aws-cognito-apigateway-lambda - AWS Solutions Constructs

aws-cognito-apigateway-lambda

All classes are under active development and subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Language Package
Python
aws_solutions_constructs.aws_cognito_apigateway_lambda
Typescript
@aws-solutions-constructs/aws-cognito-apigateway-lambda
Java
software.amazon.awsconstructs.services.cognitoapigatewaylambda

This AWS Solutions Constructs pattern implements an Amazon Cognito securing an Amazon API Gateway Lambda backed REST APIs pattern.

Here is a minimal deployable pattern definition:

const { CognitoToApiGatewayToLambda } = require('@aws-solutions-constructs/aws-cognito-apigateway-lambda'); const stack = new Stack(app, 'test-cognito-apigateway-lambda-stack'); const lambdaProps: lambda.FunctionProps = { code: lambda.Code.asset(`${__dirname}/lambda`), runtime: lambda.Runtime.NODEJS_12_X, handler: 'index.handler' }; new CognitoToApiGatewayToLambda(stack, 'test-cognito-apigateway-lambda', { lambdaFunctionProps: lambdaProps });

Initializer

new CognitoToApiGatewayToLambda(scope: Construct, id: string, props: CognitoToApiGatewayToLambdaProps);

Parameters

Pattern Construct Props

Name Type Description
existingLambdaObj? lambda.Function An optional, existing Lambda function to be used instead of the default function. If an existing function is provided, the lambdaFunctionProps property will be ignored.
lambdaFunctionProps? lambda.FunctionProps Optional user-provided properties to override the default properties for the Lambda function. Ignored if an existingLambdaObj is provided.
apiGatewayProps? api.LambdaRestApiProps Optional user provided props to override the default props for API Gateway
cognitoUserPoolProps? cognito.UserPoolProps Optional user provided props to override the default props for Cognito User Pool
cognitoUserPoolClientProps? cognito.UserPoolClientProps Optional user provided props to override the default props for Cognito User Pool Client

Pattern Properties

Name Type Description
apiGateway api.RestApi Returns an instance of the API Gateway REST API created by the pattern.
lambdaFunction lambda.Function Returns an instance of the Lambda function created by the pattern.
userPool cognito.UserPool Returns an instance of the Cognito user pool created by the pattern.
userPoolClient cognito.UserPoolClient Returns an instance of the Cognito user pool client created by the pattern.
apiGatewayCloudWatchRole iam.Role Returns an instance of the IAM role created by the pattern that enables access logging from the API Gateway REST API to CloudWatch.
apiGatewayLogGroup logs.LogGroup Returns an instance of the log group created by the pattern that API Gateway REST API access logs are sent to.
apiGatewayAuthorizer api.CfnAuthorizer Returns an instance of the API Gateway authorizer created by the pattern.

Default settings

Out-of-the-box implementation of this pattern without any overrides will set the following defaults:

Amazon Cognito

  • Set password policy for User Pools

  • Enforce the advanced security mode for User Pools

Amazon API Gateway

  • Deploy an edge-optimized API endpoint

  • Enable CloudWatch logging for API Gateway

  • Configure least privilege access IAM role for API Gateway

  • Set the default authorizationType for all API methods to IAM

AWS Lambda Function

  • Configure least privilege access IAM role for Lambda function

  • Enable reusing connections with Keep-Alive for NodeJs Lambda function

Architecture