This repository has been archived by the owner on Apr 13, 2023. It is now read-only.
docs: Updated FHIR Works readme #283
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nguyen102
changed the title
rsmayda
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| This deployment implementation utilizes Lambda, DynamoDB, S3 and Elasticsearch to provide these FHIR capabilities: | ||
| ## FHIR on AWS features |
There was a problem hiding this comment.
Suggested change
| ## FHIR on AWS features | |
| ## FHIR Works on AWS features |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| FHIR Works on AWS is a framework to deploy a [FHIR](https://www.hl7.org/fhir/overview.html) server on AWS. This package is an example implementation of this framework. The power of this framework is being able to customize and add in additional FHIR functionality for your unique use-case. An example of this, is this deployment uses [Cognito and role based access control](https://github.com/awslabs/fhir-works-on-aws-authz-rbac). Say you would rather support [SMART on FHIR](https://github.com/awslabs/fhir-works-on-aws-authz-smart), you could swap out the authorization component and plug it into your deployment package. A sample of this swap out can be found on the [smart-mainline branch](https://github.com/awslabs/fhir-works-on-aws-deployment/tree/smart-mainline) of this repository. With FHIR Works on AWS you control how your FHIR server will work! | ||
| FHIR Works on AWS is a framework that can be used to deploy a [FHIR server](https://www.hl7.org/fhir/overview.html) on AWS. Using this framework, you can customize and add different FHIR functionality to best serve your use cases. When deploying this framework, by default [Cognito and role based access control](https://github.com/awslabs/fhir-works-on-aws-authz-rbac) is used. However, if preferred, you can be authenticated and authorized to access the FHIR server’s resources by using [SMART](https://github.com/awslabs/fhir-works-on-aws-authz-smart) instead of Cognito. Cognito is the default AuthN/AuthZ provider because it is easier to configure than SMART. It doesn’t require setting up a separate IDP server outside of AWS as compared to SMART. However, Cognito authentication is not granular. When a new user is created, it is assigned into the auditor, practitioner, or non-practitioner groups. Depending on the group, the user gets access to different groups of FHIR resources. | ||
| The AuthN/Z providers are defined in `package.json` and `config.ts`. You can choose appropriate providers. SMART allows greater granularity into authentication than Cognito and is the FHIR standard. It allows you to access a FHIR record only if that record has reference to the user. FHIR Works on AWS controls the working of your FHIR server. |
There was a problem hiding this comment.
Is this line needed?
FHIR Works on AWS controls the working of your FHIR server.
Maybe I'm missing something, but I'm not sure what that additional line is adding.
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
| - Search capabilities per resource type | ||
| - Ability to do versioned reads (vread) | ||
| - Ability to post a transaction bundle of 25 entries or less | ||
| FHIR Works on AWS solution utilizes AWS Lambda, Amazon DynamoDB, Amazon S3 and Amazon Elasticsearch Service to provide the following FHIR features: |
There was a problem hiding this comment.
Suggested change
| FHIR Works on AWS solution utilizes AWS Lambda, Amazon DynamoDB, Amazon S3 and Amazon Elasticsearch Service to provide the following FHIR features: | |
| FHIR Works on AWS utilizes AWS Lambda, Amazon DynamoDB, Amazon S3 and Amazon Elasticsearch Service to provide the following FHIR features: |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
| + Create, Read, Update, Delete (CRUD) operations for all R4 or STU3 base FHIR resources | ||
| + Search capabilities per resource type | ||
| + Ability to do versioned reads ([vread](https://www.hl7.org/fhir/http.html#vread)) | ||
| + Ability to post a transaction bundle of 25 entries or less. Presently, transaction bundles with only 25 entries or less are supported. |
There was a problem hiding this comment.
Delete the extra space at the beginning of this line?
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| ```sh | ||
| git clone https://github.com/awslabs/fhir-works-on-aws-deployment.git | ||
| ``` | ||
|
|
||
| ### Install | ||
| **Note**: To modify FHIR Works on AWS, create your own fork of the GitHub repository. This allows you to check in any changes you make to your private copy of the solution. |
There was a problem hiding this comment.
Nitpick: Change solution to code.
My thought being, we want to use the term solution only when referring to the actual FHIR Solution
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| > [Fhir.postman_collection.json](./postman/Fhir.postman_collection.json) | ||
| **Note**: Ensure that you import the `[Fhir.postman_collection.json](./postman/Fhir.postman_collection.json)` collection file. |
There was a problem hiding this comment.
Suggested change
| **Note**: Ensure that you import the `[Fhir.postman_collection.json](./postman/Fhir.postman_collection.json)` collection file. | |
| **Note**: Ensure that you import the [Fhir.postman_collection.json](./postman/Fhir.postman_collection.json) collection file. |
There was a problem hiding this comment.
fixed. Removed the quotes
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| The variables required in the POSTMAN collection can be found in `Info_Output.yml` or by running `serverless info --verbose` | ||
| + `Fhir_Local_Env.json` | ||
| + `Fhir_Dev_Env.json` |
There was a problem hiding this comment.
Remove the extra space at the beginning of line 96 and 97?
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| ### Authorizing a user | ||
| + `API_URL: from Service Information:endpoints: ANY` |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
Comment on lines
103
to
106
| + `API_URL: from Service Information:endpoints: ANY` | ||
| + `API_KEY: from Service Information: api keys: developer-key` | ||
| + `CLIENT_ID: from Stack Outputs: UserPoolAppClientId` | ||
| + `AUTH_URL: https://<CLIENT_ID>.auth.<REGION>.amazoncognito.com/oauth2/authorize` |
There was a problem hiding this comment.
Suggested change
| + `API_URL: from Service Information:endpoints: ANY` | |
| + `API_KEY: from Service Information: api keys: developer-key` | |
| + `CLIENT_ID: from Stack Outputs: UserPoolAppClientId` | |
| + `AUTH_URL: https://<CLIENT_ID>.auth.<REGION>.amazoncognito.com/oauth2/authorize` | |
| + API_URL: from Service Information:endpoints: ANY | |
| + API_KEY: from Service Information: api keys: developer-key | |
| + CLIENT_ID: from Stack Outputs: UserPoolAppClientId | |
| + AUTH_URL: https://<CLIENT_ID>.auth.<REGION>.amazoncognito.com/oauth2/authorize |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| FHIR Works on AWS solution uses role based access control (RBAC) to determine what operations and what resource types the requesting user has access too. The default ruleset can be found here: [RBACRules.ts](src/RBACRules.ts). For users to access the API they must use an OAuth access token. This access token must include scopes of either: | ||
| To find what the FHIR Server supports, use the `GET Metadata` postman to generate a [Capability Statement](https://www.hl7.org/fhir/capabilitystatement.html). |
There was a problem hiding this comment.
Suggested change
| To find what the FHIR Server supports, use the `GET Metadata` postman to generate a [Capability Statement](https://www.hl7.org/fhir/capabilitystatement.html). | |
| To find what the FHIR Server supports, use the `GET Metadata` Postman request to retrieve the [Capability Statement](https://www.hl7.org/fhir/capabilitystatement.html). |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| Using either of the above scopes will include the user groups in the access token. | ||
| FHIR Works on AWS solution uses Role-Based Access Control (RBAC) to determine what operations and what resource types the requesting user has access too. The default ruleset can be found in [RBACRules.ts](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/src/RBACRules.ts). To access the API, you must use the OAuth access token. This access token must include scopes of either `openid`, `profile` or `aws.cognito.signin.user.admin`. |
There was a problem hiding this comment.
Suggested change
| FHIR Works on AWS solution uses Role-Based Access Control (RBAC) to determine what operations and what resource types the requesting user has access too. The default ruleset can be found in [RBACRules.ts](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/src/RBACRules.ts). To access the API, you must use the OAuth access token. This access token must include scopes of either `openid`, `profile` or `aws.cognito.signin.user.admin`. | |
| FHIR Works on AWS uses Role-Based Access Control (RBAC) to determine what operations and what resource types the requesting user has access to. The default rule set can be found in [RBACRules.ts](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/src/RBACRules.ts). To access the API, you must use the OAuth access token. This access token must include scopes of either `openid`, `profile` or `aws.cognito.signin.user.admin`. |
There was a problem hiding this comment.
Changed this line from " FHIR Works on AWS uses Role-Based Access Control (RBAC) to determine what operations and what resource types the requesting user has access to.
to "FHIR Works on AWS uses Role-Based Access Control (RBAC) to determine what operations and what resource types a user can access."
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| A Cognito OAuth access token can be obtained using the following command substituting all variables with their values from `INFO_OUTPUT.yml` or the previously mentioned `serverless info --verbose` command. | ||
| To access the FHIR API, an access token is required. This can be obtained following these steps within Postman: |
There was a problem hiding this comment.
Suggested change
| To access the FHIR API, an access token is required. This can be obtained following these steps within Postman: | |
| To access the FHIR API, an access token is required. This can be obtained by following these steps within Postman: |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
Comment on lines
128
to
129
| 4. A sign in page appears. Enter the username and password (if you don't know it look at the [init-auth.py](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/scripts%5Cinit-auth.py) script). | ||
| 5. After signing in, the access token is set and you have the access for approximately one hour. |
There was a problem hiding this comment.
Suggested change
| 4. A sign in page appears. Enter the username and password (if you don't know it look at the [init-auth.py](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/scripts%5Cinit-auth.py) script). | |
| 5. After signing in, the access token is set and you have the access for approximately one hour. | |
| 3. A sign in page appears. Enter the username and password (if you don't know it look at the [init-auth.py](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/mainline/scripts%5Cinit-auth.py) script). | |
| 4. After signing in, the access token is set and you have the access for approximately one hour. |
nguyen102
reviewed
Apr 7, 2021
README.md
Outdated
|
|
||
| ## Feedback | ||
|
|
||
| We'd love to hear from you! Please reach out to our team: [fhir-works-on-aws-dev](mailto:fhir-works-on-aws-dev@amazon.com) for any feedback. | ||
| We'd love to hear from you! Please reach out to our team: [fhir-works-on-aws-dev](mailto:fhir-works-on-aws-dev@amazon.com) for any feedback. |
There was a problem hiding this comment.
I believe in our retro we decided to remove our email. Let's rephrase this to have them file GH issues if they have any questions or concerns.
nguyen102
approved these changes
Apr 7, 2021
|
Readme restructured and updated |
rsmayda
added a commit
that referenced
this pull request
Jun 25, 2021
BREAKING CHANGE: Interact with ES via aliases. Aliases need to be added to existing index prior to deployment (feat: Use alias for all ES operations #349) - Run the addAlias script prior to deploying. This script will create aliases for all existing indices To highlight some of the features being merged in: - Add logging framework (feat: deployment change for adding logging framework #310) - Add $docref implementation (feat: add $docref implementation #332) - Add better search integration tests (test: add search tests for exact token matching #306, feat: Add post search and integ tests #296) - Add DLQ for ddbToEs sync failures (feat: add DLQ for ddbToEs sync failures #295) Full list of changes merged in: * feat: Update dependencies to support SearchFilters better (#197) * fix: Update persistence and interface dependencies (#201) * fix(search): bump search version to pick up bug fixes (#202) * chore: add PR size labeler (#198) * chore: add PR size labeler * chore: update labeler yml syntax * empty commit fix mainline protection * feat: bump routing and interface version to use validators (#208) * docs: Update docs, Third party file & diagram (#207) * Fixes a link in DEVELOPMENT.md (#215) * docs: add a troubleshooting case for windows (#220) * chore: change log retention and add DDB tables as output (#222) * test: Add tests for RBAC Auth (#229) * test: update cognito usernames (#230) * test: Default fhirClient should use the role of practitioner (#231) * chore: dependency update (#232) * chore: Update serverless dependencies and use serverless-bundle to optimize package size (#240) * fix: http-errors from routing dependency (#243) * chore: update deploy script for working with local packages (#245) * chore: update log settings (#252) * chore: add encryption, https-only, access logging to all buckets (#253) * chore: Update routing dependency. Pass in user agent value (#263) * chore: fix gh merge workflow to do ff-only (#264) * chore: use our own script instead of merge action (#265) * chore: fix yaml syntax * chore: fix merge script * chore: use merge token in merge script * ci: add workaround for merge with branch protection * feat: support Implementation Guides (#266) * feat: add Implementation Guides compiler script (#192) * feat: load compiled implementation guides (#199) * feat: add Implementation Guides integ tests (#205) * chore: add compile-igs yarn script * feat: add HAPI validator lambda fn (#221) * feat: Compile IG StructureDefinitions (#235) * feat: add useHapiValidator CFN parameter (#236) * test: IGs: Validation during create/update and supportedProfile in CapStatement (#237) * feat: specify paths to IG resources (#241) * fix: copy IG files to webpack deployment package (#247) * chore: add third party attributions file (#251) * feat: add support for DSTU3 on Java Hapi validator (#254) * docs: add IGs documentation (#256) * chore: update gh actions tu build and deploy hapi validator (#257) * feat: support Implementation Guides * docs: fix changelog headers * chore: update version in package.json * ci: use HAPI validator on integ tests (#269) * chore: Update routing package dependency. Update custom agent env variable with correct package version (#271) * docs: removing team email from feedback (#275) * fix: fix unable to locate compiledImplementationGuides/* glob (#277) * fix: exit from installation script if serverless deployment fails (#280) * docs: Clarify IG documentation (#279) * docs: Updated FHIR Works readme (#283) * feat: enhance date and token search. Add integ tests (#284) * test: add token search integ tests (#285) * chore(release): 2.6.0 (#286) * docs: Update CUSTOM_USER_AGENT (#287) * fix: update persistence dependency; to fix meta bug (#288) * feat: enhance numeric and quantity search (#291) * fix: Suppress deprecation warning when writing to Info_Output.yml during installation (#294) * feat: add DLQ for ddbToEs sync failures (#295) * chore: lock down versions of external deployment dependencies (#298) * fix: increment persistence package (#300) * feat: Add post search and integ tests (#296) * feat: Add post search and integ tests * chore: add security scanning (#302) * feat(search): support Period type fields for date params (#299) * test: add search tests for exact token matching (#306) * chore(release): 2.7.0 (#307) * chore: add cfn-nag to all yaml changes (#308) * chore: dependency updates (#321) * chore: dependency updates * fix: resolved registry url updated * chore: upgrade dependencies (#322) * chore: bump dependency version (#328) * chore: bump dependency version * chore: adding GitHub issue templates (#325) * chore: update README for another Auth url * feat: add logging framework (#310) * chore: workflow only run if yaml/yml is updated (#333) * feat: add $docref implementation (#332) * chore(deps): bump browserslist from 4.16.3 to 4.16.6 (#335) * chore(deps): bump browserslist from 4.16.3 to 4.16.6 * trigger mainline protection check * chore(deps): bump browserslist from 4.16.3 to 4.16.6 in /auditLogMover (#334) * chore(deps): bump browserslist from 4.16.3 to 4.16.6 in /auditLogMover * trigger mainline protection check * chore: dependency fix (#339) * chore: release 2.8.0 (#338) * fix: Allow running sls offline with Hapi Validator (#343) * fix: typo for passing in custom log level (#345) * chore: script for add alias to existing index (#346) * feat: remove unneeded scope checks in authorizer (#347) * Revert "feat: remove unneeded scope checks in authorizer (#347)" * feat!: Use alias for all ES operations (#349) * BREAKING CHANGE: Aliases need to be added to existing index * Run the addAlias [script](https://github.com/awslabs/fhir-works-on-aws-deployment/blob/94a3187a6fb7a673946a215869c154048603389b/scripts/elasticsearch-operations.js) created in this [PR](#346) will create aliases for all existing indices * Update or create resource in a specific type will automatically create alias for the corresponding index * chore(release): 3.0.0 (#353) * chore: remove routing package from bundle.externals (#354) * chore(deps): bump ssri from 6.0.1 to 6.0.2 in /auditLogMover (#351) * chore(deps): bump ssri from 6.0.1 to 6.0.2 in /auditLogMover * chore(deps): bump lodash from 4.17.20 to 4.17.21 in /auditLogMover (#350) * chore(deps): bump lodash from 4.17.20 to 4.17.21 in /auditLogMover * chore(deps): bump ssri from 6.0.1 to 6.0.2 (#352) * chore(deps): bump ssri from 6.0.1 to 6.0.2 * chore(deps-dev): bump lodash from 4.17.20 to 4.17.21 (#355) * chore(deps-dev): bump lodash from 4.17.20 to 4.17.21 * chore: update dependencies (#356) * fix: type definition issues Co-authored-by: Tim Nguyen <nguyen102@users.noreply.github.com> Co-authored-by: Nestor Carvantes <carvantes@gmail.com> Co-authored-by: Yanyu Zheng <yz2690@columbia.edu> Co-authored-by: zheyanyu <zheyanyu@amazon.com> Co-authored-by: J Kendal <13680617+joekendal@users.noreply.github.com> Co-authored-by: Tim Nguyen <thingut@amazon.com> Co-authored-by: justinusmenzel <69522360+justinusmenzel@users.noreply.github.com> Co-authored-by: Justinus Menzel <justinus.menzel@abacusinsights.com> Co-authored-by: Emil Diaz <emilhdiaz@users.noreply.github.com> Co-authored-by: shyogesh-sw <79225266+shyogesh-sw@users.noreply.github.com> Co-authored-by: Sanket Dharwadkar <sdharwad@amazon.com> Co-authored-by: Bakha Nurzhanov <74073037+awsbakha@users.noreply.github.com> Co-authored-by: Ranjan Bhandari <ranjanbhandari@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes: Updated the FHIR works readme. Please review and provide your feedback/approve.
Checklist:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.