A boilerplate of SAM-based API service which have following features
- Users are managed by Cognito
- Users are grouped into two Cognito User Group(i.e. Admin and Member)
- Each user's API call is restricted according to his/her Cognito User Group(and IAM role attached to it)
- CORS enabled
- AWS CLI already configured with Administrator permission
- Docker installed
- Golang
- AWS-SAM-CLI
- Build
make build
- deploy
Add --capabilities CAPABILITY_NAMED_IAM flag to avoid an error of Requires capabilities : [CAPABILITY_NAMED_IAM].
In this SAM template, we create a new IAM role with a specified name and the action need an explicit confirmation with the flag.
sam deploy --capabilities CAPABILITY_NAMED_IAM
- do some manual configs of Cognito
-
Cognito User Pool
Go to the created Cognito User Pool's page in AWS Management console and- Create users
- Add them to a User Group
In the default setting of this
template.yml, the user management is bsically supposed to be done in AWS management console.
-
Cognito ID Pool
Go to the created Cognito ID Pool's page in AWS Management console and activateChoose role from tokenoption of the corresponding Cognito User Pool. I could not find this config in CFn docs.
To call the created API, you need to:
- Log in
- retrieve credentials(i.e.
accessKeyId,secretAccessKey,sessionToken). amazon-cognito-identity-js would be helpful. - make a AWS Signature Version 4 the credentials. aws4 would be helpful.
- add the signature to the header and send a request
Made with ❤️ by magamongo. Available on the AWS Serverless Application Repository
Apache License 2.0 (Apache-2.0)