Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow retrieving the generated app client id when creating an ElasticSearch service #7119

Closed
2 tasks
gabp opened this issue Apr 1, 2020 · 5 comments
Closed
2 tasks

Allow retrieving the generated app client id when creating an ElasticSearch service #7119

gabp opened this issue Apr 1, 2020 · 5 comments
Assignees
@iliapolo
Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@gabp
Copy link

gabp commented Apr 1, 2020

As the title mentions, I would like to be able to retrieve the generated app client id so that I can customize the app client when enabling cognito for elastic search.

Use Case

I need this to be able to customize the authentication providers in my identity pool. More specifically, I need to change the authenticated role selection to "Choose role from token" instead of the default option. In cdk, I can do that like this:

new CfnIdentityPoolRoleAttachment(this, 'RoleAttachment', {

        ...

        roleMappings: {

            'app client id here': {
                type: 'Token',
                ambiguousRoleResolution: 'AuthenticatedRole'
            }
        },
        ...
    });

Proposed Solution

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@gabp gabp added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 1, 2020
@SomayaB SomayaB added the @aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service label Apr 3, 2020
@iliapolo
Copy link
Contributor

Hi @gabp

From AWS ElasticSearch Docs:

When you configure a domain to use Amazon Cognito authentication for Kibana, Amazon ES adds an app client to the user pool and adds the user pool to the identity pool as an authentication provider

It is this app's ID you are referring to correct?

Unfortunately this information is not exposed by the AWS::Elasticsearch::Domain CloudFormation resource.

We encourage you open a request to CloudFormation for this runtime attribute, at which point we can surely add this to the CDK.

In the meanwhile, you can implement this by using Custom Resources.

In a nutshell you need to:

  1. Create a lambda function that queries aws cognito and finds that app client.
  2. Return the ID as the data of the response.
  3. Use getAttr on the custom resource to extract the ID.

You can also seek some guidance in our Gitter channel as well as our StackOverflow tag.

@iliapolo iliapolo added needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. effort/small Small work item – less than a day of effort labels Apr 12, 2020
@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label May 19, 2020
@NGL321
Copy link
Contributor

NGL321 commented Apr 12, 2021

Hey @gabp,

Reviewing old feature-requests, I see that this never got the Cloudformation update needed. Is this still something you would like to see? If so, we can cut that ticket for you. Please give an update, or we will close this issue for now.

😸 😷

@NGL321 NGL321 added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Apr 12, 2021
@gabp
Copy link
Author

gabp commented Apr 14, 2021 via email

@peterwoodworth
Copy link
Contributor

Thanks for getting back to us! will do

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@zordark zordark mentioned this issue Jun 9, 2022
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iliapolo iliapolo

Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@iliapolo @gabp @NGL321 @SomayaB @peterwoodworth