Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

High-level support for AWS::ElasticLoadBalancingV2::Listener AuthenticateOidcConfig #6308

Open
lanwen opened this issue Feb 17, 2020 · 1 comment

Comments

@lanwen
Copy link

@lanwen lanwen commented Feb 17, 2020

Currently there is no obvious way other than low-level resources to get https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html

To integrate it with the existing listeners, I have to do something like this:

 const listener = elbv2.ApplicationListener.fromApplicationListenerAttributes(this, "InternalVPCListener", { 
            listenerArn: "arn:aws:elasticloadbalancing:..:listener/app/lsdksjfdsf-21IW/9a3d8768a479f7f6/c99babbc37014371",
            securityGroupId: "sg-07a315ff"
        });

        const rule = new elbv2.ApplicationListenerRule(this, "ListenerRule", {
            priority: 5,
            listener: listener,
            hostHeader: 'host.example.com',
        });

        rule.actions[0].order = 2;
        rule.node.defaultChild.actions = cdk.Lazy.anyValue({
            produce: () => [{
                authenticateOidcConfig: {
                    authorizationEndpoint: "https://accounts.google.com/o/oauth2/v2/auth",
                    clientId: "1",
                    clientSecret: "2",
                    issuer: "https://accounts.google.com",
                    tokenEndpoint: "https://oauth2.googleapis.com/token",
                    userInfoEndpoint: "https://openidconnect.googleapis.com/v1/userinfo"
                },
                type: "authenticate-oidc",
                order: 1
            }, ...rule.actions]
        });

Use Case

Usecase I faced - is to authenticate some target behind ALB like described in the article
https://cloudonaut.io/how-to-secure-your-devops-tools-with-alb-authentication/?ck_subscriber_id=640789667

Proposed Solution

Would be nice to have something in the BaseApplicationListenerRuleProps to address that

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

@enricopesce

This comment has been minimized.

Copy link

@enricopesce enricopesce commented Feb 20, 2020

I have spent one day and I can't find a way to use oidc.. very difficult, no examples, no documentation :(

@SomayaB SomayaB removed the needs-triage label Mar 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.