[![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)
# @cloudcomponents/cdk-cloudfront-authorization
[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)
[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)
[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)
[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)
[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)
> CloudFront with Cognito authentication using Lambda@Edge
This construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.
## Install
TypeScript/JavaScript:
```bash
npm i @cloudcomponents/cdk-cloudfront-authorization
```
Python:
```bash
pip install cloudcomponents.cdk-cloudfront-authorization
```
## How to use SPA
```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class CloudFrontAuthorizationStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const userPool = new aws_cognito.UserPool(this, 'UserPool', {
selfSignUpEnabled: false,
userPoolName: 'cloudfront-authorization-userpool',
});
// UserPool must have a domain!
userPool.addDomain('Domain', {
cognitoDomain: {
domainPrefix: 'cloudcomponents',
},
});
const authorization = new SpaAuthorization(this, 'Authorization', {
userPool,
});
new SpaDistribution(this, 'Distribution', {
authorization,
});
}
}
```
## How to use StaticSite
```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class CloudFrontAuthorizationStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const userPool = new aws_cognito.UserPool(this, 'UserPool', {
selfSignUpEnabled: false,
userPoolName: 'cloudfront-authorization-userpool',
});
// UserPool must have a domain!
userPool.addDomain('Domain', {
cognitoDomain: {
domainPrefix: 'cloudcomponents',
},
});
const authorization = new StaticSiteAuthorization(this, 'Authorization', {
userPool,
});
new StaticSiteDistribution(this, 'Distribution', {
authorization,
});
}
}
```
## Identity Providers
Identity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using "addDependency".
```python
const identityProvider = UserPoolIdentityProviderAmazon(this, "IdentityProvider", {
// ...
})
const authorization = new SpaAuthorization(this, 'Authorization_SPA', {
// ...
identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],
};
authorization.userPoolClient.node.addDependency(identityProvider);
```
## SPA mode vs. Static Site mode
### SPA
* User Pool client does not use a client secret
* The cookies with JWT's are not "http only", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)
* 404's (page not found on S3) will return index.html, to enable SPA-routing
### Static Site
* Enforce use of a client secret
* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)
* No special error handling
## API Reference
See [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).
## Example
See more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).
## License
[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/cloudcomponents/cdk-constructs",
"name": "cloudcomponents.cdk-cloudfront-authorization",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "hupe1980",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/8f/ff/7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938/cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
"platform": null,
"description": "[![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)\n\n# @cloudcomponents/cdk-cloudfront-authorization\n\n[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)\n[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)\n[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)\n[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)\n[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)\n\n> CloudFront with Cognito authentication using Lambda@Edge\n\nThis construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.\n\n## Install\n\nTypeScript/JavaScript:\n\n```bash\nnpm i @cloudcomponents/cdk-cloudfront-authorization\n```\n\nPython:\n\n```bash\npip install cloudcomponents.cdk-cloudfront-authorization\n```\n\n## How to use SPA\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n constructor(scope: Construct, id: string, props: StackProps) {\n super(scope, id, props);\n\n const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n selfSignUpEnabled: false,\n userPoolName: 'cloudfront-authorization-userpool',\n });\n\n // UserPool must have a domain!\n userPool.addDomain('Domain', {\n cognitoDomain: {\n domainPrefix: 'cloudcomponents',\n },\n });\n\n const authorization = new SpaAuthorization(this, 'Authorization', {\n userPool,\n });\n\n new SpaDistribution(this, 'Distribution', {\n authorization,\n });\n }\n}\n```\n\n## How to use StaticSite\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n constructor(scope: Construct, id: string, props: StackProps) {\n super(scope, id, props);\n\n const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n selfSignUpEnabled: false,\n userPoolName: 'cloudfront-authorization-userpool',\n });\n\n // UserPool must have a domain!\n userPool.addDomain('Domain', {\n cognitoDomain: {\n domainPrefix: 'cloudcomponents',\n },\n });\n\n const authorization = new StaticSiteAuthorization(this, 'Authorization', {\n userPool,\n });\n\n new StaticSiteDistribution(this, 'Distribution', {\n authorization,\n });\n }\n}\n```\n\n## Identity Providers\n\nIdentity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using \"addDependency\".\n\n```python\nconst identityProvider = UserPoolIdentityProviderAmazon(this, \"IdentityProvider\", {\n // ...\n})\nconst authorization = new SpaAuthorization(this, 'Authorization_SPA', {\n // ...\n identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],\n};\nauthorization.userPoolClient.node.addDependency(identityProvider);\n```\n\n## SPA mode vs. Static Site mode\n\n### SPA\n\n* User Pool client does not use a client secret\n* The cookies with JWT's are not \"http only\", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)\n* 404's (page not found on S3) will return index.html, to enable SPA-routing\n\n### Static Site\n\n* Enforce use of a client secret\n* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)\n* No special error handling\n\n## API Reference\n\nSee [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).\n\n## Example\n\nSee more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).\n\n## License\n\n[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "CloudFront with Cognito authentication using Lambda@Edge",
"version": "2.4.0",
"project_urls": {
"Homepage": "https://github.com/cloudcomponents/cdk-constructs",
"Source": "https://github.com/cloudcomponents/cdk-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "c38e24b3ace8db8117c26f80b61185c9f7ac0495a40a19b640eeb32661ffe4d4",
"md5": "ad5b7f0460e7a23936ab6a3b58965bd8",
"sha256": "0c5757447635018a5f39a3bc15722aa4011e7f524abcb30e13a2f3cabe1c6fec"
},
"downloads": -1,
"filename": "cloudcomponents.cdk_cloudfront_authorization-2.4.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ad5b7f0460e7a23936ab6a3b58965bd8",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 1171267,
"upload_time": "2024-05-16T19:33:33",
"upload_time_iso_8601": "2024-05-16T19:33:33.526646Z",
"url": "https://files.pythonhosted.org/packages/c3/8e/24b3ace8db8117c26f80b61185c9f7ac0495a40a19b640eeb32661ffe4d4/cloudcomponents.cdk_cloudfront_authorization-2.4.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8fff7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938",
"md5": "301fea7db2f1127cc80190166ff1a029",
"sha256": "dcd500e0cc9fb591d2fd8702abd3d2c036dabcc98fec44c6461785f0aa9b570d"
},
"downloads": -1,
"filename": "cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
"has_sig": false,
"md5_digest": "301fea7db2f1127cc80190166ff1a029",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 1171996,
"upload_time": "2024-05-16T19:33:39",
"upload_time_iso_8601": "2024-05-16T19:33:39.562215Z",
"url": "https://files.pythonhosted.org/packages/8f/ff/7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938/cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-16 19:33:39",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cloudcomponents",
"github_project": "cdk-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cloudcomponents.cdk-cloudfront-authorization"
}