英文:
How to create AWS Cognito stack using AWS CDK
问题
以下是您提供的代码的翻译部分:
I'm new to aws cloudformation and the cdk. I'm trying to create a sample stack just to try things out and I keep getting this error: "Invalid Cognito Identity Provider (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: InvalidParameterException; Request ID: 7db28b4b-373b-4808-9c8d-1d197b0be542; Proxy: null)"My code:// 以下是您的代码,包括各个部分的创建和配置// ...module.exports = { MyCdkStack }// const app = new cdk.App();// new MyStack(app, 'MyStack');
希望这对您有所帮助,如果您有任何其他问题或需要进一步的帮助,请随时告诉我。
英文:
I'm new to aws cloudformation and the cdk. I'm trying to create a sample stack just to try things out and I keep getting this error: "Invalid Cognito Identity Provider (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: InvalidParameterException; Request ID: 7db28b4b-373b-4808-9c8d-1d197b0be542; Proxy: null)"
My code:
const cdk = require('aws-cdk-lib');const ec2 = require('aws-cdk-lib/aws-ec2');const apigateway = require('aws-cdk-lib/aws-apigateway');const cognito = require('aws-cdk-lib/aws-cognito');const iam = require('aws-cdk-lib/aws-iam');const { Stack } = require('aws-cdk-lib');class MyCdkStack extends Stack {/**** @param {Construct} scope* @param {string} id* @param {StackProps=} props*/constructor(scope, id, props) {super(scope, id, props);// Create a VPC for the EC2 instanceconst vpc = new ec2.Vpc(this, 'MyVPC', {maxAzs: 2 // Use 2 availability zones});const sg = new ec2.SecurityGroup(this, 'MySSHSecurityGroup', {vpc,description: 'Allow Outbound SSH access',securityGroupName: 'My SSH Security Group',allowAllOutbound: true // Allow all outbound traffic});// Allow SSH access from a specific IP rangesg.addIngressRule(ec2.Peer.ipv4('anipaddress/32'), ec2.Port.tcp(22), 'Allow inbound SSH access from here');sg.addIngressRule(ec2.Peer.ipv4('anipaddress/32'), ec2.Port.tcp(22), 'Allow inbound SSH access from here 2');/////////////////////// Create a Cognito user poolconst userPool = new cognito.UserPool(this, 'MyUserPool', {userPoolName: 'My User Pool',selfSignUpEnabled: true,autoVerify: { email: true },signInAliases: { email: true },passwordPolicy: {minLength: 8,requireDigits: true,requireLowercase: true,requireUppercase: true,requireSymbols: true}});const userPoolClient = new cognito.CfnUserPoolClient(this, "MyUserPoolClient", {userPoolId: userPool.ref,explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],generateSecret: false,readAttributes: ["preferred_username","website","email","name","zoneinfo","phone_number","phone_number_verified","email_verified",],writeAttributes: ["name", "zoneinfo", "phone_number"],});// Create a Cognito identity poolconst identityPool = new cognito.CfnIdentityPool(this, 'MyIdentityPool', {identityPoolName: 'My Identity Pool',allowUnauthenticatedIdentities: false,cognitoIdentityProviders: [{clientId: userPoolClient.ref,providerName: userPool.userPoolProviderName,}]});// Create an API Gateway REST APIconst restApi = new apigateway.RestApi(this, 'MyRestApi', {restApiName: 'My Rest API',deployOptions: {stageName: 'prod'}});const sg2 = new ec2.SecurityGroup(this, 'MyAPIGatewaySecurityGroup', {vpc,description: 'Allow port 80 traffic from the API Gateway',securityGroupName: 'My API Gateway Security Group',allowAllOutbound: true // Allow all outbound traffic});// Allow port 80 traffic from the API Gatewaysg2.addIngressRule(ec2.Peer.ipv4(`${restApi.restApiId}.execute-api.${cdk.Stack.of(this).region}.amazonaws.com/32`),ec2.Port.tcp(80),'Allow port 80 traffic from the API Gateway');const keyName = 'my-key-pair';// Create an EC2 key pair for SSH accessconst key = new ec2.CfnKeyPair(this, 'MyKeyPair', {keyName,});// Associate the key pair with the EC2 instanceconst instance = new ec2.Instance(this, 'MyEC2Instance', {instanceType: ec2.InstanceType.of(ec2.InstanceClass.T2, ec2.InstanceSize.MICRO),machineImage: new ec2.AmazonLinuxImage(),vpc,securityGroup: sg2,key,userData: ec2.UserData.custom(`#!/bin/bashecho "Hello, world!" > /var/www/html/index.html`)});// Create a Cognito authorizerconst authorizer = new apigateway.CfnAuthorizer(this, 'MyCognitoAuthorizer', {name: 'My-Cognito-Authorizer',identitySource: 'method.request.header.Authorization',restApiId: restApi.restApiId,type: apigateway.AuthorizationType.COGNITO,providerArns: [userPool.userPoolArn]});// Create a resource and method for the API Gateway and Add the Cognito authorizer to the methodconst resource = restApi.root.addResource('my-resource');const method = resource.addMethod('GET', new apigateway.HttpIntegration(`http://${instance.instancePublicIp}`),{authorizationType: apigateway.AuthorizationType.COGNITO, authorizer: authorizer});// Create an IAM role for authenticated usersconst authenticatedRole = new iam.Role(this, 'MyAuthenticatedRole', {assumedBy: new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {StringEquals: { 'cognito-identity.amazonaws.com:aud': identityPool.ref },'ForAnyValue:StringLike': { 'cognito-identity.amazonaws.com:amr': 'authenticated' }}, 'sts:AssumeRoleWithWebIdentity')});// Create an IAM role for unauthenticated usersconst unauthenticatedRole = new iam.Role(this, 'MyUnauthenticatedRole', {assumedBy: new iam.FederatedPrincipal('cognito-identity.amazonaws.com', {StringEquals: { 'cognito-identity.amazonaws.com:aud': identityPool.ref },'ForAnyValue:StringLike': { 'cognito-identity.amazonaws.com:amr': 'unauthenticated' }}, 'sts:AssumeRoleWithWebIdentity')});// Grant permissions to the authenticated roleauthenticatedRole.addToPolicy(new iam.PolicyStatement({effect: iam.Effect.ALLOW,actions: ['execute-api:Invoke'],resources: [method.methodArn]}));// Grant permissions to the unauthenticated roleunauthenticatedRole.addToPolicy(new iam.PolicyStatement({effect: iam.Effect.ALLOW,actions: ['cognito-identity:GetId','cognito-identity:GetOpenIdToken'],resources: [`arn:aws:cognito-identity:${this.region}:${this.account}:identitypool/${identityPool.ref}`]}));// Set the roles for authenticated and unauthenticated usersnew cognito.CfnIdentityPoolRoleAttachment(this, 'MyIdentityPoolRoles', {identityPoolId: identityPool.ref,roles: {authenticated: authenticatedRole.roleArn,unauthenticated: unauthenticatedRole.roleArn}});}}module.exports = { MyCdkStack }// const app = new cdk.App();// new MyStack(app, 'MyStack');
EDIT (Added screenshot):
答案1
得分: 1
以下是翻译好的部分:
// 使用一个更加现代的示例。也许是这样的:const userPoolWebClient = new cognito.UserPoolClient(this,'userPoolWebClient',{userPool: userPool,generateSecret: false,preventUserExistenceErrors: true,authFlows: {userPassword: true,userSrp: true,},oAuth: {flows: {authorizationCodeGrant: false,implicitCodeGrant: true,},},},);new core.CfnOutput(this, 'UserPoolWebClientId', {value: userPoolWebClient.userPoolClientId,});const identityPool = new cognito.CfnIdentityPool(this,'DashboardIdentityPool',{cognitoIdentityProviders: [{clientId: userPoolWebClient.userPoolClientId,providerName: `cognito-idp.${this.region}.amazonaws.com/${userPool.userPoolId}`,},],allowUnauthenticatedIdentities: true,},);
英文:
Use a more up-to-date example. Perhaps:
const userPoolWebClient = new cognito.UserPoolClient(this,'userPoolWebClient',{userPool: userPool,generateSecret: false,preventUserExistenceErrors: true,authFlows: {userPassword: true,userSrp: true,},oAuth: {flows: {authorizationCodeGrant: false,implicitCodeGrant: true,},},},);new core.CfnOutput(this, 'UserPoolWebClientId', {value: userPoolWebClient.userPoolClientId,});const identityPool = new cognito.CfnIdentityPool(this,'DashboardIdentityPool',{cognitoIdentityProviders: [{clientId: userPoolWebClient.userPoolClientId,providerName: `cognito-idp.${this.region}.amazonaws.com/${userPool.userPoolId}`,},],allowUnauthenticatedIdentities: true,},);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论