@Stability(value=Stable)

Package software.amazon.awscdk.services.elasticloadbalancingv2.actions

Actions for AWS Elastic Load Balancing V2

See: Description

Interface Summary

Interface	Description
AuthenticateCognitoActionProps	Properties for AuthenticateCognitoAction.

Class Summary

Class	Description
AuthenticateCognitoAction	A Listener Action to authenticate with Cognito.
AuthenticateCognitoAction.Builder	A fluent builder for AuthenticateCognitoAction.
AuthenticateCognitoActionProps.Builder	A builder for AuthenticateCognitoActionProps
AuthenticateCognitoActionProps.Jsii$Proxy	An implementation for AuthenticateCognitoActionProps

Package software.amazon.awscdk.services.elasticloadbalancingv2.actions Description

Actions for AWS Elastic Load Balancing V2

---

This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2 library.

Cognito

ELB allows for requests to be authenticated against a Cognito user pool using the AuthenticateCognitoAction. For details on the setup's requirements, read Prepare to use Amazon Cognito. Here's an example:

 // Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.cognito.*;
 import software.amazon.awscdk.services.ec2.*;
 import software.amazon.awscdk.services.elasticloadbalancingv2.*;
 import software.amazon.awscdk.core.App;
 import software.amazon.awscdk.core.CfnOutput;
 import software.amazon.awscdk.core.Construct;
 import software.amazon.awscdk.core.Stack;
 import lib.*;CognitoStack extends Stack {CognitoStack(
 
 ApplicationLoadBalancer lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps()
         .vpc(vpc)
         .internetFacing(true));
 
 UserPool userPool = new UserPool(this, "UserPool");
 UserPoolClient userPoolClient = new UserPoolClient(this, "Client", new UserPoolClientProps()
         .userPool(userPool)
 
         // Required minimal configuration for use with an ELB
         .generateSecret(true)
         .authFlows(new AuthFlow()
                 .userPassword(true)
                 .refreshToken(true))
         .oAuth(new OAuthSettings()
                 .flows(new OAuthFlows()
                         .authorizationCodeGrant(true))
                 .scopes(asList(cognito.OAuthScope.getEMAIL()))
                 .callbackUrls(asList("https://" + lb.loadBalancerDnsName + "/oauth2/idpresponse"))));
 CfnUserPoolClient cfnClient = (CfnUserPoolClient)userPoolClient.node.getDefaultChild();
 cfnClient.addPropertyOverride("RefreshTokenValidity", 1);
 cfnClient.addPropertyOverride("SupportedIdentityProviders", asList("COGNITO"));
 
 UserPoolDomain userPoolDomain = new UserPoolDomain(this, "Domain", new UserPoolDomainProps()
         .userPool(userPool)
         .cognitoDomain(new CognitoDomainOptions()
                 .domainPrefix("test-cdk-prefix")));
 
 lb.addListener("Listener", new BaseApplicationListenerProps()
         .port(443)
         .certificates(asList(certificate))
         .defaultAction(new AuthenticateCognitoAction(new AuthenticateCognitoActionProps()
                 .userPool(userPool)
                 .userPoolClient(userPoolClient)
                 .userPoolDomain(userPoolDomain)
                 .next(elbv2.ListenerAction.fixedResponse(200, new FixedResponseOptions()
                         .contentType("text/plain")
                         .messageBody("Authenticated"))))));
 
 new CfnOutput(this, "DNS", new CfnOutputProps()
         .value(lb.getLoadBalancerDnsName()));
 
 App app = new App();
 new CognitoStack(app, "integ-cognito");
 app.synth();
 

NOTE: this example seems incomplete, I was not able to get the redirect back to the Load Balancer after authentication working. Would love some pointers on what a full working setup actually looks like!