[![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)
# @cloudcomponents/cdk-cloudfront-authorization
[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)
[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)
[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)
[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)
[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)
> CloudFront with Cognito authentication using Lambda@Edge
This construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.
## Install
TypeScript/JavaScript:
```bash
npm i @cloudcomponents/cdk-cloudfront-authorization
```
Python:
```bash
pip install cloudcomponents.cdk-cloudfront-authorization
```
## How to use SPA
```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class CloudFrontAuthorizationStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const userPool = new aws_cognito.UserPool(this, 'UserPool', {
selfSignUpEnabled: false,
userPoolName: 'cloudfront-authorization-userpool',
});
// UserPool must have a domain!
userPool.addDomain('Domain', {
cognitoDomain: {
domainPrefix: 'cloudcomponents',
},
});
const authorization = new SpaAuthorization(this, 'Authorization', {
userPool,
});
new SpaDistribution(this, 'Distribution', {
authorization,
});
}
}
```
## How to use StaticSite
```python
import { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';
import { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';
import { Construct } from 'constructs';
export class CloudFrontAuthorizationStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const userPool = new aws_cognito.UserPool(this, 'UserPool', {
selfSignUpEnabled: false,
userPoolName: 'cloudfront-authorization-userpool',
});
// UserPool must have a domain!
userPool.addDomain('Domain', {
cognitoDomain: {
domainPrefix: 'cloudcomponents',
},
});
const authorization = new StaticSiteAuthorization(this, 'Authorization', {
userPool,
});
new StaticSiteDistribution(this, 'Distribution', {
authorization,
});
}
}
```
## Identity Providers
Identity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using "addDependency".
```python
const identityProvider = UserPoolIdentityProviderAmazon(this, "IdentityProvider", {
// ...
})
const authorization = new SpaAuthorization(this, 'Authorization_SPA', {
// ...
identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],
};
authorization.userPoolClient.node.addDependency(identityProvider);
```
## SPA mode vs. Static Site mode
### SPA
* User Pool client does not use a client secret
* The cookies with JWT's are not "http only", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)
* 404's (page not found on S3) will return index.html, to enable SPA-routing
### Static Site
* Enforce use of a client secret
* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)
* No special error handling
## API Reference
See [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).
## Example
See more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).
## License
[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)
Raw data
{
"_id": null,
"home_page": "https://github.com/cloudcomponents/cdk-constructs",
"name": "cloudcomponents.cdk-cloudfront-authorization",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "hupe1980",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/29/32/eff18e8c924e39e7c40229397c849a93a0553d512cf22df77a28f0592559/cloudcomponents.cdk-cloudfront-authorization-2.3.0.tar.gz",
"platform": null,
"description": "[![cloudcomponents Logo](https://raw.githubusercontent.com/cloudcomponents/cdk-constructs/master/logo.png)](https://github.com/cloudcomponents/cdk-constructs)\n\n# @cloudcomponents/cdk-cloudfront-authorization\n\n[![Build Status](https://github.com/cloudcomponents/cdk-constructs/workflows/Build/badge.svg)](https://github.com/cloudcomponents/cdk-constructs/actions?query=workflow=Build)\n[![cdkdx](https://img.shields.io/badge/buildtool-cdkdx-blue.svg)](https://github.com/hupe1980/cdkdx)\n[![typescript](https://img.shields.io/badge/jsii-typescript-blueviolet.svg)](https://www.npmjs.com/package/@cloudcomponents/cdk-cloudfront-authorization)\n[![python](https://img.shields.io/badge/jsii-python-blueviolet.svg)](https://pypi.org/project/cloudcomponents.cdk-cloudfront-authorization/)\n[![Mentioned in Awesome CDK](https://awesome.re/mentioned-badge.svg)](https://github.com/kolomied/awesome-cdk)\n\n> CloudFront with Cognito authentication using Lambda@Edge\n\nThis construct is based on https://github.com/aws-samples/cloudfront-authorization-at-edge.\n\n## Install\n\nTypeScript/JavaScript:\n\n```bash\nnpm i @cloudcomponents/cdk-cloudfront-authorization\n```\n\nPython:\n\n```bash\npip install cloudcomponents.cdk-cloudfront-authorization\n```\n\n## How to use SPA\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n constructor(scope: Construct, id: string, props: StackProps) {\n super(scope, id, props);\n\n const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n selfSignUpEnabled: false,\n userPoolName: 'cloudfront-authorization-userpool',\n });\n\n // UserPool must have a domain!\n userPool.addDomain('Domain', {\n cognitoDomain: {\n domainPrefix: 'cloudcomponents',\n },\n });\n\n const authorization = new SpaAuthorization(this, 'Authorization', {\n userPool,\n });\n\n new SpaDistribution(this, 'Distribution', {\n authorization,\n });\n }\n}\n```\n\n## How to use StaticSite\n\n```python\nimport { SpaAuthorization, SpaDistribution } from '@cloudcomponents/cdk-cloudfront-authorization';\nimport { Stack, StackProps, aws_cognito } from 'aws-cdk-lib';\nimport { Construct } from 'constructs';\n\nexport class CloudFrontAuthorizationStack extends Stack {\n constructor(scope: Construct, id: string, props: StackProps) {\n super(scope, id, props);\n\n const userPool = new aws_cognito.UserPool(this, 'UserPool', {\n selfSignUpEnabled: false,\n userPoolName: 'cloudfront-authorization-userpool',\n });\n\n // UserPool must have a domain!\n userPool.addDomain('Domain', {\n cognitoDomain: {\n domainPrefix: 'cloudcomponents',\n },\n });\n\n const authorization = new StaticSiteAuthorization(this, 'Authorization', {\n userPool,\n });\n\n new StaticSiteDistribution(this, 'Distribution', {\n authorization,\n });\n }\n}\n```\n\n## Identity Providers\n\nIdentity providers can be specified in the authorization object. To make sure that the user pool client is created after the identity provider, please specify a dependency using \"addDependency\".\n\n```python\nconst identityProvider = UserPoolIdentityProviderAmazon(this, \"IdentityProvider\", {\n // ...\n})\nconst authorization = new SpaAuthorization(this, 'Authorization_SPA', {\n // ...\n identityProviders: [cognito.UserPoolClientIdentityProvider.AMAZON],\n};\nauthorization.userPoolClient.node.addDependency(identityProvider);\n```\n\n## SPA mode vs. Static Site mode\n\n### SPA\n\n* User Pool client does not use a client secret\n* The cookies with JWT's are not \"http only\", so that they can be read and used by the SPA (e.g. to display the user name, or to refresh tokens)\n* 404's (page not found on S3) will return index.html, to enable SPA-routing\n\n### Static Site\n\n* Enforce use of a client secret\n* Set cookies to be http only by default (unless you've provided other cookie settings explicitly)\n* No special error handling\n\n## API Reference\n\nSee [API.md](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/API.md).\n\n## Example\n\nSee more complete [examples](https://github.com/cloudcomponents/cdk-constructs/tree/master/examples).\n\n## License\n\n[MIT](https://github.com/cloudcomponents/cdk-constructs/tree/master/packages/cdk-cloudfront-authorization/LICENSE)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "CloudFront with Cognito authentication using Lambda@Edge",
"version": "2.3.0",
"project_urls": {
"Homepage": "https://github.com/cloudcomponents/cdk-constructs",
"Source": "https://github.com/cloudcomponents/cdk-constructs.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d966f9c5d3b0dc353fe985b9fb3e1b1d4988237e2b3099448614c0cfac2486fb",
"md5": "015c4d4ecda791ddd4c52cf219db3332",
"sha256": "0285fd6eb58f817f0abc260e957211a49ddd1b4e8418b789cfec759ffca07d79"
},
"downloads": -1,
"filename": "cloudcomponents.cdk_cloudfront_authorization-2.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "015c4d4ecda791ddd4c52cf219db3332",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 2364952,
"upload_time": "2024-04-17T18:36:32",
"upload_time_iso_8601": "2024-04-17T18:36:32.638663Z",
"url": "https://files.pythonhosted.org/packages/d9/66/f9c5d3b0dc353fe985b9fb3e1b1d4988237e2b3099448614c0cfac2486fb/cloudcomponents.cdk_cloudfront_authorization-2.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2932eff18e8c924e39e7c40229397c849a93a0553d512cf22df77a28f0592559",
"md5": "f69603793269de755310166b7b668ac1",
"sha256": "7d1145eb45afc98d40f2fcdf5b12664f639146f4cc33f5a3eb5ab0e0527265bf"
},
"downloads": -1,
"filename": "cloudcomponents.cdk-cloudfront-authorization-2.3.0.tar.gz",
"has_sig": false,
"md5_digest": "f69603793269de755310166b7b668ac1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 2365468,
"upload_time": "2024-04-17T18:36:40",
"upload_time_iso_8601": "2024-04-17T18:36:40.443120Z",
"url": "https://files.pythonhosted.org/packages/29/32/eff18e8c924e39e7c40229397c849a93a0553d512cf22df77a28f0592559/cloudcomponents.cdk-cloudfront-authorization-2.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-17 18:36:40",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cloudcomponents",
"github_project": "cdk-constructs",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cloudcomponents.cdk-cloudfront-authorization"
}