Cognito User Pool SSM Parameter Update

[anilnatha]

While inspecting the marketplace instance Galen created for the UI team and the SSM params available I found the following SSM parameter in our Unity-Venue-Dev account that contained the information I needed:

/unity/project-api-gateway/cs-lambda-authorizer-cognito-user-pool-id

However the naming of this field didn't seem to be appropriate and I was worried that I was targeting the wrong parameter even though it contained the correct value I was expecting. I corroborated the issue with @ramesh-maddegoda and he confirmed that the name of this field could be generalized.

And while going through some terraform files that Ramesh pointed me to, I noticed that in this file on this line it seems that we may have a generalized SSM param for our cognito user pool that I could target, but I didn't see this field in my marketplace instance for me to reference and verify if contained the value I was expecting.

I don't know what the fix is here, so wanted to report this to get guidance on what I should be using so I can take corrective action on my end if something needs to be updated on the CS side of things.

[galenatjpl]

Hi @ramesh-maddegoda and @anilnatha . I do agree that it seems the /unity/cs/security/shared-services-cognito-user-pool/user-pool-id parameter you pointed out in the other file, looks to be of the correct form. However, I don't know if this is getting created by the Marketplace deployment of:

@ramesh-maddegoda , if that API gateway item is deployed through the management console, will that set the above-mentioned SSM param?

[ramesh-maddegoda]

@galenatjpl , if the management console has executed the Terraform code in https://github.com/unity-sds/unity-cs-infra/blob/main/terraform-shared-services-cognito_module/main.tf , then there should be a SSM parameter as follows.

/unity/cs/security/shared-services-cognito-user-pool/user-pool-id

But I think we created the Cognito pool long time before the Management Console.

Anyway, I can see there is an SSM parameter availble in Unity Dev as /unity/shared-services-api-gateway/cs-lambda-authorizer-cognito-user-pool-id

[anilnatha]

@ramesh-maddegoda I didn't see that SSM param deployed to the Unity-Venue-Dev account:

[ramesh-maddegoda]

@anilnatha and @galenatjpl , that's correct. The Cognito Terraform script only adds that SSM parameter to the shared services account. We have to add the SSM parameter in Unity-Venue-Dev accounts using Management Console.

[ramesh-maddegoda]

@anilnatha and @galenatjpl , I created the following SSM parameter in the Unity-Venue-Dev.

/unity/cs/security/shared-services-cognito-user-pool/user-pool-id

[anilnatha]

Thank you for adding the param @ramesh-maddegoda .

It feels to me like this param should have been installed as part of the default management console installation, no? Is Cognito not installed automatically when the Management Console is stood up?

[galenatjpl]

@anilnatha & @ramesh-maddegoda , Yes, this should be installed as part of the default management Console installation. I think we need to actually test this on Unity-venue-dev, as I believe simply standing up the MC doesn't run this. You need to explicitly run the API Gateway marketplace deployment, right? @ramesh-maddegoda thanks for manually creating this SSM param for @anilnatha , but I think we need to blow it away, then run the MC API Gateway deploy, to see if it gets re-added. I will slack you separately about this.

[ramesh-maddegoda]

@galenatjpl , this SSM parameter is not only used by the API gateway. It will be used by all apps that are using Cognito. So, it should be one of the first SSM paraeters to be deployed after a venue is created.

[galenatjpl]

@ramesh-maddegoda , agreed.
Will this procedure :

https://unity-sds.gitbook.io/docs/developer-docs/common-services/docs/users-guide/deployment/deployment-concepts-and-infrastructure/detailed-breakdown-of-project-onboarding-steps

result in a new venue having the SSM parameter fully setup? Or does that procedure need to explicitly say "run the API Gateway Deployment" in order for this to happen?

[ramesh-maddegoda]

Thank you for adding the param @ramesh-maddegoda .

It feels to me like this param should have been installed as part of the default management console installation, no? Is Cognito not installed automatically when the Management Console is stood up?

Note: This Cognito is not installed in venue account. Venue account is referring to the Cognito on shared service account. All users are shared.

[galenatjpl]

@ramesh-maddegoda , please see my question above about the procedure to setup this param.