-
Notifications
You must be signed in to change notification settings - Fork 7
/
template.yaml
101 lines (97 loc) · 2.89 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Description: "Microservice API and Auth settings"
Transform: "AWS::Serverless-2016-10-31"
Parameters:
YourEmail:
Type: String
Version:
Type: String
Default: v1
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
AdminCreateUserConfig:
AllowAdminCreateUserOnly: false
UserPoolName: TestingUsers
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: true
RequireNumbers: false
RequireSymbols: false
RequireUppercase: true
UserPoolTokenClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref UserPool
GenerateSecret: false
ExplicitAuthFlows:
- USER_PASSWORD_AUTH
UserPoolUser:
Type: AWS::Cognito::UserPoolUser
Properties:
DesiredDeliveryMediums:
- EMAIL
Username: !Ref YourEmail
UserPoolId: !Ref UserPool
# You don't actually need the API, but it does allow you to centralize your auth config, and allows you to add an Open API Spec
ServiceApi:
Type: AWS::Serverless::Api
Properties:
Name: ServiceApi
StageName: !Ref Version
# This is only needed if you are Requesting from a domain that is not shared with this API Domain
# Know the security implications before doing this on a production site
Cors:
AllowMethods: "'*'"
AllowHeaders: "'*'"
AllowOrigin: "'*'"
Auth:
Authorizers:
CognitoAuthorizer:
UserPoolArn: !GetAtt "UserPool.Arn"
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Description: Handles the basic request
Runtime: go1.x
Handler: ./dist/authenticated
# Policies:
# Leaving this here so you can avoid the Gotcha. Whatever this function does, it must be given permission to do so.
# Check here: https://github.com/awslabs/serverless-application-model/blob/master/docs/policy_templates.rst
Events:
Get:
Type: Api
Properties:
Path: /
RestApiId: !Ref ServiceApi
Method: GET
Auth:
Authorizer: CognitoAuthorizer
OpenLambdaFunction:
Type: AWS::Serverless::Function
Properties:
Description: Handles the basic request with no need for authentication
Runtime: go1.x
Handler: ./dist/open
Events:
Get:
Type: Api
Properties:
Path: /open
RestApiId: !Ref ServiceApi
Method: GET
Outputs:
CognitoID:
Description: The Cognito UserPool ID
Value: !Ref UserPool
CognitoClientID:
Description: The Cognito UserPool Client ID
Value: !Ref UserPoolTokenClient
ApiUrl:
Description: The API URL
Value: !Sub "https://${ServiceApi}.execute-api.${AWS::Region}.amazonaws.com/${Version}"