Documentation ¶
Index ¶
- func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
- func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, ...) awselasticloadbalancingv2.ListenerAction
- func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
- type AuthenticateCognitoAction
- type AuthenticateCognitoActionProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthenticateCognitoAction_AuthenticateOidc ¶
func AuthenticateCognitoAction_AuthenticateOidc(options *awselasticloadbalancingv2.AuthenticateOidcOptions) awselasticloadbalancingv2.ListenerAction
Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements
func AuthenticateCognitoAction_FixedResponse ¶
func AuthenticateCognitoAction_FixedResponse(statusCode *float64, options *awselasticloadbalancingv2.FixedResponseOptions) awselasticloadbalancingv2.ListenerAction
Return a fixed response. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#fixed-response-actions
func AuthenticateCognitoAction_Forward ¶
func AuthenticateCognitoAction_Forward(targetGroups *[]awselasticloadbalancingv2.IApplicationTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func AuthenticateCognitoAction_Redirect ¶
func AuthenticateCognitoAction_Redirect(options *awselasticloadbalancingv2.RedirectOptions) awselasticloadbalancingv2.ListenerAction
Redirect to a different URI.
A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.
You can reuse URI components using the following reserved keywords:
- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`
For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions
func AuthenticateCognitoAction_WeightedForward ¶
func AuthenticateCognitoAction_WeightedForward(targetGroups *[]*awselasticloadbalancingv2.WeightedTargetGroup, options *awselasticloadbalancingv2.ForwardOptions) awselasticloadbalancingv2.ListenerAction
Forward to one or more Target Groups which are weighted differently. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions
func NewAuthenticateCognitoAction_Override ¶
func NewAuthenticateCognitoAction_Override(a AuthenticateCognitoAction, options *AuthenticateCognitoActionProps)
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
Types ¶
type AuthenticateCognitoAction ¶
type AuthenticateCognitoAction interface { awselasticloadbalancingv2.ListenerAction Next() awselasticloadbalancingv2.ListenerAction // Called when the action is being used in a listener. Bind(scope constructs.Construct, listener awselasticloadbalancingv2.IApplicationListener, associatingConstruct constructs.IConstruct) // Render the actions in this chain. RenderActions() *[]*awselasticloadbalancingv2.CfnListener_ActionProperty // Renumber the "order" fields in the actions array. // // We don't number for 0 or 1 elements, but otherwise number them 1...#actions // so ELB knows about the right order. // // Do this in `ListenerAction` instead of in `Listener` so that we give // users the opportunity to override by subclassing and overriding `renderActions`. Renumber(actions *[]*awselasticloadbalancingv2.CfnListener_ActionProperty) *[]*awselasticloadbalancingv2.CfnListener_ActionProperty }
A Listener Action to authenticate with Cognito.
Example:
import "github.com/aws/aws-cdk-go/awscdk" var vpc vpc var certificate certificate lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{ Vpc: Vpc, InternetFacing: jsii.Boolean(true), }) userPool := awscdk.Aws_cognito.NewUserPool(this, jsii.String("UserPool")) userPoolClient := awscdk.Aws_cognito.NewUserPoolClient(this, jsii.String("Client"), &UserPoolClientProps{ UserPool: UserPool, // Required minimal configuration for use with an ELB GenerateSecret: jsii.Boolean(true), AuthFlows: &AuthFlow{ UserPassword: jsii.Boolean(true), }, OAuth: &OAuthSettings{ Flows: &OAuthFlows{ AuthorizationCodeGrant: jsii.Boolean(true), }, Scopes: []oAuthScope{ awscdk.*Aws_cognito.*oAuthScope_EMAIL(), }, CallbackUrls: []*string{ fmt.Sprintf("https://%v/oauth2/idpresponse", lb.LoadBalancerDnsName), }, }, }) cfnClient := userPoolClient.Node.defaultChild.(cfnUserPoolClient) cfnClient.AddPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1)) cfnClient.AddPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{ jsii.String("COGNITO"), }) userPoolDomain := awscdk.Aws_cognito.NewUserPoolDomain(this, jsii.String("Domain"), &UserPoolDomainProps{ UserPool: UserPool, CognitoDomain: &CognitoDomainOptions{ DomainPrefix: jsii.String("test-cdk-prefix"), }, }) lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{ Port: jsii.Number(443), Certificates: []iListenerCertificate{ certificate, }, DefaultAction: actions.NewAuthenticateCognitoAction(&AuthenticateCognitoActionProps{ UserPool: *UserPool, UserPoolClient: *UserPoolClient, UserPoolDomain: *UserPoolDomain, Next: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{ ContentType: jsii.String("text/plain"), MessageBody: jsii.String("Authenticated"), }), }), }) awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{ Value: lb.*LoadBalancerDnsName, })
func NewAuthenticateCognitoAction ¶
func NewAuthenticateCognitoAction(options *AuthenticateCognitoActionProps) AuthenticateCognitoAction
Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).
type AuthenticateCognitoActionProps ¶
type AuthenticateCognitoActionProps struct { // What action to execute next. // // Multiple actions form a linked chain; the chain must always terminate in a // (weighted)forward, fixedResponse or redirect action. Next awselasticloadbalancingv2.ListenerAction `field:"required" json:"next" yaml:"next"` // The Amazon Cognito user pool. UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"` // The Amazon Cognito user pool client. UserPoolClient awscognito.IUserPoolClient `field:"required" json:"userPoolClient" yaml:"userPoolClient"` // The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. UserPoolDomain awscognito.IUserPoolDomain `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"` // The query parameters (up to 10) to include in the redirect request to the authorization endpoint. AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"` // The behavior if the user is not authenticated. OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"` // The set of user claims to be requested from the IdP. // // To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. Scope *string `field:"optional" json:"scope" yaml:"scope"` // The name of the cookie used to maintain session information. SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"` // The maximum duration of the authentication session. SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"` }
Properties for AuthenticateCognitoAction.
Example:
import "github.com/aws/aws-cdk-go/awscdk" var vpc vpc var certificate certificate lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{ Vpc: Vpc, InternetFacing: jsii.Boolean(true), }) userPool := awscdk.Aws_cognito.NewUserPool(this, jsii.String("UserPool")) userPoolClient := awscdk.Aws_cognito.NewUserPoolClient(this, jsii.String("Client"), &UserPoolClientProps{ UserPool: UserPool, // Required minimal configuration for use with an ELB GenerateSecret: jsii.Boolean(true), AuthFlows: &AuthFlow{ UserPassword: jsii.Boolean(true), }, OAuth: &OAuthSettings{ Flows: &OAuthFlows{ AuthorizationCodeGrant: jsii.Boolean(true), }, Scopes: []oAuthScope{ awscdk.*Aws_cognito.*oAuthScope_EMAIL(), }, CallbackUrls: []*string{ fmt.Sprintf("https://%v/oauth2/idpresponse", lb.LoadBalancerDnsName), }, }, }) cfnClient := userPoolClient.Node.defaultChild.(cfnUserPoolClient) cfnClient.AddPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1)) cfnClient.AddPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{ jsii.String("COGNITO"), }) userPoolDomain := awscdk.Aws_cognito.NewUserPoolDomain(this, jsii.String("Domain"), &UserPoolDomainProps{ UserPool: UserPool, CognitoDomain: &CognitoDomainOptions{ DomainPrefix: jsii.String("test-cdk-prefix"), }, }) lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{ Port: jsii.Number(443), Certificates: []iListenerCertificate{ certificate, }, DefaultAction: actions.NewAuthenticateCognitoAction(&AuthenticateCognitoActionProps{ UserPool: *UserPool, UserPoolClient: *UserPoolClient, UserPoolDomain: *UserPoolDomain, Next: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{ ContentType: jsii.String("text/plain"), MessageBody: jsii.String("Authenticated"), }), }), }) awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{ Value: lb.*LoadBalancerDnsName, })