aws-cdk-lib.aws_elasticloadbalancingv2_actions.AuthenticateCognitoAction

class AuthenticateCognitoAction

LanguageType name
.NETAmazon.CDK.AWS.ElasticLoadBalancingV2.Actions.AuthenticateCognitoAction
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2actions#AuthenticateCognitoAction
Javasoftware.amazon.awscdk.services.elasticloadbalancingv2.actions.AuthenticateCognitoAction
Pythonaws_cdk.aws_elasticloadbalancingv2_actions.AuthenticateCognitoAction
TypeScript (source)aws-cdk-lib » aws_elasticloadbalancingv2_actions » AuthenticateCognitoAction

Implements IListenerAction

Extends ListenerAction

A Listener Action to authenticate with Cognito.

Example

import { aws_certificatemanager as acm } from 'aws-cdk-lib';

declare const vpc: ec2.Vpc;
declare const certificate: acm.Certificate;

const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
  vpc,
  internetFacing: true,
});

const userPool = new cognito.UserPool(this, 'UserPool');
const userPoolClient = new cognito.UserPoolClient(this, 'Client', {
  userPool,

  // Required minimal configuration for use with an ELB
  generateSecret: true,
  authFlows: {
    userPassword: true,
  },
  oAuth: {
    flows: {
      authorizationCodeGrant: true,
    },
    scopes: [cognito.OAuthScope.EMAIL],
    callbackUrls: [
      `https://${lb.loadBalancerDnsName}/oauth2/idpresponse`,
    ],
  },
});
const cfnClient = userPoolClient.node.defaultChild as cognito.CfnUserPoolClient;
cfnClient.addPropertyOverride('RefreshTokenValidity', 1);
cfnClient.addPropertyOverride('SupportedIdentityProviders', ['COGNITO']);

const userPoolDomain = new cognito.UserPoolDomain(this, 'Domain', {
  userPool,
  cognitoDomain: {
    domainPrefix: 'test-cdk-prefix',
  },
});

lb.addListener('Listener', {
  port: 443,
  certificates: [certificate],
  defaultAction: new actions.AuthenticateCognitoAction({
    userPool,
    userPoolClient,
    userPoolDomain,
    next: elbv2.ListenerAction.fixedResponse(200, {
      contentType: 'text/plain',
      messageBody: 'Authenticated',
    }),
  }),
});

new CfnOutput(this, 'DNS', {
  value: lb.loadBalancerDnsName,
});

Initializer

new AuthenticateCognitoAction(options: AuthenticateCognitoActionProps)

Parameters

  • options AuthenticateCognitoActionProps

Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC).

Methods

NameDescription
bind(scope, listener, associatingConstruct?)Called when the action is being used in a listener.
renderActions()Render the listener default actions in this chain.
renderRuleActions()Render the listener rule actions in this chain.

bind(scope, listener, associatingConstruct?)

public bind(scope: Construct, listener: IApplicationListener, associatingConstruct?: IConstruct): void

Parameters

  • scope Construct
  • listener IApplicationListener
  • associatingConstruct IConstruct

Called when the action is being used in a listener.


renderActions()

public renderActions(): ActionProperty[]

Returns

  • ActionProperty[]

Render the listener default actions in this chain.


renderRuleActions()

public renderRuleActions(): ActionProperty[]

Returns

  • ActionProperty[]

Render the listener rule actions in this chain.