def getResource(self):
adminCreateUserConfig = cognito.AdminCreateUserConfig(
AllowAdminCreateUserOnly=self.allowAdminCreateUserOnly)
return cognito.UserPool(
'UserPool', **{
"UserPoolName": self.name,
"AdminCreateUserConfig": adminCreateUserConfig,
"AutoVerifiedAttributes": self.autoVerifiedAttributes,
"Schema": self.schema
})
def create_template(self):
"""Create template (main function called by Stacker)."""
template = self.template
variables = self.get_variables()
template.set_version('2010-09-09')
template.set_description('Static Website - Dependencies')
# Resources
awslogbucket = template.add_resource(
s3.Bucket('AWSLogBucket',
AccessControl=s3.Private,
VersioningConfiguration=s3.VersioningConfiguration(
Status='Enabled')))
template.add_output(
Output('AWSLogBucketName',
Description='Name of bucket storing AWS logs',
Value=awslogbucket.ref()))
template.add_resource(
s3.BucketPolicy(
'AllowAWSLogWriting',
Bucket=awslogbucket.ref(),
PolicyDocument=Policy(
Version='2012-10-17',
Statement=[
Statement(
Action=[awacs.s3.PutObject],
Effect=Allow,
Principal=AWSPrincipal(
Join(':',
['arn:aws:iam:', AccountId, 'root'])),
Resource=[
Join('', [
'arn:aws:s3:::',
awslogbucket.ref(), '/*'
])
])
])))
artifacts = template.add_resource(
s3.Bucket(
'Artifacts',
AccessControl=s3.Private,
LifecycleConfiguration=s3.LifecycleConfiguration(Rules=[
s3.LifecycleRule(NoncurrentVersionExpirationInDays=90,
Status='Enabled')
]),
VersioningConfiguration=s3.VersioningConfiguration(
Status='Enabled')))
template.add_output(
Output('ArtifactsBucketName',
Description='Name of bucket storing artifacts',
Value=artifacts.ref()))
if variables['AuthAtEdge']:
callbacks = self.context.hook_data['aae_callback_url_retriever'][
'callback_urls']
if variables['CreateUserPool']:
user_pool = template.add_resource(
cognito.UserPool("AuthAtEdgeUserPool"))
user_pool_id = user_pool.ref()
template.add_output(
Output('AuthAtEdgeUserPoolId',
Description=
'Cognito User Pool App Client for Auth @ Edge',
Value=user_pool_id))
else:
user_pool_id = self.context.hook_data[
'aae_user_pool_id_retriever']['id']
client = template.add_resource(
cognito.UserPoolClient(
"AuthAtEdgeClient",
AllowedOAuthFlows=['code'],
CallbackURLs=callbacks,
UserPoolId=user_pool_id,
AllowedOAuthScopes=variables['OAuthScopes']))
template.add_output(
Output(
'AuthAtEdgeClient',
Description='Cognito User Pool App Client for Auth @ Edge',
Value=client.ref()))
def create_template(self) -> None:
"""Create template (main function called by Stacker)."""
template = self.template
template.set_version("2010-09-09")
template.set_description("Static Website - Dependencies")
# Resources
awslogbucket = template.add_resource(
s3.Bucket(
"AWSLogBucket",
AccessControl=s3.Private,
VersioningConfiguration=s3.VersioningConfiguration(
Status="Enabled"),
))
template.add_output(
Output(
"AWSLogBucketName",
Description="Name of bucket storing AWS logs",
Value=awslogbucket.ref(),
))
template.add_resource(
s3.BucketPolicy(
"AllowAWSLogWriting",
Bucket=awslogbucket.ref(),
PolicyDocument=Policy(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.s3.PutObject],
Effect=Allow,
Principal=AWSPrincipal(
Join(":",
["arn:aws:iam:", AccountId, "root"])),
Resource=[
Join("", [
"arn:aws:s3:::",
awslogbucket.ref(), "/*"
])
],
)
],
),
))
artifacts = template.add_resource(
s3.Bucket(
"Artifacts",
AccessControl=s3.Private,
LifecycleConfiguration=s3.LifecycleConfiguration(Rules=[
s3.LifecycleRule(NoncurrentVersionExpirationInDays=90,
Status="Enabled")
]),
VersioningConfiguration=s3.VersioningConfiguration(
Status="Enabled"),
))
template.add_output(
Output(
"ArtifactsBucketName",
Description="Name of bucket storing artifacts",
Value=artifacts.ref(),
))
if self.variables["AuthAtEdge"]:
userpool_client_params = {
"AllowedOAuthFlows": ["code"],
"AllowedOAuthScopes": self.variables["OAuthScopes"],
}
if self.variables["Aliases"]:
userpool_client_params[
"AllowedOAuthFlowsUserPoolClient"] = True
userpool_client_params[
"SupportedIdentityProviders"] = self.variables[
"SupportedIdentityProviders"]
redirect_domains = [
add_url_scheme(x) for x in self.variables["Aliases"]
] + [
add_url_scheme(x)
for x in self.variables["AdditionalRedirectDomains"]
]
redirect_uris = get_redirect_uris(
redirect_domains,
self.variables["RedirectPathSignIn"],
self.variables["RedirectPathSignOut"],
)
userpool_client_params["CallbackURLs"] = redirect_uris[
"sign_in"]
userpool_client_params["LogoutURLs"] = redirect_uris[
"sign_out"]
else:
userpool_client_params[
"CallbackURLs"] = self.context.hook_data[
"aae_callback_url_retriever"]["callback_urls"]
if self.variables["CreateUserPool"]:
user_pool = template.add_resource(
cognito.UserPool("AuthAtEdgeUserPool"))
user_pool_id = user_pool.ref()
template.add_output(
Output(
"AuthAtEdgeUserPoolId",
Description=
"Cognito User Pool App Client for Auth @ Edge",
Value=user_pool_id,
))
else:
user_pool_id = self.context.hook_data[
"aae_user_pool_id_retriever"]["id"]
userpool_client_params["UserPoolId"] = user_pool_id
client = template.add_resource(
cognito.UserPoolClient("AuthAtEdgeClient",
**userpool_client_params))
template.add_output(
Output(
"AuthAtEdgeClient",
Description="Cognito User Pool App Client for Auth @ Edge",
Value=client.ref(),
))
"AdfsMetadataUrl",
Type=constants.STRING,
Default=
'https://adfs.example.com/FederationMetadata/2007-06/FederationMetadata.xml',
))
template.set_parameter_label(adfs_metadata_url, "ADFS Metadata Url")
magic_path = '/auth-89CE3FEF-FCF6-43B3-9DBA-7C410CAAE220'
cloudformation_tags = template.add_resource(
custom_resources.cloudformation.Tags("CfnTags"))
cognito_user_pool = template.add_resource(
cognito.UserPool(
"CognitoUserPool",
UserPoolName=Sub("StagingAccess${AWS::StackName}"),
UserPoolTags=GetAtt(cloudformation_tags, 'TagDict'),
))
cognito_user_pool_domain = template.add_resource(
custom_resources.cognito.UserPoolDomain(
"CognitoUserPoolDomain",
UserPoolId=Ref(cognito_user_pool),
# Domain=auto-generated
))
adfs_provider_name = 'adfs'
adfs_identity_provider = template.add_resource(
custom_resources.cognito.UserPoolIdentityProvider(
"AdfsIdentityProvider",
UserPoolId=Ref(cognito_user_pool),
def create_template(self):
"""Create template (main function called by Stacker)."""
template = self.template
variables = self.get_variables()
template.set_version("2010-09-09")
template.set_description("Static Website - Dependencies")
# Resources
awslogbucket = template.add_resource(
s3.Bucket(
"AWSLogBucket",
AccessControl=s3.Private,
VersioningConfiguration=s3.VersioningConfiguration(Status="Enabled"),
)
)
template.add_output(
Output(
"AWSLogBucketName",
Description="Name of bucket storing AWS logs",
Value=awslogbucket.ref(),
)
)
template.add_resource(
s3.BucketPolicy(
"AllowAWSLogWriting",
Bucket=awslogbucket.ref(),
PolicyDocument=Policy(
Version="2012-10-17",
Statement=[
Statement(
Action=[awacs.s3.PutObject],
Effect=Allow,
Principal=AWSPrincipal(
Join(":", ["arn:aws:iam:", AccountId, "root"])
),
Resource=[
Join("", ["arn:aws:s3:::", awslogbucket.ref(), "/*"])
],
)
],
),
)
)
artifacts = template.add_resource(
s3.Bucket(
"Artifacts",
AccessControl=s3.Private,
LifecycleConfiguration=s3.LifecycleConfiguration(
Rules=[
s3.LifecycleRule(
NoncurrentVersionExpirationInDays=90, Status="Enabled"
)
]
),
VersioningConfiguration=s3.VersioningConfiguration(Status="Enabled"),
)
)
template.add_output(
Output(
"ArtifactsBucketName",
Description="Name of bucket storing artifacts",
Value=artifacts.ref(),
)
)
if variables["AuthAtEdge"]:
callbacks = self.context.hook_data["aae_callback_url_retriever"][
"callback_urls"
]
if variables["CreateUserPool"]:
user_pool = template.add_resource(
cognito.UserPool("AuthAtEdgeUserPool")
)
user_pool_id = user_pool.ref()
template.add_output(
Output(
"AuthAtEdgeUserPoolId",
Description="Cognito User Pool App Client for Auth @ Edge",
Value=user_pool_id,
)
)
else:
user_pool_id = self.context.hook_data["aae_user_pool_id_retriever"][
"id"
]
client = template.add_resource(
cognito.UserPoolClient(
"AuthAtEdgeClient",
AllowedOAuthFlows=["code"],
CallbackURLs=callbacks,
UserPoolId=user_pool_id,
AllowedOAuthScopes=variables["OAuthScopes"],
)
)
template.add_output(
Output(
"AuthAtEdgeClient",
Description="Cognito User Pool App Client for Auth @ Edge",
Value=client.ref(),
)
)