nmelone/hpiot-react
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial add

Browse Source
This commit is contained in:
Nico Melone
2020-04-13 16:01:17 -05:00
parent d3b141c076
commit ec969eed77
21 changed files with 1359 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
amplify/#current-cloud-backend/amplify-meta.json Normal file
View File

@@ -0,0 +1,56 @@
{
"providers": {
"awscloudformation": {
"AuthRoleName": "amplify-hpiot-react-hpiot-162610-authRole",
"UnauthRoleArn": "arn:aws:iam::860246592755:role/amplify-hpiot-react-hpiot-162610-unauthRole",
"AuthRoleArn": "arn:aws:iam::860246592755:role/amplify-hpiot-react-hpiot-162610-authRole",
"Region": "us-east-1",
"DeploymentBucketName": "amplify-hpiot-react-hpiot-162610-deployment",
"UnauthRoleName": "amplify-hpiot-react-hpiot-162610-unauthRole",
"StackName": "amplify-hpiot-react-hpiot-162610",
"StackId": "arn:aws:cloudformation:us-east-1:860246592755:stack/amplify-hpiot-react-hpiot-162610/1913c1f0-64a8-11ea-baa2-0ee5b74c6229",
"AmplifyAppId": "d3hyexpjn33q6q"
}
},
"hosting": {
"S3AndCloudFront": {
"service": "S3AndCloudFront",
"providerPlugin": "awscloudformation",
"providerMetadata": {
"s3TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/hosting/template.json",
"logicalId": "hostingS3AndCloudFront"
},
"lastPushTimeStamp": "2020-03-12T21:33:05.218Z",
"output": {
"S3BucketSecureURL": "https://hpiot-react-hpiot.s3.amazonaws.com",
"WebsiteURL": "http://hpiot-react-hpiot.s3-website-us-east-1.amazonaws.com",
"Region": "us-east-1",
"HostingBucketName": "hpiot-react-hpiot"
},
"lastPushDirHash": "NulnbGKP8lFEe2FacQkja5CAJcc="
}
},
"auth": {
"hpiotreact8c9024fb": {
"service": "Cognito",
"providerPlugin": "awscloudformation",
"dependsOn": [],
"customAuth": false,
"providerMetadata": {
"s3TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/auth/hpiotreact8c9024fb-cloudformation-template.yml",
"logicalId": "authhpiotreact8c9024fb"
},
"lastPushTimeStamp": "2020-03-12T21:33:05.218Z",
"output": {
"AppClientSecret": "msldgo1telohjsm20p8nn58f15iensrjup7cb1712tirkcrooou",
"UserPoolId": "us-east-1_L6XsGIASX",
"AppClientIDWeb": "63ieddff77nfc3i151m8l8k3ip",
"AppClientID": "3b1gubo57cng5p2avotsgr75ji",
"IdentityPoolId": "us-east-1:20972146-c6fe-4ada-a723-d1debcc7d074",
"IdentityPoolName": "hpiotreact8c9024fb_identitypool_8c9024fb__hpiot",
"UserPoolName": "hpiotreact8c9024fb_userpool_8c9024fb"
},
"lastPushDirHash": "UsD33D5D2jMU3hAfHMEhFJOINGM="
}
}
}

369
amplify/#current-cloud-backend/auth/hpiotreact8c9024fb/hpiotreact8c9024fb-cloudformation-template.yml Normal file
View File

@@ -0,0 +1,369 @@
AWSTemplateFormatVersion: 2010-09-09
Parameters:
env:
Type: String
authRoleArn:
Type: String
unauthRoleArn:
Type: String
identityPoolName:
Type: String
allowUnauthenticatedIdentities:
Type: String
resourceNameTruncated:
Type: String
userPoolName:
Type: String
autoVerifiedAttributes:
Type: CommaDelimitedList
mfaConfiguration:
Type: String
mfaTypes:
Type: CommaDelimitedList
smsAuthenticationMessage:
Type: String
smsVerificationMessage:
Type: String
emailVerificationSubject:
Type: String
emailVerificationMessage:
Type: String
defaultPasswordPolicy:
Type: String
passwordPolicyMinLength:
Type: Number
passwordPolicyCharacters:
Type: CommaDelimitedList
requiredAttributes:
Type: CommaDelimitedList
userpoolClientGenerateSecret:
Type: String
userpoolClientRefreshTokenValidity:
Type: Number
userpoolClientWriteAttributes:
Type: CommaDelimitedList
userpoolClientReadAttributes:
Type: CommaDelimitedList
userpoolClientLambdaRole:
Type: String
userpoolClientSetAttributes:
Type: String
resourceName:
Type: String
authSelections:
Type: String
useDefault:
Type: String
usernameAttributes:
Type: CommaDelimitedList
userPoolGroupList:
Type: CommaDelimitedList
dependsOn:
Type: CommaDelimitedList
Conditions:
ShouldNotCreateEnvResources: !Equals [ !Ref env, NONE ]
Resources:
# BEGIN SNS ROLE RESOURCE
SNSRole:
# Created to allow the UserPool SMS Config to publish via the Simple Notification Service during MFA Process
Type: AWS::IAM::Role
Properties:
RoleName: !If [ShouldNotCreateEnvResources, 'hpiotr8c9024fb_sns-role', !Join ['',[ 'sns', !Select [3, !Split ['-', !Ref 'AWS::StackName']], '-', !Ref env]]]
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: ""
Effect: "Allow"
Principal:
Service: "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Condition:
StringEquals:
sts:ExternalId: hpiotr8c9024fb_role_external_id
Policies:
-
PolicyName: hpiotr8c9024fb-sns-policy
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sns:Publish"
Resource: "*"
# BEGIN USER POOL RESOURCES
UserPool:
# Created upon user selection
# Depends on SNS Role for Arn if MFA is enabled
Type: AWS::Cognito::UserPool
UpdateReplacePolicy: Retain
Properties:
UserPoolName: !If [ShouldNotCreateEnvResources, !Ref userPoolName, !Join ['',[!Ref userPoolName, '-', !Ref env]]]
Schema:
-
Name: email
Required: true
Mutable: true
AutoVerifiedAttributes: !Ref autoVerifiedAttributes
EmailVerificationMessage: !Ref emailVerificationMessage
EmailVerificationSubject: !Ref emailVerificationSubject
Policies:
PasswordPolicy:
MinimumLength: !Ref passwordPolicyMinLength
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
UsernameAttributes: !Ref usernameAttributes
MfaConfiguration: !Ref mfaConfiguration
SmsVerificationMessage: !Ref smsVerificationMessage
SmsConfiguration:
SnsCallerArn: !GetAtt SNSRole.Arn
ExternalId: hpiotr8c9024fb_role_external_id
UserPoolClientWeb:
# Created provide application access to user pool
# Depends on UserPool for ID reference
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: hpiotr8c9024fb_app_clientWeb
RefreshTokenValidity: !Ref userpoolClientRefreshTokenValidity
UserPoolId: !Ref UserPool
DependsOn: UserPool
UserPoolClient:
# Created provide application access to user pool
# Depends on UserPool for ID reference
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: hpiotr8c9024fb_app_client
GenerateSecret: !Ref userpoolClientGenerateSecret
RefreshTokenValidity: !Ref userpoolClientRefreshTokenValidity
UserPoolId: !Ref UserPool
DependsOn: UserPool
# BEGIN USER POOL LAMBDA RESOURCES
UserPoolClientRole:
# Created to execute Lambda which gets userpool app client config values
Type: 'AWS::IAM::Role'
Properties:
RoleName: !If [ShouldNotCreateEnvResources, !Ref userpoolClientLambdaRole, !Join ['',['upClientLambdaRole', !Select [3, !Split ['-', !Ref 'AWS::StackName']], '-', !Ref env]]]
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
DependsOn: UserPoolClient
UserPoolClientLambda:
# Lambda which gets userpool app client config values
# Depends on UserPool for id
# Depends on UserPoolClientRole for role ARN
Type: 'AWS::Lambda::Function'
Properties:
Code:
ZipFile: !Join
- |+
- - 'const response = require(''cfn-response'');'
- 'const aws = require(''aws-sdk'');'
- 'const identity = new aws.CognitoIdentityServiceProvider();'
- 'exports.handler = (event, context, callback) => {'
- ' if (event.RequestType == ''Delete'') { '
- ' response.send(event, context, response.SUCCESS, {})'
- ' }'
- ' if (event.RequestType == ''Update'' || event.RequestType == ''Create'') {'
- ' const params = {'
- ' ClientId: event.ResourceProperties.clientId,'
- ' UserPoolId: event.ResourceProperties.userpoolId'
- ' };'
- ' identity.describeUserPoolClient(params).promise()'
- ' .then((res) => {'
- ' response.send(event, context, response.SUCCESS, {''appSecret'': res.UserPoolClient.ClientSecret});'
- ' })'
- ' .catch((err) => {'
- ' response.send(event, context, response.FAILED, {err});'
- ' });'
- ' }'
- '};'
Handler: index.handler
Runtime: nodejs10.x
Timeout: '300'
Role: !GetAtt
- UserPoolClientRole
- Arn
DependsOn: UserPoolClientRole
UserPoolClientLambdaPolicy:
# Sets userpool policy for the role that executes the Userpool Client Lambda
# Depends on UserPool for Arn
# Marked as depending on UserPoolClientRole for easier to understand CFN sequencing
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: hpiotr8c9024fb_userpoolclient_lambda_iam_policy
Roles:
- !Ref UserPoolClientRole
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'cognito-idp:DescribeUserPoolClient'
Resource: !GetAtt UserPool.Arn
DependsOn: UserPoolClientLambda
UserPoolClientLogPolicy:
# Sets log policy for the role that executes the Userpool Client Lambda
# Depends on UserPool for Arn
# Marked as depending on UserPoolClientLambdaPolicy for easier to understand CFN sequencing
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: hpiotr8c9024fb_userpoolclient_lambda_log_policy
Roles:
- !Ref UserPoolClientRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: !Sub
- arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*
- { region: !Ref "AWS::Region", account: !Ref "AWS::AccountId", lambda: !Ref UserPoolClientLambda}
DependsOn: UserPoolClientLambdaPolicy
UserPoolClientInputs:
# Values passed to Userpool client Lambda
# Depends on UserPool for Id
# Depends on UserPoolClient for Id
# Marked as depending on UserPoolClientLambdaPolicy for easier to understand CFN sequencing
Type: 'Custom::LambdaCallout'
Properties:
ServiceToken: !GetAtt UserPoolClientLambda.Arn
clientId: !Ref UserPoolClient
userpoolId: !Ref UserPool
DependsOn: UserPoolClientLogPolicy
# BEGIN IDENTITY POOL RESOURCES
IdentityPool:
# Always created
Type: AWS::Cognito::IdentityPool
Properties:
IdentityPoolName: !If [ShouldNotCreateEnvResources, 'hpiotreact8c9024fb_identitypool_8c9024fb', !Join ['',['hpiotreact8c9024fb_identitypool_8c9024fb', '__', !Ref env]]]
CognitoIdentityProviders:
- ClientId: !Ref UserPoolClient
ProviderName: !Sub
- cognito-idp.${region}.amazonaws.com/${client}
- { region: !Ref "AWS::Region", client: !Ref UserPool}
- ClientId: !Ref UserPoolClientWeb
ProviderName: !Sub
- cognito-idp.${region}.amazonaws.com/${client}
- { region: !Ref "AWS::Region", client: !Ref UserPool}
AllowUnauthenticatedIdentities: !Ref allowUnauthenticatedIdentities
DependsOn: UserPoolClientInputs
IdentityPoolRoleMap:
# Created to map Auth and Unauth roles to the identity pool
# Depends on Identity Pool for ID ref
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId: !Ref IdentityPool
Roles:
unauthenticated: !Ref unauthRoleArn
authenticated: !Ref authRoleArn
DependsOn: IdentityPool
Outputs :
IdentityPoolId:
Value: !Ref 'IdentityPool'
Description: Id for the identity pool
IdentityPoolName:
Value: !GetAtt IdentityPool.Name
UserPoolId:
Value: !Ref 'UserPool'
Description: Id for the user pool
UserPoolName:
Value: !Ref userPoolName
AppClientIDWeb:
Value: !Ref 'UserPoolClientWeb'
Description: The user pool app client id for web
AppClientID:
Value: !Ref 'UserPoolClient'
Description: The user pool app client id
AppClientSecret:
Value: !GetAtt UserPoolClientInputs.appSecret

53
amplify/#current-cloud-backend/auth/hpiotreact8c9024fb/parameters.json Normal file
View File

@@ -0,0 +1,53 @@
{
"identityPoolName": "hpiotreact8c9024fb_identitypool_8c9024fb",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "hpiotr8c9024fb",
"userPoolName": "hpiotreact8c9024fb_userpool_8c9024fb",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email"
],
"userpoolClientGenerateSecret": true,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "hpiotr8c9024fb_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"resourceName": "hpiotreact8c9024fb",
"authSelections": "identityPoolAndUserPool",
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"useDefault": "default",
"usernameAttributes": [
"email"
],
"userPoolGroupList": [],
"dependsOn": []
}

16
amplify/#current-cloud-backend/backend-config.json Normal file
View File

@@ -0,0 +1,16 @@
{
"hosting": {
"S3AndCloudFront": {
"service": "S3AndCloudFront",
"providerPlugin": "awscloudformation"
}
},
"auth": {
"hpiotreact8c9024fb": {
"service": "Cognito",
"providerPlugin": "awscloudformation",
"dependsOn": [],
"customAuth": false
}
}
}

3
amplify/#current-cloud-backend/hosting/S3AndCloudFront/parameters.json Normal file
View File

@@ -0,0 +1,3 @@
{
"bucketName": "hpiot-react"
}

113
amplify/#current-cloud-backend/hosting/S3AndCloudFront/template.json Normal file
View File

@@ -0,0 +1,113 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Hosting resource stack creation using Amplify CLI",
"Parameters": {
"env": {
"Type": "String"
},
"bucketName": {
"Type": "String"
}
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
}
},
"Resources": {
"S3Bucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"BucketName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
{
"Ref": "bucketName"
},
{
"Fn::Join": [
"",
[
{
"Ref": "bucketName"
},
"-",
{
"Ref": "env"
}
]
]
}
]
},
"AccessControl": "Private",
"WebsiteConfiguration": {
"IndexDocument": "index.html",
"ErrorDocument": "index.html"
},
"CorsConfiguration": {
"CorsRules": [
{
"AllowedHeaders": [
"Authorization",
"Content-Length"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"MaxAge": 3000
}
]
}
}
}
},
"Outputs": {
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"HostingBucketName": {
"Description": "Hosting bucket name",
"Value": {
"Ref": "S3Bucket"
}
},
"WebsiteURL": {
"Value": {
"Fn::GetAtt": [
"S3Bucket",
"WebsiteURL"
]
},
"Description": "URL for website hosted on S3"
},
"S3BucketSecureURL": {
"Value": {
"Fn::Join": [
"",
[
"https://",
{
"Fn::GetAtt": [
"S3Bucket",
"DomainName"
]
}
]
]
},
"Description": "Name of S3 bucket to hold website content"
}
}
}

7
amplify/.config/local-aws-info.json Normal file
View File

@@ -0,0 +1,7 @@
{
"hpiot": {
"configLevel": "project",
"useProfile": true,
"profileName": "default"
}
}

5
amplify/.config/local-env-info.json Normal file
View File

@@ -0,0 +1,5 @@
{
"projectPath": "/mnt/c/Users/Nico Melone/Documents/React Website/hpiot-react",
"defaultEditor": "vscode",
"envName": "hpiot"
}

56
amplify/backend/amplify-meta.json Normal file
View File

@@ -0,0 +1,56 @@
{
"providers": {
"awscloudformation": {
"AuthRoleName": "amplify-hpiot-react-hpiot-162610-authRole",
"UnauthRoleArn": "arn:aws:iam::860246592755:role/amplify-hpiot-react-hpiot-162610-unauthRole",
"AuthRoleArn": "arn:aws:iam::860246592755:role/amplify-hpiot-react-hpiot-162610-authRole",
"Region": "us-east-1",
"DeploymentBucketName": "amplify-hpiot-react-hpiot-162610-deployment",
"UnauthRoleName": "amplify-hpiot-react-hpiot-162610-unauthRole",
"StackName": "amplify-hpiot-react-hpiot-162610",
"StackId": "arn:aws:cloudformation:us-east-1:860246592755:stack/amplify-hpiot-react-hpiot-162610/1913c1f0-64a8-11ea-baa2-0ee5b74c6229",
"AmplifyAppId": "d3hyexpjn33q6q"
}
},
"hosting": {
"S3AndCloudFront": {
"service": "S3AndCloudFront",
"providerPlugin": "awscloudformation",
"providerMetadata": {
"s3TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/hosting/template.json",
"logicalId": "hostingS3AndCloudFront"
},
"lastPushTimeStamp": "2020-03-24T17:59:51.368Z",
"output": {
"S3BucketSecureURL": "https://hpiot-react-hpiot.s3.amazonaws.com",
"WebsiteURL": "http://hpiot-react-hpiot.s3-website-us-east-1.amazonaws.com",
"Region": "us-east-1",
"HostingBucketName": "hpiot-react-hpiot"
},
"lastPushDirHash": "NulnbGKP8lFEe2FacQkja5CAJcc="
}
},
"auth": {
"hpiotreact8c9024fb": {
"service": "Cognito",
"providerPlugin": "awscloudformation",
"dependsOn": [],
"customAuth": false,
"providerMetadata": {
"s3TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/auth/hpiotreact8c9024fb-cloudformation-template.yml",
"logicalId": "authhpiotreact8c9024fb"
},
"lastPushTimeStamp": "2020-03-24T17:59:51.373Z",
"output": {
"AppClientSecret": "msldgo1telohjsm20p8nn58f15iensrjup7cb1712tirkcrooou",
"UserPoolId": "us-east-1_L6XsGIASX",
"AppClientIDWeb": "63ieddff77nfc3i151m8l8k3ip",
"AppClientID": "3b1gubo57cng5p2avotsgr75ji",
"IdentityPoolId": "us-east-1:20972146-c6fe-4ada-a723-d1debcc7d074",
"IdentityPoolName": "hpiotreact8c9024fb_identitypool_8c9024fb__hpiot",
"UserPoolName": "hpiotreact8c9024fb_userpool_8c9024fb"
},
"lastPushDirHash": "UsD33D5D2jMU3hAfHMEhFJOINGM="
}
}
}

371
amplify/backend/awscloudformation/nested-cloudformation-stack.yml Normal file
View File

@@ -0,0 +1,371 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Root stack for the Amplify AWS CloudFormation provider",
"Parameters": {
"DeploymentBucketName": {
"Description": "Name of the common deployment bucket provided by the parent stack",
"Type": "String",
"Default": "DeploymentBucket"
},
"AuthRoleName": {
"Type": "String",
"Default": "AuthRoleName"
},
"UnauthRoleName": {
"Type": "String",
"Default": "UnauthRoleName"
}
},
"Resources": {
"DeploymentBucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"BucketName": {
"Ref": "DeploymentBucketName"
}
}
},
"AuthRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Ref": "AuthRoleName"
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Deny",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity"
}
]
}
}
},
"UnauthRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Ref": "UnauthRoleName"
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Deny",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity"
}
]
}
}
},
"hostingS3AndCloudFront": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/hosting/template.json",
"Parameters": {
"bucketName": "hpiot-react",
"env": "hpiot"
}
}
},
"authhpiotreact8c9024fb": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"TemplateURL": "https://s3.amazonaws.com/amplify-hpiot-react-hpiot-162610-deployment/amplify-cfn-templates/auth/hpiotreact8c9024fb-cloudformation-template.yml",
"Parameters": {
"identityPoolName": "hpiotwebapp78e5977f_identitypool_78e5977f",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "hpiotw78e5977f",
"userPoolName": "hpiotwebapp78e5977f_userpool_78e5977f",
"autoVerifiedAttributes": "email",
"mfaConfiguration": "OFF",
"mfaTypes": "SMS Text Message",
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": "",
"requiredAttributes": "email",
"userpoolClientGenerateSecret": true,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": "email",
"userpoolClientReadAttributes": "email",
"userpoolClientLambdaRole": "hpiotw78e5977f_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"resourceName": "hpiotwebapp78e5977f",
"authSelections": "identityPoolAndUserPool",
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"useDefault": "default",
"usernameAttributes": "email, phone_number",
"dependsOn": "",
"env": "hpiot"
}
}
},
"UpdateRolesWithIDPFunction": {
"DependsOn": [
"AuthRole",
"UnauthRole",
"authhpiotreact8c9024fb"
],
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": {
"Fn::Join": [
"\n",
[
"const response = require('cfn-response');",
"const aws = require('aws-sdk');",
"let responseData = {};",
"exports.handler = function(event, context) {",
" try {",
" let authRoleName = event.ResourceProperties.authRoleName;",
" let unauthRoleName = event.ResourceProperties.unauthRoleName;",
" let idpId = event.ResourceProperties.idpId;",
" let promises = [];",
" let authParamsJson = { 'Version': '2012-10-17','Statement': [{'Effect': 'Allow','Principal': {'Federated': 'cognito-identity.amazonaws.com'},'Action': 'sts:AssumeRoleWithWebIdentity','Condition': {'StringEquals': {'cognito-identity.amazonaws.com:aud': idpId},'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'authenticated'}}}]};",
" let unauthParamsJson = { 'Version': '2012-10-17','Statement': [{'Effect': 'Allow','Principal': {'Federated': 'cognito-identity.amazonaws.com'},'Action': 'sts:AssumeRoleWithWebIdentity','Condition': {'StringEquals': {'cognito-identity.amazonaws.com:aud': idpId},'ForAnyValue:StringLike': {'cognito-identity.amazonaws.com:amr': 'unauthenticated'}}}]};",
" if (event.RequestType == 'Delete') {",
" delete authParamsJson.Statement.Condition;",
" delete unauthParamsJson.Statement.Condition;",
" let authParams = { PolicyDocument: JSON.stringify(authParamsJson),RoleName: authRoleName};",
" let unauthParams = {PolicyDocument: JSON.stringify(unauthParamsJson),RoleName: unauthRoleName};",
" const iam = new aws.IAM({ apiVersion: '2010-05-08', region: event.ResourceProperties.region});",
" promises.push(iam.updateAssumeRolePolicy(authParams).promise());",
" promises.push(iam.updateAssumeRolePolicy(unauthParams).promise());",
" Promise.all(promises)",
" .then((res) => {",
" console.log(\"delete response data\" + JSON.stringify(res));",
" response.send(event, context, response.SUCCESS, {});",
" });",
" }",
" if (event.RequestType == 'Update' || event.RequestType == 'Create') {",
" const iam = new aws.IAM({ apiVersion: '2010-05-08', region: event.ResourceProperties.region});",
" let authParams = { PolicyDocument: JSON.stringify(authParamsJson),RoleName: authRoleName};",
" let unauthParams = {PolicyDocument: JSON.stringify(unauthParamsJson),RoleName: unauthRoleName};",
" promises.push(iam.updateAssumeRolePolicy(authParams).promise());",
" promises.push(iam.updateAssumeRolePolicy(unauthParams).promise());",
" Promise.all(promises)",
" .then((res) => {",
" console.log(\"createORupdate\" + res);",
" console.log(\"response data\" + JSON.stringify(res));",
" response.send(event, context, response.SUCCESS, {});",
" });",
" }",
" } catch(err) {",
" console.log(err.stack);",
" responseData = {Error: err};",
" response.send(event, context, response.FAILED, responseData);",
" throw err;",
" }",
"};"
]
]
}
},
"Handler": "index.handler",
"Runtime": "nodejs10.x",
"Timeout": "300",
"Role": {
"Fn::GetAtt": [
"UpdateRolesWithIDPFunctionRole",
"Arn"
]
}
}
},
"UpdateRolesWithIDPFunctionOutputs": {
"Type": "Custom::LambdaCallout",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"UpdateRolesWithIDPFunction",
"Arn"
]
},
"region": {
"Ref": "AWS::Region"
},
"idpId": {
"Fn::GetAtt": [
"authhpiotreact8c9024fb",
"Outputs.IdentityPoolId"
]
},
"authRoleName": {
"Ref": "AuthRoleName"
},
"unauthRoleName": {
"Ref": "UnauthRoleName"
}
}
},
"UpdateRolesWithIDPFunctionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::Join": [
"",
[
{
"Ref": "AuthRoleName"
},
"-idp"
]
]
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "UpdateRolesWithIDPFunctionPolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": "iam:UpdateAssumeRolePolicy",
"Resource": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
}
},
{
"Effect": "Allow",
"Action": "iam:UpdateAssumeRolePolicy",
"Resource": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
}
}
]
}
}
]
}
}
},
"Outputs": {
"Region": {
"Description": "CloudFormation provider root stack Region",
"Value": {
"Ref": "AWS::Region"
},
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}-Region"
}
}
},
"StackName": {
"Description": "CloudFormation provider root stack ID",
"Value": {
"Ref": "AWS::StackName"
},
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}-StackName"
}
}
},
"StackId": {
"Description": "CloudFormation provider root stack name",
"Value": {
"Ref": "AWS::StackId"
},
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}-StackId"
}
}
},
"DeploymentBucketName": {
"Description": "CloudFormation provider root stack deployment bucket name",
"Value": {
"Ref": "DeploymentBucketName"
},
"Export": {
"Name": {
"Fn::Sub": "${AWS::StackName}-DeploymentBucketName"
}
}
},
"AuthRoleArn": {
"Value": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
}
},
"UnauthRoleArn": {
"Value": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
}
},
"AuthRoleName": {
"Value": {
"Ref": "AuthRole"
}
},
"UnauthRoleName": {
"Value": {
"Ref": "UnauthRole"
}
}
}
}