-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS ALB support for built-in authentication #7773
Comments
@kamaz great thanks for proposal. It'll definitely be a worthwhile addition. One question. Will setting |
When it comes to Link to
And example condition: {
"Type": "authenticate-cognito",
"AuthenticateCognitoConfig": {
"UserPoolArn": "arn:aws:cognito-idp:eu-west-2:******:userpool/*****",
"UserPoolClientId": "******",
"UserPoolDomain": "******",
"SessionCookieName": "AWSELBAuthSessionCookie",
"Scope": "openid",
"SessionTimeout": 604800,
"AuthenticationRequestExtraParams": {},
"OnUnauthenticatedRequest": "authenticate"
},
"Order": 1
} |
I suggest that we introduce In case both ( We've introduced deprecations handling with #7422, first implemented example can be found here: #7759 What do you think? |
Yes, that sounds good. I should have something ready today for initial review. |
At the moment
ALB
event only support two optionsallow
anddeny
but there is no option to configure built-in authentication in ALBs.Use case description
Ability to utilise the
ALB
andcognito
feature to built-in authentication support for in ALBs.Proposed solution
Extend the existing logic:
serverless/lib/plugins/aws/package/compile/events/alb/lib/validate.js
Line 220 in 3fe2e98
To add a new field for backward compatibility e.g.
authenticationMode
to support the following options:allow
deny
authenticate
if both fields
authenticationMode
andallowUnauthenticated
are defined return an error.Reference Link
https://aws.amazon.com/blogs/aws/built-in-authentication-in-alb/
The text was updated successfully, but these errors were encountered: