Web based Cognito authentication for Nucleus Airflow UI #123
Comments
ramesh-maddegoda
changed the title
|
Ramesh needs the access log of the EC2 application load balancer to be set to investigate an issue with the web authentication for nucleus. Rmesh will send a ticket to MCP if it does not go through. |
|
It seems, there is a permission issues in MCP. I created the ticket GSD-4269 |
|
The MCP ticket has been assigned to someone who is going to help investigate the issue. |
|
@ramesh-maddegoda was able to unblock this issue by having the log enabled. He will move forward now with this task. |
jordanpadams
added
Epic
p.must-have
and removed
enhancement
|
The AWS ticket is escalated to the Cognito team. |
|
Network rules (NACL) must be updated for that to work. |
|
📆 10/2024 status: in work on schedule |
|
@ramesh-maddegoda made tests which show that the network is properly configured. He is now investigating possible issues with the Gognito UI redirect URLs. |
|
In progress |
|
📆 11/2024 status: Delayed waiting input from AWS do to intermittent issues during authentication process. No impact on other tasks. |
|
Status: Ticket in MCP has moved to implementation. |
|
MCP fixed the network rules following AWS recommendation. One error remains because of a wrong architecture depedency (mac vs x86). |
|
Implemented the MWAA COgnito login as explained in the following sites. Application load balancer single-sign-on for Amazon MWAA Created the following bug to fix this. |
|
The Cognito token validation should be implemented as a remaining task. |
|
@ramesh-maddegoda found a python library (joss) to validate the JWT token. He is now terraforming the configuration and cleaning the code before making making a PR. |
|
90% of terraforming the update using cognito. RDS Aurora disappeared from MCP which breaks the existing deployment. |
…Cognito auth and web token based approach Refer to issue: #123
…Cognito auth and web token based approach Refer to issue: #123
…n period for pds_nucleus_auth_alb cloud watch group. Refer to issue: #123
…gging for pds_nucleus_auth_alb_logs bucket for additional audit trails as per SonarQube suggestions. Refer to issue: #123
…DATE the code with code quality improvements. Refer to issue: #123
💡 Description
As a part of the ticket Setup role based authentication and authorization for Airflow UI with Cognito, an ALB based approach to enable Cognito authentication for Nucleus Airflow UI was implemented. However, the ALB based approach only worked sometimes and currently there is an Amazon support ticket Case 172781777100323 to troubleshoot it. At the moment, a python script is used to get a web token URL to access Airflow UI.
This ticket is created to focus on resolving this ALB related problem and eventually implement web based Cognito authentication for Nucleus Airflow UI.
⚔️ Parent Epic / Related Tickets
Related: Setup role based authentication and authorization for Airflow UI with Cognito
The text was updated successfully, but these errors were encountered: