b-cfn-custom-userpool-authorizer 0.1.1

Package that enables deployment of AWS CDK stacks in parallel.

B.CfnCustomUserPoolAuthorizer

An AWS CDK resource that mimics original UserPoolAuthorizer resource.

Description

This is a custom user pool authorizer used to protect API endpoints. It has exactly the same functionality and purpose as the original UserPoolAuthorizer. The main reason why you would want to use this custom authorizer instead of a default one - is that this custom authorizer can resolve user pool region, id, and client id from SSM parameters (AWS Systems Manager Parameter Store). This way your stacks no longer need a dependency to a stack containing user pool instance.

Remarks

Biomapas aims to modernise life-science industry by sharing its IT knowledge with other companies and the community. This is an open source library intended to be used by anyone. Improvements and pull requests are welcome.

Related technology

• Python3
• AWS CDK
• AWS CloudFormation
• AWS Cognito
• AWS Cognito User Pool
• AWS API Gateway
• AWS API Gateway Authorizer

Assumptions

This project assumes you are an expert in infrastructure-as-code via AWS CloudFormation and AWS CDK. You must clearly understand how AWS API Gateway endpoints are protected with Authorizers / Custom Authorizers and how it is managed via CloudFormation or CDK. You must also understand the pain-points of stack dependencies and dependencies between microservices in general (which this package aims to solve).

• Excellent knowledge in IaaC (Infrastructure as a Code) principles.
• Excellent knowledge in Cognito, User Pool, API Gateway, Authorizers.
• Good experience in AWS CDK and AWS CloudFormation.
• Good Python skills and basis of OOP.

Useful sources

• AWS CDK:
  https://docs.aws.amazon.com/cdk/api/latest/docs/aws-construct-library.html
• AWS CloudFormation:
  https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html
• API Gateway with CloudFormation:
  https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html
• AWS Cognito use pool:
  https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
• AWS Custom Authorizers:
  https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

Install

Before installing this library, ensure you have these tools setup:

• Python / Pip
• AWS CDK
• Docker

To install this project from source run:

pip install .

Or you can install it from a PyPi repository:

pip install b-cfn-custom-userpool-authorizer

Usage & Examples

from aws_cdk.core import Stack
from aws_cdk.aws_cognito import UserPool, UserPoolClient
from aws_cdk.aws_apigatewayv2 import CfnApi

from b_cfn_custom_userpool_authorizer.config.user_pool_config import UserPoolConfig
from b_cfn_custom_userpool_authorizer.user_pool_custom_authorizer import UserPoolCustomAuthorizer

# Create user pool and client.
pool = UserPool(...)
client = UserPoolClient(...)

# Create an API Gateway API.
api = CfnApi(...)

# Create custom authorizer and use it in your endpoints (CfnRoute).
authorizer = UserPoolCustomAuthorizer(
    scope=Stack(...),
    name='MyCustomAuthorizer',
    api=api,
    user_pool_config=UserPoolConfig(
        user_pool_id=pool.user_pool_id,
        user_pool_region=pool.stack.region,
        user_pool_client_id=client.user_pool_client_id
    )
)

Testing

This package has integration tests based on pytest. To run tests simply run:

pytest b_cfn_custom_userpool_authorizer_test/integration/tests

Contribution

Found a bug? Want to add or suggest a new feature? Contributions of any kind are gladly welcome. You may contact us directly, create a pull-request or an issue in github platform. Lets modernize the world together.

Release history

0.1.1

• Add the ability to use a Bearer Token.
• Add JWT claims to authorizer output.

0.1.0

• Add property to expose authorization type for API Gateway APIs.

0.0.16

• Add more tests to handle completely broken jwt tokens like "aaa.bbb.ccc".

0.0.14

• Simplify logging with pytest.

0.0.13

• Update B.LambdaLayerCommon dependency.

0.0.12

• Add more integration tests.
• Update b_lambda_layer_common dependency.

0.0.11

• Add readme.

0.0.10

• Add tests.

0.0.9

• Enable caching.

0.0.8

• Fix testing configuration.

0.0.7

• Success! Authorizer can now successfully authorize tokens.

0.0.6

• First attempt to verify cognito user pool JWT token.

0.0.5

• Still work in progress. Requests and tests work.
• Checking the actual access token - in progress.

0.0.3

• Work in progress. Added integration testing files.

0.0.1

• Initial build.