README
¶
Actions for AWS Elastic Load Balancing V2
This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2 library.
Cognito
ELB allows for requests to be authenticated against a Cognito user pool using
the AuthenticateCognitoAction. For details on the setup's requirements,
read Prepare to use Amazon
Cognito.
Here's an example:
// Example automatically generated from non-compiling source. May contain errors.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), map[string]interface{}{
"vpc": vpc,
"internetFacing": jsii.Boolean(true),
})
userPool := cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := cognito.NewUserPoolClient(this, jsii.String("Client"), map[string]interface{}{
"userPool": userPool,
// Required minimal configuration for use with an ELB
"generateSecret": jsii.Boolean(true),
"authFlows": map[string]*bool{
"userPassword": jsii.Boolean(true),
},
"oAuth": map[string]interface{}{
"flows": map[string]*bool{
"authorizationCodeGrant": jsii.Boolean(true),
},
"scopes": []interface{}{
cognito.OAuthScope_EMAIL,
},
"callbackUrls": []*string{
fmt.Sprintf("https://%v/oauth2/idpresponse", lb.loadBalancerDnsName),
},
},
})
cfnClient := userPoolClient.node.defaultChild.(cognito.CfnUserPoolClient)
cfnClient.addPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.addPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
jsii.String("COGNITO"),
})
userPoolDomain := cognito.NewUserPoolDomain(this, jsii.String("Domain"), map[string]interface{}{
"userPool": userPool,
"cognitoDomain": map[string]*string{
"domainPrefix": jsii.String("test-cdk-prefix"),
},
})
lb.addListener(jsii.String("Listener"), map[string]interface{}{
"port": jsii.Number(443),
"certificates": []interface{}{
certificate,
},
"defaultAction": actions.NewAuthenticateCognitoAction(map[string]interface{}{
"userPool": userPool,
"userPoolClient": userPoolClient,
"userPoolDomain": userPoolDomain,
"next": elbv2.ListenerAction_fixedResponse(jsii.Number(200), map[string]*string{
"contentType": jsii.String("text/plain"),
"messageBody": jsii.String("Authenticated"),
}),
}),
})
awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{
Value: lb.loadBalancerDnsName,
})
Documentation
¶
Index ¶
- func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
- type AuthenticateCognitoAction
- type AuthenticateCognitoActionProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticateCognitoAction_AuthenticateOidc ¶
func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements
func AuthenticateCognitoAction_FixedResponse ¶
func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
Return a fixed response. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#fixed-response-actions
func AuthenticateCognitoAction_Forward ¶
func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func AuthenticateCognitoAction_Redirect ¶
func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
Redirect to a different URI.
A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.
You can reuse URI components using the following reserved keywords:
- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`
For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions
func AuthenticateCognitoAction_WeightedForward ¶
func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups which are weighted differently. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func NewAuthenticateCognitoAction_Override ¶
func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
Types ¶
type AuthenticateCognitoAction ¶
type AuthenticateCognitoAction interface {
awselasticloadbalancingv2.ListenerAction
Next() awselasticloadbalancingv2.ListenerAction
// Called when the action is being used in a listener.
Bind(scope constructs.Construct, listener awselasticloadbalancingv2.IApplicationListener, associatingConstruct constructs.IConstruct)
// Render the actions in this chain.
RenderActions() *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
// Renumber the "order" fields in the actions array.
//
// We don't number for 0 or 1 elements, but otherwise number them 1...#actions
// so ELB knows about the right order.
//
// Do this in `ListenerAction` instead of in `Listener` so that we give
// users the opportunity to override by subclassing and overriding `renderActions`.
Renumber(actions *[]*awselasticloadbalancingv2.CfnListener_ActionProperty) *[]*awselasticloadbalancingv2.CfnListener_ActionProperty
}
A Listener Action to authenticate with Cognito.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
var listenerAction listenerAction
var secretValue secretValue
authenticateCognitoAction := awscdk.Aws_elasticloadbalancingv2_actions.AuthenticateCognitoAction_AuthenticateOidc(&AuthenticateOidcOptions{
AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
ClientId: jsii.String("clientId"),
ClientSecret: secretValue,
Issuer: jsii.String("issuer"),
Next: listenerAction,
TokenEndpoint: jsii.String("tokenEndpoint"),
UserInfoEndpoint: jsii.String("userInfoEndpoint"),
// the properties below are optional
AuthenticationRequestExtraParams: map[string]*string{
"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
},
OnUnauthenticatedRequest: awscdk.Aws_elasticloadbalancingv2.UnauthenticatedAction_DENY,
Scope: jsii.String("scope"),
SessionCookieName: jsii.String("sessionCookieName"),
SessionTimeout: cdk.Duration_Minutes(jsii.Number(30)),
})
func NewAuthenticateCognitoAction ¶
func NewAuthenticateCognitoAction(options *AuthenticateCognitoActionProps) AuthenticateCognitoAction
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
type AuthenticateCognitoActionProps ¶
type AuthenticateCognitoActionProps struct {
// What action to execute next.
//
// Multiple actions form a linked chain; the chain must always terminate in a
// (weighted)forward, fixedResponse or redirect action.
Next awselasticloadbalancingv2.ListenerAction `field:"required" json:"next" yaml:"next"`
// The Amazon Cognito user pool.
UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"`
// The Amazon Cognito user pool client.
UserPoolClient awscognito.IUserPoolClient `field:"required" json:"userPoolClient" yaml:"userPoolClient"`
// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
UserPoolDomain awscognito.IUserPoolDomain `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
// The behavior if the user is not authenticated.
OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
// The set of user claims to be requested from the IdP.
//
// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Scope *string `field:"optional" json:"scope" yaml:"scope"`
// The name of the cookie used to maintain session information.
SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
// The maximum duration of the authentication session.
SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}
Properties for AuthenticateCognitoAction.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
var listenerAction listenerAction
var userPool userPool
var userPoolClient userPoolClient
var userPoolDomain userPoolDomain
authenticateCognitoActionProps := &AuthenticateCognitoActionProps{
Next: listenerAction,
UserPool: userPool,
UserPoolClient: userPoolClient,
UserPoolDomain: userPoolDomain,
// the properties below are optional
AuthenticationRequestExtraParams: map[string]*string{
"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
},
OnUnauthenticatedRequest: awscdk.Aws_elasticloadbalancingv2.UnauthenticatedAction_DENY,
Scope: jsii.String("scope"),
SessionCookieName: jsii.String("sessionCookieName"),
SessionTimeout: cdk.Duration_Minutes(jsii.Number(30)),
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.