├── images ├── method.png └── authorizer.png ├── .gitignore ├── bin ├── delete_user_pool └── create_user_pool ├── serverless.yml ├── handler.js └── README.md /images/method.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/johnf/serverless-cognito-demo/HEAD/images/method.png -------------------------------------------------------------------------------- /images/authorizer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/johnf/serverless-cognito-demo/HEAD/images/authorizer.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # package directories 2 | node_modules 3 | jspm_packages 4 | 5 | # Serverless directories 6 | .serverless -------------------------------------------------------------------------------- /bin/delete_user_pool: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | var AWS = require('aws-sdk'); 4 | 5 | var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({ region: 'us-east-1' }); 6 | 7 | var params = { 8 | 'UserPoolId': process.argv[2], 9 | }; 10 | 11 | cognitoidentityserviceprovider.deleteUserPool(params, function (err) { 12 | if (err) { 13 | console.error(err, err.stack); 14 | return; 15 | } 16 | 17 | console.log('Deleted pool'); 18 | }); 19 | -------------------------------------------------------------------------------- /serverless.yml: -------------------------------------------------------------------------------- 1 | service: serverless-cognito-demo 2 | 3 | provider: 4 | name: aws 5 | runtime: nodejs4.3 6 | region: us-east-1 7 | 8 | functions: 9 | hello: 10 | handler: handler.hello 11 | events: 12 | - http: 13 | path: hello 14 | method: get 15 | integration: lambda 16 | authorizer: 17 | name: authorizer 18 | arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX 19 | claims: 20 | - email 21 | -------------------------------------------------------------------------------- /handler.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.hello = (event, context, callback) => { 4 | const response = { 5 | statusCode: 200, 6 | body: JSON.stringify({ 7 | message: 'Go Serverless v1.0! Your function executed successfully!', 8 | input: event, 9 | }), 10 | }; 11 | 12 | callback(null, response); 13 | 14 | // Use this code if you don't use the http event with the LAMBDA-PROXY integration 15 | // callback(null, { message: 'Go Serverless v1.0! Your function executed successfully!', event }); 16 | }; 17 | -------------------------------------------------------------------------------- /bin/create_user_pool: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env node 2 | 3 | var AWS = require('aws-sdk'); 4 | 5 | var cognitoidentityserviceprovider = new AWS.CognitoIdentityServiceProvider({ region: 'us-east-1' }); 6 | var iam = new AWS.IAM(); 7 | 8 | var params = { 9 | 'AliasAttributes': ['email'], 10 | 'PoolName': 'serveless_test', 11 | }; 12 | 13 | cognitoidentityserviceprovider.createUserPool(params, function (err, poolData) { 14 | if (err) { 15 | console.error(err, err.stack); 16 | return; 17 | } 18 | 19 | iam.getUser({}, function (err, iamData) { 20 | if (err) { 21 | console.error(err, err.stack); 22 | return; 23 | } 24 | 25 | var id = iamData.User.Arn.split(':')[4]; 26 | console.log('User Pool ARN is arn:aws:cognito-idp:us-east-1:' + id + ':userpool/' + poolData.UserPool.Id); 27 | }); 28 | }); 29 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # NOTE: This was a demo for a pull request into serverless. 2 | 3 | If you are wondering what you need to do client side, check out https://github.com/aws/amazon-cognito-identity-js 4 | 5 | # Serverless Test 6 | 7 | This testing assume that you have default AWS credentials set up in ~/.aws or 8 | you are running on an EC2 instance with an EC2 role with the appropriate 9 | permissions. 10 | 11 | # Testing 12 | 13 | ## Create the pool 14 | 15 | First you need to create a userpool 16 | ``` 17 | bin/create_user_pool 18 | ``` 19 | 20 | this will output the ARN 21 | ``` 22 | User Pool ARN is arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX 23 | ``` 24 | 25 | ## Configure Serverless 26 | 27 | Copy this ARN into `arn:` section of `serverless.yml` 28 | 29 | Configure serverless to use your AWS credential. 30 | 31 | 32 | ## Bring up the stack 33 | 34 | ``` 35 | sls deploy 36 | ``` 37 | 38 | ## Verify 39 | 40 | * Browse to https://console.aws.amazon.com/apigateway/home?region=us-east-1#/apis 41 | * Click on *dev-serverless-cognito-demo* 42 | * Click on *Authorizers* 43 | * You should see an authorizer configured as per ![Authorizer](images/authorizer.png) 44 | * Click on *Resources* 45 | * Click on */hello* 46 | * You should see the method is protected by the cognito pool as per ![Pool](images/method.png) 47 | 48 | ## Cleanup 49 | 50 | Bring down the stack 51 | ``` 52 | sls remove 53 | ``` 54 | 55 | Delete the pool, you need to pass in the ID. The bit at the end of the ARN. 56 | 57 | ``` 58 | bin/delete_user_pool us-east-1_XX 59 | ``` 60 | --------------------------------------------------------------------------------