0.12.28 • Published 5 months ago

@ttoss/cloud-auth v0.12.28

Weekly downloads
-
License
MIT
Repository
github
Last release
5 months ago

@ttoss/cloud-auth

It's a library for creating AWS Cognito resources. It creates an user pool, identity pool, a client application, and others resources.

Installation

pnpm add @ttoss/cloud-auth

Quickstart

Create a cloudformation.ts file in your project and export the template:

import { createAuthTemplate } from '@ttoss/cloud-auth';

const template = createAuthTemplate();

export default template;

Usage

Identity Pool

Create an basic identity pool

const template = createAuthTemplate({
  identityPool: {
    enabled: true, // false by default
    name: 'MyIdentityPool',
    allowUnauthenticatedIdentities: false, // false by default
  },
});

Create an identity pool with external roles

const template = createAuthTemplate({
  identityPool: {
    enabled: true,
    authenticatedRoleArn:
      'arn:aws:iam::123456789012:role/MyIdentityPool_AuthenticatedRole',
    unauthenticatedRoleArn:
      'arn:aws:iam::123456789012:role/MyIdentityPool_UnauthenticatedRole',
  },
});

Create an identity pool with defined policies

const template = createAuthTemplate({
  identityPool: {
    enabled: true,
    authenticatedPolicies: [
      {
        policyName: 'MyIdentityPool_AuthenticatedPolicy',
        policyDocument: {
          Version: '2012-10-17',
          Statement: [
            {
              Effect: 'Allow',
              Action: ['mobileanalytics:PutEvents', 'cognito-sync:*'],
              Resource: ['*'],
            },
          ],
        },
      },
    ],
    unauthenticatedPolicies: [
      {
        policyName: 'MyIdentityPool_UnauthenticatedPolicy',
        policyDocument: {
          Version: '2012-10-17',
          Statement: [
            {
              Effect: 'Deny',
              Action: ['*'],
              Resource: ['*'],
            },
          ],
        },
      },
    ],
  },
});

Using attributes for access control

When you enable the identity pool, it maps the following principal tags to handle access control by default:

PrincipalTags:
  appClientId: 'aud'
  userId: 'sub'

This way you can use the appClientId and userId tags in your IAM policies by controlling access for IAM principals. For example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject*",
      "Resource": "arn:aws:s3:::*-${aws:PrincipalTag/userId}/*"
    }
  ]
}

You can change the default tags by passing the principalTags property and other tokens:

const template = createAuthTemplate({
  identityPool: {
    enabled: true,
    principalTags: {
      appId: 'aud',
      username: 'sub',
      name: 'name',
    },
  },
});

If you want to disable the principal tags, you can pass the principalTags property with false value:

const template = createAuthTemplate({
  identityPool: {
    enabled: true,
    principalTags: false,
  },
});
0.12.28

5 months ago

0.12.27

7 months ago

0.12.25

7 months ago

0.12.26

7 months ago

0.12.24

8 months ago

0.12.23

8 months ago

0.12.20

10 months ago

0.12.21

10 months ago

0.12.22

10 months ago

0.12.16

11 months ago

0.12.17

11 months ago

0.12.18

11 months ago

0.12.19

11 months ago

0.12.14

12 months ago

0.12.15

12 months ago

0.12.11

1 year ago

0.12.12

1 year ago

0.12.13

1 year ago

0.12.10

1 year ago

0.12.9

1 year ago

0.12.7

1 year ago

0.12.8

1 year ago

0.12.6

1 year ago

0.12.5

1 year ago

0.12.4

1 year ago

0.12.3

1 year ago

0.12.2

1 year ago

0.12.1

2 years ago

0.12.0

2 years ago

0.11.0

2 years ago

0.10.7

2 years ago

0.10.6

2 years ago

0.10.3

2 years ago

0.10.4

2 years ago

0.10.5

2 years ago

0.9.8

2 years ago

0.9.9

2 years ago

0.10.1

2 years ago

0.10.2

2 years ago

0.10.0

2 years ago

0.9.7

2 years ago

0.9.6

2 years ago

0.9.4

2 years ago

0.9.3

2 years ago

0.9.2

2 years ago

0.9.1

2 years ago

0.8.9

2 years ago

0.8.7

2 years ago

0.8.10

2 years ago

0.9.0

2 years ago

0.8.5

2 years ago

0.8.4

2 years ago

0.8.6

2 years ago

0.8.1

2 years ago

0.7.2

2 years ago

0.8.0

2 years ago

0.7.1

2 years ago

0.8.3

2 years ago

0.8.2

2 years ago

0.6.4

2 years ago

0.7.0

2 years ago

0.6.3

2 years ago

0.6.2

2 years ago

0.6.1

2 years ago

0.6.0

2 years ago

0.5.0

3 years ago

0.4.0

3 years ago

0.3.1

3 years ago

0.3.0

3 years ago

0.2.0

3 years ago