Skip to content

yuta-cmth/blog-cognito-laravel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

bin

bin

 
 

cloud9_iam

cloud9_iam

 
 

codes/blog-cognito-laravel

codes/blog-cognito-laravel

 
 

lib

lib

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.npmignore

.npmignore

 
 

README.md

README.md

 
 

cdk.json

cdk.json

 
 

diagram.drawio.svg

diagram.drawio.svg

 
 

jest.config.js

jest.config.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

Sequence of authentication flow

Architecture

Setup IAM policies and Cloud9 to deploy the resources

See Calling AWS services from an environment in AWS Cloud9 for more information.

# Create a role
aws iam create-role --role-name blog-cognito-laravel-cloud9-instance-role --assume-role-policy-document file://cloud9_iam/trust-policy.json;

# Attach policies to the role
aws iam attach-role-policy --role-name blog-cognito-laravel-cloud9-instance-role --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile;
aws iam put-role-policy --role-name blog-cognito-laravel-cloud9-instance-role --policy-name blog-cognito-laravel-cloud9-instance-policy --policy-document file://cloud9_iam/inline-policy.json;
aws iam create-instance-profile --instance-profile-name blog-cognito-laravel-cloud9-instance-profile;
aws iam add-role-to-instance-profile --instance-profile-name blog-cognito-laravel-cloud9-instance-profile --role-name blog-cognito-laravel-cloud9-instance-role;

# Start Cloud9 environment and attach the role to the EC2 instance used by Cloud9
read -s c9_subnet_id; export c9_subnet_id;		# Use your own subnet id.
read -s c9_owner_arn; export c9_owner_arn;		# Use your own owner arn. You can run `aws sts get-caller-identity --query Arn --output text` on CloudShell if you use currently logged-in account.

aws cloud9 create-environment-ec2 \
	--name blog-cognito-laravel-cloud9-environment \
	--description "Cloud9 environment for blog-cognito-laravel" \
	--instance-type t3.small \
	--automatic-stop-time-minutes 60 \
	--image-id amazonlinux-2023-x86_64 \
	--connection-type CONNECT_SSM \
	--subnet-id $c9_subnet_id \
	--owner-arn $c9_owner_arn;

# Disassociate default instance profile and associate the instance profile created above to the Cloud9 instance.
c9_instance_id=$(aws ec2 describe-instances --filters Name=tag:Name,Values=*blog-cognito-laravel-cloud9-environment* Name=instance-state-name,Values=running --query "Reservations[*].Instances[*].InstanceId" --output text);
default_iipa_id=$(aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=$c9_instance_id" --query "IamInstanceProfileAssociations[0].AssociationId" --output text);
aws ec2 disassociate-iam-instance-profile --association-id $default_iipa_id;
aws ec2 associate-iam-instance-profile --iam-instance-profile Name=blog-cognito-laravel-cloud9-instance-profile --instance-id $c9_instance_id;

# Lastly, disable the temporary credentials for the Cloud9 environment in the IDE.

On Cloud9 IDE

git clone https://github.com/yuta-cmth/blog-cognito-laravel.git
cd blog-cognito-laravel/
npm i
cdk deploy --require-approval never

export AWS_COGNITO_USER_POOL_ID=$(aws cloudformation describe-stacks --stack-name BlogCognitoLaravelStack --output text --query 'Stacks[0].Outputs[?OutputKey==`CognitoUserPoolId`].OutputValue');

aws cognito-idp admin-create-user --user-pool-id $AWS_COGNITO_USER_POOL_ID --temporary-password password --username laravel-test --user-attributes Name=email,Value=<your email address>

On your computer

git clone https://github.com/yuta-cmth/blog-cognito-laravel.git
cd blog-cognito-laravel/codes/blog-cognito-laravel

export AWS_ACCOUNT_ID=<your account id>;
export AWS_REGION=<your region>;
export AWS_COGNITO_USER_POOL_ID=$(aws cloudformation describe-stacks --stack-name BlogCognitoLaravelStack --output text --query 'Stacks[0].Outputs[?OutputKey==`CognitoUserPoolId`].OutputValue');
export AWS_COGNITO_CLIENT_ID=$(aws cloudformation describe-stacks --stack-name BlogCognitoLaravelStack --output text --query 'Stacks[0].Outputs[?OutputKey==`CognitoClientId`].OutputValue');
export AWS_COGNITO_HOSTED_UI_DOMAIN=$(aws cloudformation describe-stacks --stack-name BlogCognitoLaravelStack --output text --query 'Stacks[0].Outputs[?OutputKey==`HostedUIDomain`].OutputValue');
export AWS_COGNITO_CLIENT_SECRET=$(aws cognito-idp describe-user-pool-client --user-pool-id $AWS_COGNITO_USER_POOL_ID --client-id $AWS_COGNITO_CLIENT_ID --output text --query "UserPoolClient.ClientSecret");

./vendor/bin/sail up -d;
./vendor/bin/sail artisan migrate;
./vendor/bin/sail artisan config:clear;
./vendor/bin/sail artisan config:cache;

Clean up

cdk destroy --force

# Delete Cloud9 environment and IAM role.
aws cloud9 delete-environment --environment-id <environment_id>
aws iam remove-role-from-instance-profile --instance-profile-name blog-cognito-laravel-cloud9-instance-profile --role-name blog-cognito-laravel-cloud9-instance-role;
aws iam delete-instance-profile --instance-profile-name blog-cognito-laravel-cloud9-instance-profile;
aws iam detach-role-policy --role-name blog-cognito-laravel-cloud9-instance-role --policy-arn arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile;
aws iam detach-role-policy --role-name blog-cognito-laravel-cloud9-instance-role --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess;
aws iam delete-role-policy --role-name blog-cognito-laravel-cloud9-instance-role --policy-name blog-cognito-laravel-cloud9-instance-policy;
aws iam delete-role --role-name blog-cognito-laravel-cloud9-instance-role;

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages