[pull] master from AnomalyInnovations:master

_examples/how-to-add-auth0-authentication-to-a-serverless-api.md

@@ -57,7 +57,6 @@ Let's start by setting up an API.
 
 ``` js
 import * as cdk from "@aws-cdk/core";
-import * as iam from "@aws-cdk/aws-iam";
 import * as sst from "@serverless-stack/resources";
 
 export default class MyStack extends sst.Stack {
@@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack {
 
     // Create Api
     const api = new sst.Api(this, "Api", {
-      defaultAuthorizationType: "AWS_IAM",
+      defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
       routes: {
         "GET /private": "src/private.main",
         "GET /public": {
-          authorizationType: "NONE",
           function: "src/public.main",
+          authorizationType: sst.ApiAuthorizationType.NONE,
         },
       },
     });
@@ -100,8 +99,6 @@ Now let's add authentication for our serverless app.
 {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `domain` and `clientId` with that of your Auth0 app.
 
 ``` js
-const { account, region } = sst.Stack.of(this);
-
 // Create auth provider
 const auth = new sst.Auth(this, "Auth", {
   auth0: {
@@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", {
 });
 
 // Allow authenticated users invoke API
-auth.attachPermissionsForAuthUsers([
-  new iam.PolicyStatement({
-    actions: ["execute-api:Invoke"],
-    effect: iam.Effect.ALLOW,
-    resources: [
-      `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`,
-    ],
-  }),
-]);
+auth.attachPermissionsForAuthUsers([api]);
 
 new cdk.CfnOutput(this, "IdentityPoolId", {
   value: auth.cognitoCfnIdentityPool.ref,

_examples/how-to-add-cognito-authentication-to-a-serverless-api.md

@@ -56,7 +56,6 @@ Let's start by setting up an API.
 
 ``` js
 import * as cdk from "@aws-cdk/core";
-import * as iam from "@aws-cdk/aws-iam";
 import * as sst from "@serverless-stack/resources";
 
 export default class MyStack extends sst.Stack {
@@ -65,12 +64,12 @@ export default class MyStack extends sst.Stack {
 
     // Create Api
     const api = new sst.Api(this, "Api", {
-      defaultAuthorizationType: "AWS_IAM",
+      defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
       routes: {
         "GET /private": "src/private.main",
         "GET /public": {
-          authorizationType: "NONE",
           function: "src/public.main",
+          authorizationType: sst.ApiAuthorizationType.NONE,
         },
       },
     });
@@ -97,8 +96,6 @@ By default, all routes have the authorization type `AWS_IAM`. This means the cal
 {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`.
 
 ``` js
-const { account, region } = sst.Stack.of(this);
-
 // Create auth provider
 const auth = new sst.Auth(this, "Auth", {
   cognito: {
@@ -107,15 +104,7 @@ const auth = new sst.Auth(this, "Auth", {
 });
 
 // Allow authenticated users to invoke the API
-auth.attachPermissionsForAuthUsers([
-  new iam.PolicyStatement({
-    actions: ["execute-api:Invoke"],
-    effect: iam.Effect.ALLOW,
-    resources: [
-      `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`,
-    ],
-  }),
-]);
+auth.attachPermissionsForAuthUsers([api]);
 
 new cdk.CfnOutput(this, "UserPoolId", {
   value: auth.cognitoUserPool.userPoolId,

_examples/how-to-add-facebook-authentication-to-a-serverless-api.md

@@ -57,7 +57,6 @@ Let's start by setting up an API.
 
 ``` js
 import * as cdk from "@aws-cdk/core";
-import * as iam from "@aws-cdk/aws-iam";
 import * as sst from "@serverless-stack/resources";
 
 export default class MyStack extends sst.Stack {
@@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack {
 
     // Create Api
     const api = new sst.Api(this, "Api", {
-      defaultAuthorizationType: "AWS_IAM",
+      defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
       routes: {
         "GET /private": "src/private.main",
         "GET /public": {
-          authorizationType: "NONE",
           function: "src/public.main",
+          authorizationType: sst.ApiAuthorizationType.NONE,
         },
       },
     });
@@ -100,23 +99,13 @@ Now let's add authentication for our serverless app.
 {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `appId` with that of your Facebook app.
 
 ``` js
-const { account, region } = sst.Stack.of(this);
-
 // Create auth provider
 const auth = new sst.Auth(this, "Auth", {
   facebook: { appId: "419718329085014" },
 });
 
 // Allow authenticated users invoke API
-auth.attachPermissionsForAuthUsers([
-  new iam.PolicyStatement({
-    actions: ["execute-api:Invoke"],
-    effect: iam.Effect.ALLOW,
-    resources: [
-      `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`,
-    ],
-  }),
-]);
+auth.attachPermissionsForAuthUsers([api]);
 
 new cdk.CfnOutput(this, "IdentityPoolId", {
   value: auth.cognitoCfnIdentityPool.ref,

_examples/how-to-add-google-authentication-to-a-serverless-api.md

@@ -57,7 +57,6 @@ Let's start by setting up an API.
 
 ``` js
 import * as cdk from "@aws-cdk/core";
-import * as iam from "@aws-cdk/aws-iam";
 import * as sst from "@serverless-stack/resources";
 
 export default class MyStack extends sst.Stack {
@@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack {
 
     // Create Api
     const api = new sst.Api(this, "Api", {
-      defaultAuthorizationType: "AWS_IAM",
+      defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
       routes: {
         "GET /private": "src/private.main",
         "GET /public": {
-          authorizationType: "NONE",
           function: "src/public.main",
+          authorizationType: sst.ApiAuthorizationType.NONE,
         },
       },
     });
@@ -100,8 +99,6 @@ Now let's add authentication for our serverless app.
 {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `clientId` with that of your Google API project.
 
 ``` js
-const { account, region } = sst.Stack.of(this);
-
 // Create auth provider
 const auth = new sst.Auth(this, "Auth", {
   google: {
@@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", {
 });
 
 // Allow authenticated users invoke API
-auth.attachPermissionsForAuthUsers([
-  new iam.PolicyStatement({
-    actions: ["execute-api:Invoke"],
-    effect: iam.Effect.ALLOW,
-    resources: [
-      `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`,
-    ],
-  }),
-]);
+auth.attachPermissionsForAuthUsers([api]);
 
 new cdk.CfnOutput(this, "IdentityPoolId", {
   value: auth.cognitoCfnIdentityPool.ref,

_examples/how-to-add-twitter-authentication-to-a-serverless-api.md

@@ -57,7 +57,6 @@ Let's start by setting up an API.
 
 ``` js
 import * as cdk from "@aws-cdk/core";
-import * as iam from "@aws-cdk/aws-iam";
 import * as sst from "@serverless-stack/resources";
 
 export default class MyStack extends sst.Stack {
@@ -66,12 +65,12 @@ export default class MyStack extends sst.Stack {
 
     // Create Api
     const api = new sst.Api(this, "Api", {
-      defaultAuthorizationType: "AWS_IAM",
+      defaultAuthorizationType: sst.ApiAuthorizationType.AWS_IAM,
       routes: {
         "GET /private": "src/private.main",
         "GET /public": {
-          authorizationType: "NONE",
           function: "src/public.main",
+          authorizationType: sst.ApiAuthorizationType.NONE,
         },
       },
     });
@@ -100,8 +99,6 @@ Now let's add authentication for our serverless app.
 {%change%} Add this below the `sst.Api` definition in `lib/MyStack.js`. Make sure to replace the `consumerKey` and `consumerSecret` with that of your Twitter app.
 
 ``` js
-const { account, region } = sst.Stack.of(this);
-
 // Create auth provider
 const auth = new sst.Auth(this, "Auth", {
   twitter: {
@@ -111,15 +108,7 @@ const auth = new sst.Auth(this, "Auth", {
 });
 
 // Allow authenticated users invoke API
-auth.attachPermissionsForAuthUsers([
-  new iam.PolicyStatement({
-    actions: ["execute-api:Invoke"],
-    effect: iam.Effect.ALLOW,
-    resources: [
-      `arn:aws:execute-api:${region}:${account}:${api.httpApi.httpApiId}/*`,
-    ],
-  }),
-]);
+auth.attachPermissionsForAuthUsers([api]);
 
 new cdk.CfnOutput(this, "IdentityPoolId", {
   value: auth.cognitoCfnIdentityPool.ref,

_includes/hero.html

@@ -254,40 +254,43 @@ <h4>Queue</h4>
             <span class="token lead">1</span> <span class="token italics">const</span> api <span class="token operator">=</span> <span class="token italics">new</span> <span class="token keyword">sst.Api</span>(<span class="token italics">this</span>, <span class="token string">"Api"</span>, {
           </div>
           <div class="token-line">
-            <span class="token lead">2</span>&nbsp;&nbsp;defaultAuthorizationType: <span class="token string">"AWS_IAM"</span>,
+            <span class="token lead">2</span>&nbsp;&nbsp;defaultAuthorizationType:
           </div>
           <div class="token-line">
-            <span class="token lead">3</span>&nbsp;&nbsp;routes: {
+            <span class="token lead">3</span>&nbsp;&nbsp;&nbsp;&nbsp;sst.ApiAuthorizationType.<span class="token option">AWS_IAM</span>,
           </div>
           <div class="token-line">
-            <span class="token lead">4</span>&nbsp;&nbsp;&nbsp;&nbsp;<span class="token string">"GET /private"</span>: <span class="token string">"src/private.main"</span>
+            <span class="token lead">4</span>&nbsp;&nbsp;routes: {
           </div>
           <div class="token-line">
-            <span class="token lead">5</span>&nbsp;&nbsp;}
+            <span class="token lead">5</span>&nbsp;&nbsp;&nbsp;&nbsp;<span class="token string">"GET /private"</span>: <span class="token string">"src/private.main"</span>
           </div>
           <div class="token-line">
-            <span class="token lead">6</span>});
+            <span class="token lead">6</span>&nbsp;&nbsp;}
           </div>
           <div class="token-line">
-            <span class="token lead">7</span>&nbsp;
+            <span class="token lead">7</span>});
           </div>
           <div class="token-line">
-            <span class="token lead">8</span> <span class="token italics">const</span> auth <span class="token operator">=</span> <span class="token italics">new</span> <span class="token keyword">sst.Auth</span>(<span class="token italics">this</span>, <span class="token string">"Auth"</span>, {
+            <span class="token lead">8</span>&nbsp;
           </div>
           <div class="token-line">
-            <span class="token lead">9</span>&nbsp;&nbsp;facebook: { appId: <span class="token string">"419718329085014"</span> }
+            <span class="token lead">9</span> <span class="token italics">const</span> auth <span class="token operator">=</span> <span class="token italics">new</span> <span class="token keyword">sst.Auth</span>(<span class="token italics">this</span>, <span class="token string">"Auth"</span>, {
           </div>
           <div class="token-line">
-            <span class="token lead">10</span>});
+            <span class="token lead">10</span>&nbsp;&nbsp;facebook: { appId: <span class="token string">"419718329085014"</span> }
           </div>
           <div class="token-line">
-            <span class="token lead">11</span>&nbsp;
+            <span class="token lead">11</span>});
+          </div>
+          <div class="token-line">
+            <span class="token lead">12</span>&nbsp;
           </div>
           <div class="token-line">
-            <span class="token lead">12</span><span class="token dim">// Allow auth users to access the API</span>
+            <span class="token lead">13</span><span class="token dim">// Allow auth users to access the API</span>
           </div>
           <div class="token-line">
-            <span class="token lead">13</span>auth.<span class="token keyword">attachPermissionsForAuthUsers</span>([<span class="token dim">/* api */</span>]);
+            <span class="token lead">14</span>auth.<span class="token keyword">attachPermissionsForAuthUsers</span>([api]);
           </div>
         </div>
         <div class="code-block cron-job" style="display: none">