# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Description: > This template deploys an API Gateway and a Cognito User Pool. The API Gateway authorizes users via the Cognito user pool, and issues transactions to Managed Blockchain via a Lambda function. Parameters: SECURITYGROUPID: Type: String SUBNETID: Type: String VPCID: Type: String MEMBERNAME: Type: String NETWORKID: Type: String MEMBERID: Type: String CHANNELNAME: Type: String CHAINCODEID: Type: String LAMBDANAME: Type: String APINAME: Type: String Resources: CognitoUserPool: Type: AWS::Cognito::UserPool Properties: UserPoolName: "NGOUserPool" Schema: - Name: "fabricUsername" AttributeDataType: String Mutable: true CognitoAppClient: Type: AWS::Cognito::UserPoolClient Properties: ClientName: CognitoNGOAppClient ExplicitAuthFlows: - ALLOW_USER_PASSWORD_AUTH - ALLOW_REFRESH_TOKEN_AUTH GenerateSecret: False UserPoolId: !Ref CognitoUserPool Permission: Type: AWS::Lambda::Permission Properties: FunctionName: Fn::Sub: "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LAMBDANAME}" Action: "lambda:InvokeFunction" Principal: "apigateway.amazonaws.com" SourceArn: Fn::Sub: "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${DonorsAPIGateway}/*/*/*" DonorsAPIGateway: Type: 'AWS::Serverless::Api' Properties: Name: !Ref APINAME StageName: dev EndpointConfiguration: Regional Cors: AllowCredentials: true AllowHeaders: "'*''" AllowMethods: "'POST, GET, OPTIONS, PUT'" AllowOrigin: "'*''" Auth: DefaultAuthorizer: NGOCognitoAuthorizer Authorizers: NGOCognitoAuthorizer: UserPoolArn: !GetAtt CognitoUserPool.Arn DefinitionBody: swagger: "2.0" info: version: "2020-08-01T12:00:00Z" title: "Donors API" paths: /donors: get: consumes: - "application/json" produces: - "application/json" responses: "200": description: "200 response" headers: Access-Control-Allow-Origin: type: "string" "400": description: "400 response" headers: Access-Control-Allow-Origin: type: "string" "401": description: "401 response" headers: Access-Control-Allow-Origin: type: "string" "500": description: "500 response" headers: Access-Control-Allow-Origin: type: "string" x-amazon-apigateway-integration: uri: Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LAMBDANAME}/invocations" responses: default: statusCode: "200" responseParameters: method.response.header.Access-Control-Allow-Origin: "'*'" passthroughBehavior: "when_no_templates" httpMethod: "POST" requestTemplates: application/json: "{\n \"functionType\": \"queryObject\",\n \"chaincodeFunction\"\ : \"queryAllDonors\",\n \"chaincodeFunctionArgs\": {},\n \"fabricUsername\"\ \ : \"$context.authorizer.claims['custom:fabricUsername']\"\n}" contentHandling: "CONVERT_TO_TEXT" type: "aws" /donorsmanager: get: consumes: - "application/json" produces: - "application/json" responses: "200": description: "200 response" headers: Access-Control-Allow-Origin: type: "string" "400": description: "400 response" headers: Access-Control-Allow-Origin: type: "string" "401": description: "401 response" headers: Access-Control-Allow-Origin: type: "string" "500": description: "500 response" headers: Access-Control-Allow-Origin: type: "string" x-amazon-apigateway-integration: uri: Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LAMBDANAME}/invocations" responses: default: statusCode: "200" responseParameters: method.response.header.Access-Control-Allow-Origin: "'*'" passthroughBehavior: "when_no_templates" httpMethod: "POST" requestTemplates: application/json: "{\n \"functionType\": \"queryObject\",\n \"chaincodeFunction\"\ : \"queryAllDonorsManagerOnly\",\n \"chaincodeFunctionArgs\": {},\n \"fabricUsername\"\ \ : \"$context.authorizer.claims['custom:fabricUsername']\"\n}" contentHandling: "CONVERT_TO_TEXT" type: "aws" /user: get: consumes: - "application/json" produces: - "application/json" responses: "200": description: "200 response" headers: Access-Control-Allow-Origin: type: "string" "400": description: "400 response" headers: Access-Control-Allow-Origin: type: "string" "401": description: "401 response" headers: Access-Control-Allow-Origin: type: "string" "500": description: "500 response" headers: Access-Control-Allow-Origin: type: "string" x-amazon-apigateway-integration: uri: Fn::Sub: "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${LAMBDANAME}/invocations" responses: default: statusCode: "200" responseParameters: method.response.header.Access-Control-Allow-Origin: "'*'" passthroughBehavior: "when_no_templates" httpMethod: "POST" requestTemplates: application/json: "{\n \"functionType\": \"queryObject\",\n \"chaincodeFunction\"\ : \"getClientIdentityInfo\",\n \"chaincodeFunctionArgs\": {},\n \"fabricUsername\"\ \ : \"$context.authorizer.claims['custom:fabricUsername']\"\n}" contentHandling: "CONVERT_TO_TEXT" type: "aws" Outputs: CognitoUserPoolID: Description: "Cognito User Pool ID" Value: !Ref CognitoUserPool CognitoAppClientID: Description: "Cognito App Client ID" Value: !Ref CognitoAppClient APIGatewayURL: Description: "API Gateway endpoint URL for Dev stage" Value: !Sub "https://${DonorsAPIGateway}.execute-api.${AWS::Region}.amazonaws.com/dev"