awselasticloadbalancingv2actions

package
v2.25.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 21, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

README

Actions for AWS Elastic Load Balancing V2

This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2 library.

Cognito

ELB allows for requests to be authenticated against a Cognito user pool using the AuthenticateCognitoAction. For details on the setup's requirements, read Prepare to use Amazon Cognito. Here's an example:

import cognito "github.com/aws/aws-cdk-go/awscdk"
import ec2 "github.com/aws/aws-cdk-go/awscdk"
import elbv2 "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws-samples/dummy/constructs"
import actions "github.com/aws/aws-cdk-go/awscdk"

cognitoStack struct {
stack
}

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &applicationLoadBalancerProps{
	vpc: vpc,
	internetFacing: jsii.Boolean(true),
})

userPool := cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), &userPoolClientProps{
	userPool: userPool,

	// Required minimal configuration for use with an ELB
	generateSecret: jsii.Boolean(true),
	authFlows: &authFlow{
		userPassword: jsii.Boolean(true),
	},
	oAuth: &oAuthSettings{
		flows: &oAuthFlows{
			authorizationCodeGrant: jsii.Boolean(true),
		},
		scopes: []oAuthScope{
			cognito.*oAuthScope_EMAIL(),
		},
		callbackUrls: []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.node.defaultChild.(cfnUserPoolClient)
cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), &userPoolDomainProps{
	userPool: userPool,
	cognitoDomain: &cognitoDomainOptions{
		domainPrefix: jsii.String("test-cdk-prefix"),
	},
})

lb.addListener(jsii.String("Listener"), &baseApplicationListenerProps{
	port: jsii.Number(443),
	certificates: []iListenerCertificate{
		certificate,
	},
	defaultAction: actions.NewAuthenticateCognitoAction(&authenticateCognitoActionProps{
		userPool: userPool,
		userPoolClient: userPoolClient,
		userPoolDomain: userPoolDomain,
		next: elbv2.listenerAction.fixedResponse(jsii.Number(200), &fixedResponseOptions{
			contentType: jsii.String("text/plain"),
			messageBody: jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{
	value: lb.loadBalancerDnsName,
})

app := awscdk.NewApp()
NewCognitoStack(app, jsii.String("integ-cognito"))
app.synth()

NOTE: this example seems incomplete, I was not able to get the redirect back to the Load Balancer after authentication working. Would love some pointers on what a full working setup actually looks like!

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthenticateCognitoAction_AuthenticateOidc

func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction

Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements

func AuthenticateCognitoAction_Redirect

func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction

Redirect to a different URI.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions

func NewAuthenticateCognitoAction_Override

func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)

Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).

Types

type AuthenticateCognitoAction

type AuthenticateCognitoAction interface {
	awselasticloadbalancingv2.ListenerAction
	Next() awselasticloadbalancingv2.ListenerAction
	// Called when the action is being used in a listener.
	Bind(scope constructs.Construct, listener awselasticloadbalancingv2.IApplicationListener, associatingConstruct constructs.IConstruct)
	// Render the actions in this chain.
	RenderActions() *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
	// Renumber the "order" fields in the actions array.
	//
	// We don't number for 0 or 1 elements, but otherwise number them 1...#actions
	// so ELB knows about the right order.
	//
	// Do this in `ListenerAction` instead of in `Listener` so that we give
	// users the opportunity to override by subclassing and overriding `renderActions`.
	Renumber(actions *[]*awselasticloadbalancingv2.CfnListener_ActionProperty) *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
}

A Listener Action to authenticate with Cognito.

Example:

import cognito "github.com/aws/aws-cdk-go/awscdk"
import ec2 "github.com/aws/aws-cdk-go/awscdk"
import elbv2 "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws-samples/dummy/constructs"
import actions "github.com/aws/aws-cdk-go/awscdk"

cognitoStack struct {
stack
}

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &applicationLoadBalancerProps{
	vpc: vpc,
	internetFacing: jsii.Boolean(true),
})

userPool := cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), &userPoolClientProps{
	userPool: userPool,

	// Required minimal configuration for use with an ELB
	generateSecret: jsii.Boolean(true),
	authFlows: &authFlow{
		userPassword: jsii.Boolean(true),
	},
	oAuth: &oAuthSettings{
		flows: &oAuthFlows{
			authorizationCodeGrant: jsii.Boolean(true),
		},
		scopes: []oAuthScope{
			cognito.*oAuthScope_EMAIL(),
		},
		callbackUrls: []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.node.defaultChild.(cfnUserPoolClient)
cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), &userPoolDomainProps{
	userPool: userPool,
	cognitoDomain: &cognitoDomainOptions{
		domainPrefix: jsii.String("test-cdk-prefix"),
	},
})

lb.addListener(jsii.String("Listener"), &baseApplicationListenerProps{
	port: jsii.Number(443),
	certificates: []iListenerCertificate{
		certificate,
	},
	defaultAction: actions.NewAuthenticateCognitoAction(&authenticateCognitoActionProps{
		userPool: userPool,
		userPoolClient: userPoolClient,
		userPoolDomain: userPoolDomain,
		next: elbv2.listenerAction.fixedResponse(jsii.Number(200), &fixedResponseOptions{
			contentType: jsii.String("text/plain"),
			messageBody: jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{
	value: lb.loadBalancerDnsName,
})

app := awscdk.NewApp()
NewCognitoStack(app, jsii.String("integ-cognito"))
app.synth()

func NewAuthenticateCognitoAction

func NewAuthenticateCognitoAction(options *AuthenticateCognitoActionProps) AuthenticateCognitoAction

Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).

type AuthenticateCognitoActionProps

type AuthenticateCognitoActionProps struct {
	// What action to execute next.
	//
	// Multiple actions form a linked chain; the chain must always terminate in a
	// (weighted)forward, fixedResponse or redirect action.
	Next awselasticloadbalancingv2.ListenerAction `field:"required" json:"next" yaml:"next"`
	// The Amazon Cognito user pool.
	UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// The Amazon Cognito user pool client.
	UserPoolClient awscognito.IUserPoolClient `field:"required" json:"userPoolClient" yaml:"userPoolClient"`
	// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
	UserPoolDomain awscognito.IUserPoolDomain `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The behavior if the user is not authenticated.
	OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP.
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session.
	SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}

Properties for AuthenticateCognitoAction.

Example:

import cognito "github.com/aws/aws-cdk-go/awscdk"
import ec2 "github.com/aws/aws-cdk-go/awscdk"
import elbv2 "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws-samples/dummy/constructs"
import actions "github.com/aws/aws-cdk-go/awscdk"

cognitoStack struct {
stack
}

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &applicationLoadBalancerProps{
	vpc: vpc,
	internetFacing: jsii.Boolean(true),
})

userPool := cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), &userPoolClientProps{
	userPool: userPool,

	// Required minimal configuration for use with an ELB
	generateSecret: jsii.Boolean(true),
	authFlows: &authFlow{
		userPassword: jsii.Boolean(true),
	},
	oAuth: &oAuthSettings{
		flows: &oAuthFlows{
			authorizationCodeGrant: jsii.Boolean(true),
		},
		scopes: []oAuthScope{
			cognito.*oAuthScope_EMAIL(),
		},
		callbackUrls: []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.node.defaultChild.(cfnUserPoolClient)
cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), &userPoolDomainProps{
	userPool: userPool,
	cognitoDomain: &cognitoDomainOptions{
		domainPrefix: jsii.String("test-cdk-prefix"),
	},
})

lb.addListener(jsii.String("Listener"), &baseApplicationListenerProps{
	port: jsii.Number(443),
	certificates: []iListenerCertificate{
		certificate,
	},
	defaultAction: actions.NewAuthenticateCognitoAction(&authenticateCognitoActionProps{
		userPool: userPool,
		userPoolClient: userPoolClient,
		userPoolDomain: userPoolDomain,
		next: elbv2.listenerAction.fixedResponse(jsii.Number(200), &fixedResponseOptions{
			contentType: jsii.String("text/plain"),
			messageBody: jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{
	value: lb.loadBalancerDnsName,
})

app := awscdk.NewApp()
NewCognitoStack(app, jsii.String("integ-cognito"))
app.synth()

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL