoolClient.node.defaultChild.(cfnUserPoolClient) cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1)) cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{ jsii.String("COGNITO"), }) userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), &userPoolDomainProps{ userPool: userPool, cognitoDomain: &cognitoDomainOptions{ domainPrefix: jsii.String("test-cdk-prefix"), }, }) lb.addListener(jsii.String("Listener"), &baseApplicationListenerProps{ port: jsii.Number(443), certificates: []iListenerCertificate{ certificate, }, defaultAction: actions.NewAuthenticateCognitoAction(&authenticateCognitoActionProps{ userPool: userPool, userPoolClient: userPoolClient, userPoolDomain: userPoolDomain, next: elbv2.listenerAction.fixedResponse(jsii.Number(200), &fixedResponseOptions{ contentType: jsii.String("text/plain"), messageBody: jsii.String("Authenticated"), }), }), }) NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{ value: lb.loadBalancerDnsName, }) app := NewApp() NewCognitoStack(app, jsii.String("integ-cognito")) app.synth()