This repository is to support the AWS Compute Blog - Securing Lambda function URLs using Cognito, CloudFront and WAF
This respository contains mainly AWS CDK Deployment code that creates AWS resources in your AWS account. The CDK code is in the /bin and /lib directories.
The /lib directory also contains three sub-projects that will be used for the CDK deployment, as outlined below: a. /lib/front-end-app contains the website files that we'll deploy onto AWS amplify. This will be the entry point to the demos outlined in the blog b. /lib/lambda-cognito-trigger contains the Lambda Function code that will be attached to the Cognito User Pool as a "pre sign-up trigger". This Function auto approves a user in Cognito User Pool when the user goes through the "sign up" flow in the front end website c. /lib/lambda contains the main Lambda Function code on which the Function URL will be enabled
To deploy this solution, you need the following pre-requisites on the client machine:
Execute the following commands to create the necessary AWS resources (S3 bucket, IAM role/s etc) that AWS CDK will use to provision AWS resources for the sample solution
$ cdk bootstrapNote: you may optionally pass --profile argument to this command if you have configured multiple AWS profiles for your AWS CLI.
For ex:
cdk bootstrap –profile myFirstProfileWhere myFirstProfile refers to a profile name under ~/.aws/config file.
Clone / Download this GitHub repository ( uncompress if you downloaded an archive )
Execute the following commands in Terminal ( Mac OS ) or PowerShell ( Windows ):
$ cd <full path of the directory where the GitHub repo was cloned to>
$ npm install
$ cd lib/lambda
$ npm installExecute the following command to create the S3 bucket and IAM roles that CDK will use to provision the AWS resources.
$ cdk bootstrapNotes:
you may optionally pass --profile argument to this command if you have configured multiple aws profiles for aws CLI For ex: cdk bootstrap --profile myFirstProfile where myFirstProfile refers to a profile name under ~/.aws/config file
If CDK has already been bootstrapped in your AWS account, you can skip this step
Execute the following command to start deployment AWS resources required for the solution
$ cdk deploy
Note:
• optionally pass in the --profile argument as / if needed
• The deployment can take up-to 15 minutesOnce the deployment completes, the output will look similar to this:
✨ Deployment time: 296.18s
Outputs:
FurlBlogStack.amplifyAppUrl = https://main.d2ve******.amplifyapp.com
FurlBlogStack.cognitoHostedUiUrl = https://lambda-furl-******-us-east-1.auth.us-east-1.amazoncognito.com/login?client_id=*******i&response_type=code&redirect_uri=https://main.d2ve******.amplifyapp.com
FurlBlogStack.lambdaFunctionUrl = https://******.lambda-url.us-east-1.on.aws/
Stack ARN:
arn:aws:cloudformation:us-east-1:******:stack/FurlBlogStack/xxxxx-dc58-11ec-xxxx-xxxxxxxx
✨ Total time: 297.81sOpen the first url from the output ( amplifyAppUrl ) in your browser. This is the url for the Web Page we’ll be using for the demo
Note: if you do not see “Welcome to ComputeBlog” page with a Sign In and Continue buttons – very likely the amplify app is in “build” stage and the website is being published. You can verify this by navigating to the Amplify app from aws console. Retry in about 5 minutes if your app is being built.
You may delete the resources provisioned by utilizing the starter kits. You can do this by running the following command.
$ cdk destroy
Note:
• optionally pass in the --profile argument as / if needed
• The deletion can take up-to 15 minutesSee CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.