AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Serverless Solution Cognito / Api Gateway / Lambda Function / Amplify Environmental Variables on Amplify Environmental Variables on Lambda Function #################### PARAMETERS ############################# Parameters: AmplifyFrontendRepository: Type: String Description: 'Amplify Frontend Repository in the format: https:////' Default: '' OauthToken: Type: String Description: 'Access token for git provider repository' NoEcho: true Default: '' ########################### RESOURCES ################################ Resources: ##################### API ####################### myAPI: Type: AWS::Serverless::Api Description: Main API Properties: StageName: dev Cors: AllowMethods: "'GET, OPTIONS'" AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" AllowOrigin: "'*'" MaxAge: "'500'" Auth: AddDefaultAuthorizerToCorsPreflight: false DefaultAuthorizer: MyCognitoAuthorizer Authorizers: MyCognitoAuthorizer: UserPoolArn: !GetAtt rUserPool.Arn ##################### FUNCTIONS ################################ ################### LAMBDA ELASTICSEARCH ###################### myFunction: Type: AWS::Serverless::Function Properties: CodeUri: lambdaExample/ Handler: app.lambda_handler Runtime: python3.7 Events: EmyFunction: Type: Api Properties: Path: /lambdaExample Method: get RestApiId: Ref: myAPI Environment: Variables: cognito_region: !Ref AWS::Region user_pools_id: !Ref rUserPool user_pools_web_client_id: !Ref rAmplifyCognitoClient # INTEGRATION WITH FRONTEND ################################################################ ## COGNITO - USER POOL / USER POOL CLIENT rUserPool: Type: AWS::Cognito::UserPool Properties: AdminCreateUserConfig: AllowAdminCreateUserOnly: true AutoVerifiedAttributes: - email Schema: - AttributeDataType: String Mutable: true Name: given_name Required: true - AttributeDataType: String Mutable: true Name: family_name Required: true - AttributeDataType: String Mutable: false Name: email Required: true UsernameAttributes: - email UsernameConfiguration: CaseSensitive: false rAmplifyCognitoClient: Type: AWS::Cognito::UserPoolClient Properties: AccessTokenValidity: 1 AllowedOAuthFlows: - implicit AllowedOAuthFlowsUserPoolClient: true AllowedOAuthScopes: - email - openid - profile - aws.cognito.signin.user.admin CallbackURLs: - "http://localhost" EnableTokenRevocation: true ExplicitAuthFlows: - ALLOW_ADMIN_USER_PASSWORD_AUTH - ALLOW_CUSTOM_AUTH - ALLOW_USER_PASSWORD_AUTH - ALLOW_USER_SRP_AUTH - ALLOW_REFRESH_TOKEN_AUTH IdTokenValidity: 1 LogoutURLs: - "http://localhost" PreventUserExistenceErrors: ENABLED ReadAttributes: - given_name - family_name - email - email_verified RefreshTokenValidity: 1 SupportedIdentityProviders: - COGNITO TokenValidityUnits: AccessToken: hours IdToken: hours RefreshToken: days UserPoolId: !Ref rUserPool ################################################################# ################################################################# # AMPLIFY rAmplifyRole: Type: AWS::IAM::Role Properties: # RoleName: !Sub '${AWS::StackName}' AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - amplify.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: Amplify PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - "amplify:*" Resource: "*" rAmplifyApp: Type: AWS::Amplify::App Properties: Name: !Sub '${AWS::StackName}' Description: Matching Tool CustomRules: - Source: '' Target: '/index.html' Status: '200' EnvironmentVariables: # - Name: PROJECT_NAME # Value: !Ref pProjectName - Name: cognito_region Value: !Ref AWS::Region - Name: user_pools_id Value: !Ref rUserPool - Name: user_pools_web_client_id Value: !Ref rAmplifyCognitoClient - Name: APIURL Value: !Sub "https://${myAPI}.execute-api.${AWS::Region}.amazonaws.com/dev" Repository: !Ref AmplifyFrontendRepository OauthToken: !Ref OauthToken IAMServiceRole: !GetAtt rAmplifyRole.Arn rAmplifyBranch: Type: AWS::Amplify::Branch Properties: BranchName: 'main' AppId: !GetAtt rAmplifyApp.AppId Description: Branch EnableAutoBuild: true # OUTPUTS ################################################################# Outputs: CognitoRegion: Description: Cognito Region Value: !Ref AWS::Region Export: Name: CognitoRegion CognitoUserPool: Description: Cognito User Pool Value: !Ref rUserPool Export: Name: CognitoUserPool CognitoUserPoolClient: Description: Cognito User Pool Client Value: !Ref rAmplifyCognitoClient Export: Name: CognitoUserPoolClient APIurl: Description: API url Value: !Sub "https://${myAPI}.execute-api.${AWS::Region}.amazonaws.com/dev" Export: Name: APIurl