-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathtemplate.yaml
169 lines (169 loc) · 5.73 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
UserPoolName: !Sub ${AWS::StackName}-UserPool
UsernameAttributes:
- email
LambdaConfig:
PreSignUp: !GetAtt CognitoTriggered.Arn
PostConfirmation: !GetAtt CognitoTriggered.Arn
PreAuthentication: !GetAtt CognitoTriggered.Arn
PostAuthentication: !GetAtt CognitoTriggered.Arn
CustomMessage: !GetAtt CognitoTriggered.Arn
UserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: my-app
GenerateSecret: false
UserPoolId: !Ref UserPool
ExplicitAuthFlows:
- ADMIN_NO_SRP_AUTH
CognitoTriggered:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-CognitoTriggered
Description: !Sub
- Stack ${StackTagName} Environment ${EnvironmentTagName} Signup ${ResourceName}
- ResourceName: CognitoTriggered
CodeUri: src/CognitoTriggered
Handler: index.handler
Runtime: nodejs12.x
MemorySize: 3008
Timeout: 30
Tracing: Active
Policies:
- AWSXrayWriteOnlyAccess
UserPoolToCognitoTriggeredPermission:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt CognitoTriggered.Arn
Principal: cognito-idp.amazonaws.com
Action: lambda:InvokeFunction
SourceArn: !GetAtt UserPool.Arn
Api:
Type: AWS::Serverless::Api
Properties:
Name: !Sub
- ${ResourceName} From Stack ${StackTagName} Environment ${EnvironmentTagName}
- ResourceName: Api
StageName: !Ref EnvironmentAPIGatewayStageName
DefinitionBody:
swagger: '2.0'
info: {}
paths:
/signup:
post:
x-amazon-apigateway-integration:
httpMethod: POST
type: aws_proxy
uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Signup.Arn}/invocations
responses: {}
/userstuff:
get:
x-amazon-apigateway-integration:
httpMethod: POST
type: aws_proxy
uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthenticatedApi.Arn}/invocations
responses: {}
EndpointConfiguration: REGIONAL
Signup:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-Signup
Description: !Sub
- Stack ${StackTagName} Environment ${EnvironmentTagName} Signup ${ResourceName}
- ResourceName: Signup
CodeUri: src/Signup
Handler: index.handler
Runtime: nodejs12.x
MemorySize: 3008
Timeout: 30
Tracing: Active
Policies:
- AWSXrayWriteOnlyAccess
- Statement:
- Effect: Allow
Action:
- cognito-idp:Admin*
- cognito-idp:DescribeIdentityProvider
- cognito-idp:DescribeResourceServer
- cognito-idp:DescribeUserPool
- cognito-idp:DescribeUserPoolClient
- cognito-idp:DescribeUserPoolDomain
- cognito-idp:GetGroup
- cognito-idp:ListGroups
- cognito-idp:ListUserPoolClients
- cognito-idp:ListUsers
- cognito-idp:ListUsersInGroup
- cognito-idp:UpdateGroup
Resource: !GetAtt UserPool.Arn
Environment:
Variables:
USER_POOL_ID: !Ref UserPool
USER_POOL_ARN: !GetAtt UserPool.Arn
USER_POOL_CLIENT_ID: !Ref UserPoolClient
Events:
ApiPOSTsignup:
Type: Api
Properties:
Path: /signup
Method: POST
RestApiId: !Ref Api
AuthenticatedApi:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-AuthenticatedApi
Description: !Sub
- Stack ${StackTagName} Environment ${EnvironmentTagName} AuthenticatedApi ${ResourceName}
- ResourceName: AuthenticatedApi
CodeUri: src/AuthenticatedApi
Handler: index.handler
Runtime: nodejs12.x
MemorySize: 3008
Timeout: 30
Tracing: Active
Policies:
- AWSXrayWriteOnlyAccess
- Statement:
- Effect: Allow
Action:
- cognito-idp:Admin*
- cognito-idp:DescribeIdentityProvider
- cognito-idp:DescribeResourceServer
- cognito-idp:DescribeUserPool
- cognito-idp:DescribeUserPoolClient
- cognito-idp:DescribeUserPoolDomain
- cognito-idp:GetGroup
- cognito-idp:ListGroups
- cognito-idp:ListUserPoolClients
- cognito-idp:ListUsers
- cognito-idp:ListUsersInGroup
- cognito-idp:UpdateGroup
Resource: !GetAtt UserPool.Arn
Events:
ApiGETuserstuff:
Type: Api
Properties:
Path: /userstuff
Method: GET
RestApiId: !Ref Api
Environment:
Variables:
USER_POOL_ID: !Ref UserPool
USER_POOL_ARN: !GetAtt UserPool.Arn
USER_POOL_CLIENT_ID: !Ref UserPoolClient
Parameters:
StackTagName:
Type: String
Description: Stack Name (injected by Stackery at deployment time)
EnvironmentTagName:
Type: String
Description: Environment Name (injected by Stackery at deployment time)
EnvironmentAPIGatewayStageName:
Type: String
Description: Environment name used for API Gateway Stage names (injected by Stackery at deployment time)