cloudcomponents.cdk-cloudfront-authorization


Namecloudcomponents.cdk-cloudfront-authorization JSON
Version 2.4.0 PyPI version JSON
download
home_pagehttps://github.com/cloudcomponents/cdk-constructs
SummaryCloudFront with Cognito authentication using Lambda@Edge
upload_time2024-05-16 19:33:39
maintainerNone
docs_urlNone
authorhupe1980
requires_python~=3.8
licenseMIT
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            [![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)

# @cloudcomponents/cdk-cloudfront-authorization

[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)
[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)
[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)
[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)
[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)

> CloudFront with Cognito authentication using Lambda@Edge

This construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.

## Install

TypeScript/JavaScript:

```bash
npm i @cloudcomponents/cdk-cloudfront-authorization
```

Python:

```bash
pip install cloudcomponents.cdk-cloudfront-authorization
```

## How to use SPA

```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';

export class CloudFrontAuthorizationStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);

    const userPool = new aws_cognito.UserPool(this, 'UserPool', {
      selfSignUpEnabled: false,
      userPoolName: 'cloudfront-authorization-userpool',
    });

    // UserPool must have a domain!
    userPool.addDomain('Domain', {
      cognitoDomain: {
        domainPrefix: 'cloudcomponents',
      },
    });

    const authorization = new SpaAuthorization(this, 'Authorization', {
      userPool,
    });

    new SpaDistribution(this, 'Distribution', {
      authorization,
    });
  }
}
```

## How to use StaticSite

```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';

export class CloudFrontAuthorizationStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);

    const userPool = new aws_cognito.UserPool(this, 'UserPool', {
      selfSignUpEnabled: false,
      userPoolName: 'cloudfront-authorization-userpool',
    });

    // UserPool must have a domain!
    userPool.addDomain('Domain', {
      cognitoDomain: {
        domainPrefix: 'cloudcomponents',
      },
    });

    const authorization = new StaticSiteAuthorization(this, 'Authorization', {
      userPool,
    });

    new StaticSiteDistribution(this, 'Distribution', {
      authorization,
    });
  }
}
```

## Identity Providers

Identity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using "addDependency".

```python
const identityProvider = UserPoolIdentityProviderAmazon(this, "IdentityProvider", {
  // ...
})
const authorization = new SpaAuthorization(this, 'Authorization_SPA', {
  // ...
  identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],
};
authorization.userPoolClient.node.addDependency(identityProvider);
```

## SPA mode vs. Static Site mode

### SPA

* User Pool client does not use a client secret
* The cookies with JWT's are not "http only", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)
* 404's (page not found on S3) will return index.html, to enable SPA-routing

### Static Site

* Enforce use of a client secret
* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)
* No special error handling

## API Reference

See [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).

## Example

See more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).

## License

[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/cloudcomponents/cdk-constructs",
    "name": "cloudcomponents.cdk-cloudfront-authorization",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "~=3.8",
    "maintainer_email": null,
    "keywords": null,
    "author": "hupe1980",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/8f/ff/7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938/cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
    "platform": null,
    "description": "[![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)\n\n# @cloudcomponents/cdk-cloudfront-authorization\n\n[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)\n[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)\n[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)\n[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)\n[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)\n\n> CloudFront with Cognito authentication using Lambda@Edge\n\nThis construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.\n\n## Install\n\nTypeScript/JavaScript:\n\n```bash\nnpm i @cloudcomponents/cdk-cloudfront-authorization\n```\n\nPython:\n\n```bash\npip install cloudcomponents.cdk-cloudfront-authorization\n```\n\n## How to use SPA\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n  constructor(scope: Construct, id: string, props: StackProps) {\n    super(scope, id, props);\n\n    const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n      selfSignUpEnabled: false,\n      userPoolName: 'cloudfront-authorization-userpool',\n    });\n\n    // UserPool must have a domain!\n    userPool.addDomain('Domain', {\n      cognitoDomain: {\n        domainPrefix: 'cloudcomponents',\n      },\n    });\n\n    const authorization = new SpaAuthorization(this, 'Authorization', {\n      userPool,\n    });\n\n    new SpaDistribution(this, 'Distribution', {\n      authorization,\n    });\n  }\n}\n```\n\n## How to use StaticSite\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n  constructor(scope: Construct, id: string, props: StackProps) {\n    super(scope, id, props);\n\n    const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n      selfSignUpEnabled: false,\n      userPoolName: 'cloudfront-authorization-userpool',\n    });\n\n    // UserPool must have a domain!\n    userPool.addDomain('Domain', {\n      cognitoDomain: {\n        domainPrefix: 'cloudcomponents',\n      },\n    });\n\n    const authorization = new StaticSiteAuthorization(this, 'Authorization', {\n      userPool,\n    });\n\n    new StaticSiteDistribution(this, 'Distribution', {\n      authorization,\n    });\n  }\n}\n```\n\n## Identity Providers\n\nIdentity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using \"addDependency\".\n\n```python\nconst identityProvider = UserPoolIdentityProviderAmazon(this, \"IdentityProvider\", {\n  // ...\n})\nconst authorization = new SpaAuthorization(this, 'Authorization_SPA', {\n  // ...\n  identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],\n};\nauthorization.userPoolClient.node.addDependency(identityProvider);\n```\n\n## SPA mode vs. Static Site mode\n\n### SPA\n\n* User Pool client does not use a client secret\n* The cookies with JWT's are not \"http only\", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)\n* 404's (page not found on S3) will return index.html, to enable SPA-routing\n\n### Static Site\n\n* Enforce use of a client secret\n* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)\n* No special error handling\n\n## API Reference\n\nSee [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).\n\n## Example\n\nSee more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).\n\n## License\n\n[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "CloudFront with Cognito authentication using Lambda@Edge",
    "version": "2.4.0",
    "project_urls": {
        "Homepage": "https://github.com/cloudcomponents/cdk-constructs",
        "Source": "https://github.com/cloudcomponents/cdk-constructs.git"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c38e24b3ace8db8117c26f80b61185c9f7ac0495a40a19b640eeb32661ffe4d4",
                "md5": "ad5b7f0460e7a23936ab6a3b58965bd8",
                "sha256": "0c5757447635018a5f39a3bc15722aa4011e7f524abcb30e13a2f3cabe1c6fec"
            },
            "downloads": -1,
            "filename": "cloudcomponents.cdk_cloudfront_authorization-2.4.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "ad5b7f0460e7a23936ab6a3b58965bd8",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "~=3.8",
            "size": 1171267,
            "upload_time": "2024-05-16T19:33:33",
            "upload_time_iso_8601": "2024-05-16T19:33:33.526646Z",
            "url": "https://files.pythonhosted.org/packages/c3/8e/24b3ace8db8117c26f80b61185c9f7ac0495a40a19b640eeb32661ffe4d4/cloudcomponents.cdk_cloudfront_authorization-2.4.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8fff7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938",
                "md5": "301fea7db2f1127cc80190166ff1a029",
                "sha256": "dcd500e0cc9fb591d2fd8702abd3d2c036dabcc98fec44c6461785f0aa9b570d"
            },
            "downloads": -1,
            "filename": "cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
            "has_sig": false,
            "md5_digest": "301fea7db2f1127cc80190166ff1a029",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "~=3.8",
            "size": 1171996,
            "upload_time": "2024-05-16T19:33:39",
            "upload_time_iso_8601": "2024-05-16T19:33:39.562215Z",
            "url": "https://files.pythonhosted.org/packages/8f/ff/7183ff4d1d491db89bcf7bafc6fe151aa771f3831032417268d807318938/cloudcomponents.cdk-cloudfront-authorization-2.4.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-05-16 19:33:39",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "cloudcomponents",
    "github_project": "cdk-constructs",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "cloudcomponents.cdk-cloudfront-authorization"
}
        
Elapsed time: 4.51095s