-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High-level support for AWS::ElasticLoadBalancingV2::Listener AuthenticateOidcConfig #6308
Closed
2 tasks
Labels
@aws-cdk/aws-elasticloadbalancing
Related to Amazon Elastic Load Balancing
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
Comments
lanwen
added
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
labels
Feb 17, 2020
SomayaB
added
the
@aws-cdk/aws-elasticloadbalancing
Related to Amazon Elastic Load Balancing
label
Feb 17, 2020
I have spent one day and I can't find a way to use oidc.. very difficult, no examples, no documentation :( |
for those using ecs patterns, I had to do this: const secret = sm.Secret.fromSecretAttributes(this, "OauthSecret", {
secretArn:
"arn:aws:secretsmanager:oauthsecretarn",
});
const clientSecret = secret.secretValueFromJson("clientSecretKey");
let listenerCF = service.listener.node.defaultChild as CfnListener;
listenerCF.defaultActions = cdk.Lazy.anyValue({
produce: () => [
{
authenticateOidcConfig: {
authorizationEndpoint: "https://mydomain.auth0.com/authorize",
clientId: "1",
clientSecret: clientSecret,
scope: "openid",
issuer: "https://mydomain.auth0.com/",
tokenEndpoint: "https://mydomain.auth0.com/oauth/token",
userInfoEndpoint: "https://mydomain.auth0.com/userinfo",
sessionCookieName: "AWSELBAuthSessionCookie",
sessionTimeout: 604800,
onUnauthenticatedRequest: "authenticate",
//don't forget to change timeout and cookie name
},
type: "authenticate-oidc",
order: 1,
},
...(<any>service.listener).defaultActions,
], // here we pass previous action after our new
});
// make sure the previous first action is after auth
listenerCF.addPropertyOverride("DefaultActions.1.Order", 2);
} |
mergify bot
pushed a commit
that referenced
this issue
May 18, 2020
### Commit Message feat(elbv2): full Action support Add support for more complex Action setups. Adds authentication using OIDC or Cognito, and proper support for fixed responses, redirects, and weighted TargetGroup forwarding and stickiness. Fixes #2563, fixes #6310, fixes #6308. ### End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
karupanerura
pushed a commit
to karupanerura/aws-cdk
that referenced
this issue
May 22, 2020
### Commit Message feat(elbv2): full Action support Add support for more complex Action setups. Adds authentication using OIDC or Cognito, and proper support for fixed responses, redirects, and weighted TargetGroup forwarding and stickiness. Fixes aws#2563, fixes aws#6310, fixes aws#6308. ### End Commit Message ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-elasticloadbalancing
Related to Amazon Elastic Load Balancing
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
Currently there is no obvious way other than low-level resources to get https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
To integrate it with the existing listeners, I have to do something like this:
Use Case
Usecase I faced - is to authenticate some target behind ALB like described in the article
https://cloudonaut.io/how-to-secure-your-devops-tools-with-alb-authentication/?ck_subscriber_id=640789667
Proposed Solution
Would be nice to have something in the
BaseApplicationListenerRuleProps
to address thatOther
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: