-
Notifications
You must be signed in to change notification settings - Fork 2
[Auth] Making Cognito Userpool for kendra button
TaeSeong Park edited this page Sep 26, 2020
·
5 revisions
$ amplify add auth
Using service: Cognito, provided by: awscloudformation
The current configured provider is Amazon Cognito.
Do you want to use the default authentication and security configuration? Manual configuration
Select the authentication/authorization services that you want to use: User Sign-Up & Sign-In only (Best used with a cloud API only)
Please provide a friendly name for your resource that will be used to label this category in the project: kendrabuttonauth
Please provide a name for your user pool: kendrabuttonauth
Warning: you will not be able to edit these selections.
How do you want users to be able to sign in? Username
Do you want to add User Pool Groups? No
Do you want to add an admin queries API? No
Multifactor authentication (MFA) user login options: OFF
Email based user registration/forgot password: Enabled (Requires per-user email entry at registration)
Please specify an email verification subject: Your verification code
Please specify an email verification message: Your verification code is {####}
Do you want to override the default password policy for this User Pool? No
Warning: you will not be able to edit these selections.
What attributes are required for signing up? Email
Specify the app's refresh token expiration period (in days): 30
Do you want to specify the user attributes this app can read and write? No
Do you want to enable any of the following capabilities?
Do you want to use an OAuth flow? No
? Do you want to configure Lambda Triggers for Cognito? Yes
? Which triggers do you want to enable for Cognito Pre Sign-up
? What functionality do you want to use for Pre Sign-up Create your own module
Succesfully added the Lambda function locally
? Do you want to edit your custom function now? Yes
Please edit the file in your editor: /Users/geoseong/Documents/Study/AWS/kendra-button/frontend/kendra-button-front/amplify/backend/function/kendrabuttonauthPreSignup/src/custom.js
? Press enter to continue
Successfully added resource kendrabuttonauth locally
Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud
$ amplify auth update
Please note that certain attributes may not be overwritten if you choose to use defaults settings.
You have configured resources that might depend on this Cognito resource. Updating this Cognito resource could have unintended side effects.
Using service: Cognito, provided by: awscloudformation
What do you want to do? Apply default configuration with Social Provider (Federation)
What domain name prefix you want us to create for you? kendrabuttonauth
Enter your redirect signin URI: https://dev.kendra.fun/
? Do you want to add another redirect signin URI No
Enter your redirect signout URI: https://dev.kendra.fun/
? Do you want to add another redirect signout URI No
Select the identity providers you want to configure for your user pool: Facebook, Google
You've opted to allow users to authenticate via Facebook. If you haven't already, you'll need to go to https://developers.facebook.com and create an App ID.
Enter your Facebook App ID for your OAuth flow: ____
Enter your Facebook App Secret for your OAuth flow: ____
You've opted to allow users to authenticate via Google. If you haven't already, you'll need to go to https://developers.google.com/identity and create an App ID.
Enter your Google Web Client ID for your OAuth flow: ____
Enter your Google Web Client Secret for your OAuth flow: ____
Succesfully updated the Lambda function locally
Successfully updated resource kendrabuttonauth locally
Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud
frontend/kendra-button-front/amplify/backend/auth/kendrabuttonauth/kendrabuttonauth-cloudformation-template.yml
UserPoolId:
Value: !Ref 'UserPool'
Description: Id for the user pool
+ Export:
+ Name: "kendraUserPoolIdDev"amplify auth push
$ amplify auth push
Current Environment: dev
| Category | Resource name | Operation | Provider plugin |
| -------- | ---------------- | --------- | ----------------- |
| Auth | kendrabuttonauth | Update | awscloudformation |
? Are you sure you want to continue? Yes
frontend/kendra-button-front/amplify/backend/function/kendrabuttonauthPreSignup/kendrabuttonauthPreSignup-cloudformation-template.json
- Add
cognito-idp:ListUsers,cognito-idp:AdminLinkProviderForUserPermission - Import
kendraUserPoolIdDevvia CloudFormation's syntax "Fn::ImportValue" - This is action to use
listUsers,adminLinkProviderForUsermethod inCognitoIdentityServiceProviderclass.
Resources -> lambdaexecutionpolicy -> Properties ->
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
},
"lambda": {
"Ref": "LambdaFunction"
}
}
]
}
},
{
"Effect": "Allow",
"Action": [
"cognito-idp:ListUsers",
"cognito-idp:AdminLinkProviderForUser"
],
"Resource": {
"Fn::Sub": [
"arn:aws:cognito-idp:${region}:${account}:userpool/${userpoolid}",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
},
"userpoolid": {
"Fn::ImportValue": "kendraUserPoolIdDev"
}
}
]
}
}
]
}
}code: amplify/backend/function/kendrabuttonauthPreSignup/src/custom.js
$ amplify function push
Current Environment: dev
| Category | Resource name | Operation | Provider plugin |
| -------- | ------------------------- | --------- | ----------------- |
| Function | kendrabuttonauthPreSignup | Update | awscloudformation |
? Are you sure you want to continue? Yes