Namespace Amazon.CDK.AWS.ElasticLoadBalancingV2.Actions
Actions for AWS Elastic Load Balancing V2
---AWS CDK v1 has reached End-of-Support on 2023-06-01.
This package is no longer being updated, and users should migrate to AWS CDK v2.
For more information on how to migrate, see the Migrating to AWS CDK v2 guide.
This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2
library.
Cognito
ELB allows for requests to be authenticated against a Cognito user pool using
the AuthenticateCognitoAction
. For details on the setup's requirements,
read Prepare to use Amazon
Cognito.
Here's an example:
using Amazon.CDK.AWS.Cognito;
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.ElasticLoadBalancingV2;
using Amazon.CDK;
using Constructs;
using Amazon.CDK.AWS.ElasticLoadBalancingV2.Actions;
CognitoStack : Stack
{var lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps {
Vpc = vpc,
InternetFacing = true
});
var userPool = new UserPool(this, "UserPool");
var userPoolClient = new UserPoolClient(this, "Client", new UserPoolClientProps {
UserPool = userPool,
// Required minimal configuration for use with an ELB
GenerateSecret = true,
AuthFlows = new AuthFlow {
UserPassword = true
},
OAuth = new OAuthSettings {
Flows = new OAuthFlows {
AuthorizationCodeGrant = true
},
Scopes = new [] { OAuthScope.EMAIL },
CallbackUrls = new [] { $"https://{lb.loadBalancerDnsName}/oauth2/idpresponse" }
}
});
var cfnClient = (CfnUserPoolClient)userPoolClient.Node.DefaultChild;
cfnClient.AddPropertyOverride("RefreshTokenValidity", 1);
cfnClient.AddPropertyOverride("SupportedIdentityProviders", new [] { "COGNITO" });
var userPoolDomain = new UserPoolDomain(this, "Domain", new UserPoolDomainProps {
UserPool = userPool,
CognitoDomain = new CognitoDomainOptions {
DomainPrefix = "test-cdk-prefix"
}
});
lb.AddListener("Listener", new BaseApplicationListenerProps {
Port = 443,
Certificates = new [] { certificate },
DefaultAction = new AuthenticateCognitoAction(new AuthenticateCognitoActionProps {
UserPool = userPool,
UserPoolClient = userPoolClient,
UserPoolDomain = userPoolDomain,
Next = ListenerAction.FixedResponse(200, new FixedResponseOptions {
ContentType = "text/plain",
MessageBody = "Authenticated"
})
})
});
new CfnOutput(this, "DNS", new CfnOutputProps {
Value = lb.LoadBalancerDnsName
});
var app = new App();
new CognitoStack(app, "integ-cognito");
app.Synth();
NOTE: this example seems incomplete, I was not able to get the redirect back to the
Load Balancer after authentication working. Would love some pointers on what a full working
setup actually looks like!
Classes
AuthenticateCognitoAction | A Listener Action to authenticate with Cognito. |
AuthenticateCognitoActionProps | Properties for AuthenticateCognitoAction. |
Interfaces
IAuthenticateCognitoActionProps | Properties for AuthenticateCognitoAction. |