awselasticloadbalancingv2actions

package
v2.55.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

README

Actions for AWS Elastic Load Balancing V2

This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2 library.

Cognito

ELB allows for requests to be authenticated against a Cognito user pool using the AuthenticateCognitoAction. For details on the setup's requirements, read Prepare to use Amazon Cognito. Here's an example:

// Example automatically generated from non-compiling source. May contain errors.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), map[string]interface{}{
	"vpc": vpc,
	"internetFacing": jsii.Boolean(true),
})

userPool := cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), map[string]interface{}{
	"userPool": userPool,

	// Required minimal configuration for use with an ELB
	"generateSecret": jsii.Boolean(true),
	"authFlows": map[string]*bool{
		"userPassword": jsii.Boolean(true),
	},
	"oAuth": map[string]interface{}{
		"flows": map[string]*bool{
			"authorizationCodeGrant": jsii.Boolean(true),
		},
		"scopes": []interface{}{
			cognito.OAuthScope_EMAIL,
		},
		"callbackUrls": []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.node.defaultChild.(cognito.CfnUserPoolClient)
cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), map[string]interface{}{
	"userPool": userPool,
	"cognitoDomain": map[string]*string{
		"domainPrefix": jsii.String("test-cdk-prefix"),
	},
})

lb.addListener(jsii.String("Listener"), map[string]interface{}{
	"port": jsii.Number(443),
	"certificates": []interface{}{
		certificate,
	},
	"defaultAction": actions.NewAuthenticateCognitoAction(map[string]interface{}{
		"userPool": userPool,
		"userPoolClient": userPoolClient,
		"userPoolDomain": userPoolDomain,
		"next": elbv2.ListenerAction_fixedResponse(jsii.Number(200), map[string]*string{
			"contentType": jsii.String("text/plain"),
			"messageBody": jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &cfnOutputProps{
	value: lb.loadBalancerDnsName,
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AuthenticateCognitoAction_AuthenticateOidc

func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction

Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements

func AuthenticateCognitoAction_Redirect

func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction

Redirect to a different URI.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions

func NewAuthenticateCognitoAction_Override

func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)

Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).

Types

type AuthenticateCognitoAction

type AuthenticateCognitoAction interface {
	awselasticloadbalancingv2.ListenerAction
	Next() awselasticloadbalancingv2.ListenerAction
	// Called when the action is being used in a listener.
	Bind(scope constructs.Construct, listener awselasticloadbalancingv2.IApplicationListener, associatingConstruct constructs.IConstruct)
	// Render the actions in this chain.
	RenderActions() *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
	// Renumber the "order" fields in the actions array.
	//
	// We don't number for 0 or 1 elements, but otherwise number them 1...#actions
	// so ELB knows about the right order.
	//
	// Do this in `ListenerAction` instead of in `Listener` so that we give
	// users the opportunity to override by subclassing and overriding `renderActions`.
	Renumber(actions *[]*awselasticloadbalancingv2.CfnListener_ActionProperty) *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
}

A Listener Action to authenticate with Cognito.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var listenerAction listenerAction
var secretValue secretValue

authenticateCognitoAction := awscdk.Aws_elasticloadbalancingv2_actions.authenticateCognitoAction.authenticateOidc(&authenticateOidcOptions{
	authorizationEndpoint: jsii.String("authorizationEndpoint"),
	clientId: jsii.String("clientId"),
	clientSecret: secretValue,
	issuer: jsii.String("issuer"),
	next: listenerAction,
	tokenEndpoint: jsii.String("tokenEndpoint"),
	userInfoEndpoint: jsii.String("userInfoEndpoint"),

	// the properties below are optional
	authenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	onUnauthenticatedRequest: awscdk.Aws_elasticloadbalancingv2.unauthenticatedAction_DENY,
	scope: jsii.String("scope"),
	sessionCookieName: jsii.String("sessionCookieName"),
	sessionTimeout: cdk.duration.minutes(jsii.Number(30)),
})

func NewAuthenticateCognitoAction

func NewAuthenticateCognitoAction(options *AuthenticateCognitoActionProps) AuthenticateCognitoAction

Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).

type AuthenticateCognitoActionProps

type AuthenticateCognitoActionProps struct {
	// What action to execute next.
	//
	// Multiple actions form a linked chain; the chain must always terminate in a
	// (weighted)forward, fixedResponse or redirect action.
	Next awselasticloadbalancingv2.ListenerAction `field:"required" json:"next" yaml:"next"`
	// The Amazon Cognito user pool.
	UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// The Amazon Cognito user pool client.
	UserPoolClient awscognito.IUserPoolClient `field:"required" json:"userPoolClient" yaml:"userPoolClient"`
	// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
	UserPoolDomain awscognito.IUserPoolDomain `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The behavior if the user is not authenticated.
	OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP.
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session.
	SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}

Properties for AuthenticateCognitoAction.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var listenerAction listenerAction
var userPool userPool
var userPoolClient userPoolClient
var userPoolDomain userPoolDomain

authenticateCognitoActionProps := &authenticateCognitoActionProps{
	next: listenerAction,
	userPool: userPool,
	userPoolClient: userPoolClient,
	userPoolDomain: userPoolDomain,

	// the properties below are optional
	authenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	onUnauthenticatedRequest: awscdk.Aws_elasticloadbalancingv2.unauthenticatedAction_DENY,
	scope: jsii.String("scope"),
	sessionCookieName: jsii.String("sessionCookieName"),
	sessionTimeout: cdk.duration.minutes(jsii.Number(30)),
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL