All geek questions in one place

Cognito authorized server pool with serverless platform

I need to authorize my API endpoint using aws cognito userpool. I can do this manually, but I need to automate part of the authorization using the server platform.

Does Serverless Framework support aws cognito?

If so, how can we configure a user pool without a server?

+13
source share
3 answers

Yes. Serverless ( v1.5 ) support for the authorized Cognito user pool.

If you are using a previous version of serverless, you need to upgrade v1.5 or later.

To authorize the api endpoint for the user pool, you need to specify the arn pool.

functions: hello: handler: handler.hello events: - http: path: hello method: get integration: lambda authorizer: name: authorizer arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX

Read this article for more details.

+22
source

If you want to install the Cognito User Pool for the authorizer that you declared in your resources, you must also use CloudFormation to create the authorizer.

 functions: functionName: # ... events: - http: # ... authorizer: type: COGNITO_USER_POOLS authorizerId: Ref: ApiGatewayAuthorizer resources: Resources: ApiGatewayAuthorizer: Type: AWS::ApiGateway::Authorizer Properties: Name: CognitoUserPool Type: COGNITO_USER_POOLS IdentitySource: method.request.header.Authorization RestApiId: Ref: ApiGatewayRestApi ProviderARNs: - Fn::GetAtt: - UserPool - Arn UserPool: Type: AWS::Cognito::UserPool
+15
source

Without server 1.35.1

In case someone stumbles upon this, like me. Here is my working solution.

Wherever you create a user pool, you can add ApiGatewayAuthorizer

 # create a user pool as normal CognitoUserPoolClient: Type: AWS::Cognito::UserPoolClient Properties: # Generate an app client name based on the stage ClientName: ${self:custom.stage}-user-pool-client UserPoolId: Ref: CognitoUserPool ExplicitAuthFlows: - ADMIN_NO_SRP_AUTH GenerateSecret: true # then add an authorizer you can reference later ApiGatewayAuthorizer: DependsOn: # this is pre-defined by serverless - ApiGatewayRestApi Type: AWS::ApiGateway::Authorizer Properties: Name: cognito_auth # apparently ApiGatewayRestApi is a global string RestApiId: { "Ref" : "ApiGatewayRestApi" } IdentitySource: method.request.header.Authorization Type: COGNITO_USER_POOLS ProviderARNs: - Fn::GetAtt: [CognitoUserPool, Arn]

Then when you define your functions

 graphql: handler: src/app.graphqlHandler events: - http: path: / method: post cors: true integration: lambda # add this and just reference the authorizer authorizer: type: COGNITO_USER_POOLS authorizerId: Ref: ApiGatewayAuthorizer
+2
source

Source: https://habr.com/ru/post/1262845/

More articles:


All Articles