Skip navigation links

Package software.amazon.awscdk.services.elasticloadbalancingv2.actions

Actions for AWS Elastic Load Balancing V2

See: Description

Package software.amazon.awscdk.services.elasticloadbalancingv2.actions Description

Actions for AWS Elastic Load Balancing V2

---

cdk-constructs: Stable


This package contains integration actions for ELBv2. See the README of the @aws-cdk/aws-elasticloadbalancingv2 library.

Cognito

ELB allows for requests to be authenticated against a Cognito user pool using the AuthenticateCognitoAction. For details on the setup's requirements, read Prepare to use Amazon Cognito. Here's an example:

 // Example automatically generated. See https://github.com/aws/jsii/issues/826
 import software.amazon.awscdk.services.cognito.*;
 import software.amazon.awscdk.services.ec2.*;
 import software.amazon.awscdk.services.elasticloadbalancingv2.*;
 import software.amazon.awscdk.core.App;
 import software.amazon.awscdk.core.CfnOutput;
 import software.amazon.awscdk.core.Stack;
 import software.constructs.Construct;
 import lib.*;
 
 CognitoStack extends Stack {
 
 CognitoStack(ApplicationLoadBalancer lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps()
         .vpc(vpc)
         .internetFacing(true));
 
 UserPool userPool = new UserPool(this, "UserPool");
 UserPoolClient userPoolClient = new UserPoolClient(this, "Client", new UserPoolClientProps()
         .userPool(userPool)
 
         // Required minimal configuration for use with an ELB
         .generateSecret(true)
         .authFlows(new AuthFlow()
                 .userPassword(true))
         .oAuth(new OAuthSettings()
                 .flows(new OAuthFlows()
                         .authorizationCodeGrant(true))
                 .scopes(List.of(cognito.OAuthScope.EMAIL))
                 .callbackUrls(List.of(String.format("https://%s/oauth2/idpresponse", lb.getLoadBalancerDnsName())))));
 CfnUserPoolClient cfnClient = (CfnUserPoolClient)userPoolClient.node.getDefaultChild();
 cfnClient.addPropertyOverride("RefreshTokenValidity", 1);
 cfnClient.addPropertyOverride("SupportedIdentityProviders", List.of("COGNITO"));
 
 UserPoolDomain userPoolDomain = new UserPoolDomain(this, "Domain", new UserPoolDomainProps()
         .userPool(userPool)
         .cognitoDomain(new CognitoDomainOptions()
                 .domainPrefix("test-cdk-prefix")));
 
 lb.addListener("Listener", new BaseApplicationListenerProps()
         .port(443)
         .certificates(List.of(certificate))
         .defaultAction(new AuthenticateCognitoAction(new AuthenticateCognitoActionProps()
                 .userPool(userPool)
                 .userPoolClient(userPoolClient)
                 .userPoolDomain(userPoolDomain)
                 .next(elbv2.ListenerAction.fixedResponse(200, new FixedResponseOptions()
                         .contentType("text/plain")
                         .messageBody("Authenticated"))))));
 
 new CfnOutput(this, "DNS", new CfnOutputProps()
         .value(lb.getLoadBalancerDnsName()));
 
 App app = new App();
 new CognitoStack(app, "integ-cognito");
 app.synth();
 

NOTE: this example seems incomplete, I was not able to get the redirect back to the Load Balancer after authentication working. Would love some pointers on what a full working setup actually looks like!

Skip navigation links