Attention

This module only allows to perform lookup to an exising userpool at the moment. The only integration is with x-elbv2 listener properties. Raise a feature request if you need further integrations.

x-cognito_userpool ¶

          x-cognito_userpool:
  userpool-with-saml:
    Lookup:
      Tags:
        - application: kafdrop
        - saml_provider: someone

         

Examples ¶

Example with x-elbv2 for ALB integration. This is taken from a real use-case. ¶

            x-cognito_userpool:
  kafdrop-pool:
    Lookup:
      Tags:
        - application: kafdrop

x-elbv2:
  kafdrop-cc-scAlb:
    Settings:
      Subnets: PublicSubnets
    Properties:
      Scheme: internet-facing
      Type: application
    MacroParameters:
      Ingress:
        ExtSources:
          - IPv4: 0.0.0.0/0
            Name: ANY
            Description: ANY
    Listeners:
      - Port: 80
        Protocol: HTTP
        DefaultActions:
          - Redirect: HTTP_TO_HTTPS
      - Port: 443
        Protocol: HTTPS
        SslPolicy: ELBSecurityPolicy-FS-1-2-Res-2020-10
        Certificates:
          - x-acm: kafdrop-certs
        Targets:
          - name: akhq:akhq-nginx
            access: /
            CreateCognitoClient:
              UserPoolId: kafdrop-pool
              GenerateSecret: true
              AllowedOAuthScopes:
                - email
                - profile
                - openid
              AllowedOAuthFlows:
                - code
              CallbackURLs:
                - https://kafdropmydomain.net/oauth2/idpresponse
              DefaultRedirectURI: https://kafdropmydomain.net/oauth2/idpresponse
              EnableTokenRevocation: true
              ExplicitAuthFlows:
                - ALLOW_USER_SRP_AUTH
                - ALLOW_REFRESH_TOKEN_AUTH
              AccessTokenValidity: 1
              RefreshTokenValidity: 1
              AllowedOAuthFlowsUserPoolClient: true
              WriteAttributes:
                - email
                - family_name
                - given_name
                - name
                - nickname
                - profile
              ReadAttributes:
                - email
                - family_name
                - given_name
                - name
                - nickname
                - profile
              SupportedIdentityProviders:
                - AzureSSO
            AuthenticateCognitoConfig:
              OnUnauthenticatedRequest: authenticate
              Scope: openid
              SessionCookieName: kafdrop
              SessionTimeout: 3600

    Services:
      - name: akhq:akhq-nginx
        port: 443
        protocol: HTTPS
        healthcheck: 443:HTTPS:4:2:10:5:200:/health

x-acm:
  kafdrop-certs:
    MacroParameters:
      DomainNames:
        - kafdropmydomain.net

           

JSON Schema ¶

Model ¶

x-cognito_userpool ¶

x-cognito_userpool.spec.json
x-cognito_userpool
type	object
properties
Lookup	x-resources.common.spec.json#/definitions/Lookup
additionalProperties	False

Definition ¶

            {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "id": "x-cognito_userpool.spec.json",
  "$id": "x-cognito_userpool.spec.json",
  "title": "x-cognito_userpool",
  "description": "x-cognito_userpool",
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "Lookup": {
      "$ref": "x-resources.common.spec.json#/definitions/Lookup"
    }
  }
}

           