#!/bin/bash # Generate a new random Tenant ID read -p "What is the tenantID, leave blank for random? " TENANT_ID if [ -z "$TENANT_ID" ]; then TENANT_ID=$(uuidgen | tr '[:upper:]' '[:lower:]'| cut -c 1-8) fi # We grab the output variables from CloudFormation read -p "What is the stack name for the CloudFormation you just created?" STACK_NAME if [ -z "STACK_NAME" ]; then echo "CloudFormation stack name is empty. Exiting." exit 1 fi TENANT_USERNAME="user$(uuidgen | cut -c 1-4)@example${TENANT_ID}.com" TENANT_USER_POOL=$(aws cloudformation describe-stacks --stack-name $STACK_NAME \ --query "Stacks[0].Outputs[?OutputKey=='UserPool'].OutputValue" --output text) TENANT_USER_POOL_CLIENT=$(aws cloudformation describe-stacks --stack-name $STACK_NAME \ --query "Stacks[0].Outputs[?OutputKey=='UserPoolClient'].OutputValue" --output text) TENANT_IDENTITY_POOL=$(aws cloudformation describe-stacks --stack-name $STACK_NAME \ --query "Stacks[0].Outputs[?OutputKey=='IdentityPool'].OutputValue" --output text) if [ -z "TENANT_USER_POOL" ]; then echo "Cognito user pool is empty. CloudFormation failed, exiting." exit 1 fi # Create a new user in the User Pool skipping the usual registration email/password cycle TENANT_COGNITO_USER=$(aws cognito-idp admin-create-user --user-pool-id "$TENANT_USER_POOL" \ --username "$TENANT_USERNAME" --message-action SUPPRESS \ --user-attributes "[{\"Name\":\"custom:tenant_id\",\"Value\":\"$TENANT_ID\"},{\"Name\":\"custom:identity_pool\",\"Value\":\"$TENANT_IDENTITY_POOL\"}]") if [ -z "$TENANT_COGNITO_USER" ]; then echo "Cognito admin-create-user failed. Exiting." exit 1 fi # Set the user's password and status to active aws cognito-idp admin-set-user-password --user-pool-id "$TENANT_USER_POOL" --username "$TENANT_USERNAME" \ --password ABCdef123 --permanent # Now we can log in as the user to the User Pool AUTH_RESULT=$(aws cognito-idp admin-initiate-auth --user-pool-id "$TENANT_USER_POOL" \ --client-id "$TENANT_USER_POOL_CLIENT" --auth-flow ADMIN_NO_SRP_AUTH \ --auth-parameters USERNAME="$TENANT_USERNAME",PASSWORD=ABCdef123) JWT_ID_TOKEN=$(echo $AUTH_RESULT | jq -r '.AuthenticationResult.IdToken') HTTP_API=$(aws cloudformation describe-stacks --stack-name $STACK_NAME \ --query "Stacks[0].Outputs[?OutputKey=='HttpApiUrl'].OutputValue" --output text) echo "We've create user $TENANT_USERNAME for Tenant $TENANT_ID" echo "You can use the curl command below to test. It is pre-loaded with the JWT token for Tenant $TENANT_ID." echo "curl --location --request GET '$HTTP_API/jwt-simple-flow' --header 'x-tenant-id: $TENANT_ID' --header 'Authorization: Bearer $JWT_ID_TOKEN'"