@ttoss/cloud-auth 0.12.19 → 0.12.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/package.json +3 -3
  2. package/dist/esm/index.js +0 -299
  3. package/dist/index.d.mts +0 -45
  4. package/dist/index.d.ts +0 -45
  5. package/dist/index.js +0 -335
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ttoss/cloud-auth",
3
- "version": "0.12.19",
3
+ "version": "0.12.20",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "https://github.com/ttoss/ttoss.git",
@@ -19,14 +19,14 @@
19
19
  ],
20
20
  "sideEffects": false,
21
21
  "dependencies": {
22
- "@ttoss/cloudformation": "^0.10.8"
22
+ "@ttoss/cloudformation": "^0.10.9"
23
23
  },
24
24
  "devDependencies": {
25
25
  "@types/jest": "^29.5.13",
26
26
  "jest": "^29.7.0",
27
27
  "tsup": "^8.3.0",
28
28
  "typescript": "~5.6.2",
29
- "@ttoss/config": "^1.32.10"
29
+ "@ttoss/config": "^1.33.0"
30
30
  },
31
31
  "publishConfig": {
32
32
  "access": "public",
package/dist/esm/index.js DELETED
@@ -1,299 +0,0 @@
1
- /** Powered by @ttoss/config. https://ttoss.dev/docs/modules/packages/config/ */
2
-
3
- // src/config.ts
4
- var PASSWORD_MINIMUM_LENGTH = 8;
5
-
6
- // src/template.ts
7
- var CognitoUserPoolLogicalId = "CognitoUserPool";
8
- var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
9
- var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
10
- var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
11
- var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
12
- var DenyStatement = {
13
- Effect: "Deny",
14
- Action: ["*"],
15
- Resource: ["*"]
16
- };
17
- var defaultPrincipalTags = {
18
- appClientId: "aud",
19
- userId: "sub"
20
- };
21
- var createAuthTemplate = ({
22
- autoVerifiedAttributes = ["email"],
23
- identityPool,
24
- schema,
25
- usernameAttributes = ["email"]
26
- } = {}) => {
27
- const AutoVerifiedAttributes = Array.isArray(autoVerifiedAttributes) && autoVerifiedAttributes.length > 0 ? autoVerifiedAttributes : [];
28
- const template = {
29
- AWSTemplateFormatVersion: "2010-09-09",
30
- Resources: {
31
- [CognitoUserPoolLogicalId]: {
32
- /**
33
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
34
- */
35
- Type: "AWS::Cognito::UserPool",
36
- Properties: {
37
- AutoVerifiedAttributes,
38
- Policies: {
39
- PasswordPolicy: {
40
- MinimumLength: PASSWORD_MINIMUM_LENGTH,
41
- RequireLowercase: false,
42
- RequireNumbers: false,
43
- RequireSymbols: false,
44
- RequireUppercase: false,
45
- TemporaryPasswordValidityDays: 30
46
- }
47
- },
48
- UsernameAttributes: usernameAttributes,
49
- UsernameConfiguration: {
50
- CaseSensitive: false
51
- },
52
- UserPoolName: {
53
- Ref: "AWS::StackName"
54
- }
55
- }
56
- },
57
- [CognitoUserPoolClientLogicalId]: {
58
- /**
59
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
60
- */
61
- Type: "AWS::Cognito::UserPoolClient",
62
- Properties: {
63
- SupportedIdentityProviders: ["COGNITO"],
64
- UserPoolId: {
65
- Ref: "CognitoUserPool"
66
- }
67
- }
68
- }
69
- },
70
- Outputs: {
71
- Region: {
72
- Description: "You use this value on Amplify Auth `region`.",
73
- Value: {
74
- Ref: "AWS::Region"
75
- },
76
- Export: {
77
- Name: {
78
- "Fn::Join": [":", [{
79
- Ref: "AWS::StackName"
80
- }, "Region"]]
81
- }
82
- }
83
- },
84
- UserPoolId: {
85
- Description: "You use this value on Amplify Auth `userPoolId`.",
86
- Value: {
87
- Ref: CognitoUserPoolLogicalId
88
- },
89
- Export: {
90
- Name: {
91
- "Fn::Join": [":", [{
92
- Ref: "AWS::StackName"
93
- }, "UserPoolId"]]
94
- }
95
- }
96
- },
97
- AppClientId: {
98
- Description: "You use this value on Amplify Auth `userPoolWebClientId`.",
99
- Value: {
100
- Ref: CognitoUserPoolClientLogicalId
101
- },
102
- Export: {
103
- Name: {
104
- "Fn::Join": [":", [{
105
- Ref: "AWS::StackName"
106
- }, "AppClientId"]]
107
- }
108
- }
109
- }
110
- }
111
- };
112
- if (schema) {
113
- const Schema = schema.map(attribute => {
114
- let NumberAttributeConstraints = void 0;
115
- if (attribute.numberAttributeConstraints) {
116
- NumberAttributeConstraints = {
117
- MaxValue: attribute.numberAttributeConstraints?.maxValue,
118
- MinValue: attribute.numberAttributeConstraints?.minValue
119
- };
120
- }
121
- let StringAttributeConstraints = void 0;
122
- if (attribute.stringAttributeConstraints) {
123
- StringAttributeConstraints = {
124
- MaxLength: attribute.stringAttributeConstraints?.maxLength,
125
- MinLength: attribute.stringAttributeConstraints?.minLength
126
- };
127
- }
128
- return {
129
- AttributeDataType: attribute.attributeDataType,
130
- DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
131
- Mutable: attribute.mutable,
132
- Name: attribute.name,
133
- NumberAttributeConstraints,
134
- Required: attribute.required,
135
- StringAttributeConstraints
136
- };
137
- });
138
- template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
139
- }
140
- if (identityPool?.enabled) {
141
- template.Resources[CognitoIdentityPoolLogicalId] = {
142
- /**
143
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
144
- */
145
- Type: "AWS::Cognito::IdentityPool",
146
- Properties: {
147
- AllowUnauthenticatedIdentities: identityPool.allowUnauthenticatedIdentities || false,
148
- CognitoIdentityProviders: [{
149
- ClientId: {
150
- Ref: CognitoUserPoolClientLogicalId
151
- },
152
- ProviderName: {
153
- "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
154
- }
155
- }]
156
- }
157
- };
158
- if (identityPool.name) {
159
- template.Resources[CognitoIdentityPoolLogicalId].Properties.IdentityPoolName = identityPool.name;
160
- }
161
- template.Resources.CognitoIdentityPoolRoleAttachment = {
162
- /**
163
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
164
- */
165
- Type: "AWS::Cognito::IdentityPoolRoleAttachment",
166
- Properties: {
167
- IdentityPoolId: {
168
- Ref: CognitoIdentityPoolLogicalId
169
- },
170
- Roles: {}
171
- }
172
- };
173
- if (!identityPool.authenticatedRoleArn) {
174
- template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
175
- Type: "AWS::IAM::Role",
176
- Properties: {
177
- AssumeRolePolicyDocument: {
178
- Version: "2012-10-17",
179
- Statement: [{
180
- Effect: "Allow",
181
- Principal: {
182
- Federated: "cognito-identity.amazonaws.com"
183
- },
184
- Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
185
- Condition: {
186
- StringEquals: {
187
- "cognito-identity.amazonaws.com:aud": {
188
- Ref: CognitoIdentityPoolLogicalId
189
- }
190
- },
191
- "ForAnyValue:StringLike": {
192
- "cognito-identity.amazonaws.com:amr": "authenticated"
193
- }
194
- }
195
- }]
196
- },
197
- Policies: identityPool.authenticatedPolicies || [{
198
- PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
199
- PolicyDocument: {
200
- Version: "2012-10-17",
201
- Statement: [DenyStatement]
202
- }
203
- }]
204
- }
205
- };
206
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = {
207
- "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
208
- };
209
- } else {
210
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = identityPool.authenticatedRoleArn;
211
- }
212
- if (!identityPool.unauthenticatedRoleArn) {
213
- template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
214
- Type: "AWS::IAM::Role",
215
- Properties: {
216
- AssumeRolePolicyDocument: {
217
- Version: "2012-10-17",
218
- Statement: [{
219
- Effect: "Allow",
220
- Principal: {
221
- Federated: "cognito-identity.amazonaws.com"
222
- },
223
- Action: "sts:AssumeRoleWithWebIdentity",
224
- Condition: {
225
- StringEquals: {
226
- "cognito-identity.amazonaws.com:aud": {
227
- Ref: CognitoIdentityPoolLogicalId
228
- }
229
- },
230
- "ForAnyValue:StringLike": {
231
- "cognito-identity.amazonaws.com:amr": "unauthenticated"
232
- }
233
- }
234
- }]
235
- },
236
- Policies: identityPool.authenticatedPolicies || [{
237
- PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
238
- PolicyDocument: {
239
- Version: "2012-10-17",
240
- Statement: [DenyStatement]
241
- }
242
- }]
243
- }
244
- };
245
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = {
246
- "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
247
- };
248
- } else {
249
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = identityPool.unauthenticatedRoleArn;
250
- }
251
- if (identityPool.principalTags || identityPool.principalTags === void 0) {
252
- const PrincipalTags = (() => {
253
- if (typeof identityPool.principalTags === "boolean") {
254
- return defaultPrincipalTags;
255
- }
256
- if (identityPool.principalTags === void 0) {
257
- return defaultPrincipalTags;
258
- }
259
- return identityPool.principalTags;
260
- })();
261
- template.Resources.CognitoIdentityPoolPrincipalTag = {
262
- Type: "AWS::Cognito::IdentityPoolPrincipalTag",
263
- Properties: {
264
- IdentityPoolId: {
265
- Ref: CognitoIdentityPoolLogicalId
266
- },
267
- IdentityProviderName: {
268
- "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
269
- },
270
- PrincipalTags,
271
- UseDefaults: false
272
- }
273
- };
274
- }
275
- if (!template.Outputs) {
276
- template.Outputs = {};
277
- }
278
- template.Outputs.IdentityPoolId = {
279
- Description: "You use this value on Amplify Auth `identityPoolId`.",
280
- Value: {
281
- Ref: CognitoIdentityPoolLogicalId
282
- },
283
- Export: {
284
- Name: {
285
- "Fn::Join": [":", [{
286
- Ref: "AWS::StackName"
287
- }, "CognitoIdentityPoolId"]]
288
- }
289
- }
290
- };
291
- }
292
- return template;
293
- };
294
- createAuthTemplate.CognitoUserPoolLogicalId = CognitoUserPoolLogicalId;
295
- createAuthTemplate.CognitoUserPoolClientLogicalId = CognitoUserPoolClientLogicalId;
296
- createAuthTemplate.CognitoIdentityPoolLogicalId = CognitoIdentityPoolLogicalId;
297
- createAuthTemplate.IdentityPoolAuthenticatedIAMRoleLogicalId = IdentityPoolAuthenticatedIAMRoleLogicalId;
298
- createAuthTemplate.IdentityPoolUnauthenticatedIAMRoleLogicalId = IdentityPoolUnauthenticatedIAMRoleLogicalId;
299
- export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };
package/dist/index.d.mts DELETED
@@ -1,45 +0,0 @@
1
- import { Policy } from '@ttoss/cloudformation';
2
-
3
- declare const PASSWORD_MINIMUM_LENGTH = 8;
4
-
5
- declare const createAuthTemplate: {
6
- ({ autoVerifiedAttributes, identityPool, schema, usernameAttributes, }?: {
7
- autoVerifiedAttributes?: Array<"email" | "phone_number"> | null | false;
8
- identityPool?: {
9
- enabled?: boolean;
10
- name?: string;
11
- allowUnauthenticatedIdentities?: boolean;
12
- authenticatedRoleArn?: string;
13
- authenticatedPolicies?: Policy[];
14
- unauthenticatedRoleArn?: string;
15
- unauthenticatedPolicies?: Policy[];
16
- principalTags?: Record<string, string> | boolean;
17
- };
18
- /**
19
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html
20
- */
21
- schema?: {
22
- attributeDataType?: "Boolean" | "DateTime" | "Number" | "String";
23
- developerOnlyAttribute?: boolean;
24
- mutable?: boolean;
25
- name?: string;
26
- numberAttributeConstraints?: {
27
- maxValue?: string;
28
- minValue?: string;
29
- };
30
- required?: boolean;
31
- stringAttributeConstraints?: {
32
- maxLength: string;
33
- minLength: string;
34
- };
35
- }[];
36
- usernameAttributes?: Array<"email" | "phone_number"> | null;
37
- }): any;
38
- CognitoUserPoolLogicalId: string;
39
- CognitoUserPoolClientLogicalId: string;
40
- CognitoIdentityPoolLogicalId: string;
41
- IdentityPoolAuthenticatedIAMRoleLogicalId: string;
42
- IdentityPoolUnauthenticatedIAMRoleLogicalId: string;
43
- };
44
-
45
- export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };
package/dist/index.d.ts DELETED
@@ -1,45 +0,0 @@
1
- import { Policy } from '@ttoss/cloudformation';
2
-
3
- declare const PASSWORD_MINIMUM_LENGTH = 8;
4
-
5
- declare const createAuthTemplate: {
6
- ({ autoVerifiedAttributes, identityPool, schema, usernameAttributes, }?: {
7
- autoVerifiedAttributes?: Array<"email" | "phone_number"> | null | false;
8
- identityPool?: {
9
- enabled?: boolean;
10
- name?: string;
11
- allowUnauthenticatedIdentities?: boolean;
12
- authenticatedRoleArn?: string;
13
- authenticatedPolicies?: Policy[];
14
- unauthenticatedRoleArn?: string;
15
- unauthenticatedPolicies?: Policy[];
16
- principalTags?: Record<string, string> | boolean;
17
- };
18
- /**
19
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html
20
- */
21
- schema?: {
22
- attributeDataType?: "Boolean" | "DateTime" | "Number" | "String";
23
- developerOnlyAttribute?: boolean;
24
- mutable?: boolean;
25
- name?: string;
26
- numberAttributeConstraints?: {
27
- maxValue?: string;
28
- minValue?: string;
29
- };
30
- required?: boolean;
31
- stringAttributeConstraints?: {
32
- maxLength: string;
33
- minLength: string;
34
- };
35
- }[];
36
- usernameAttributes?: Array<"email" | "phone_number"> | null;
37
- }): any;
38
- CognitoUserPoolLogicalId: string;
39
- CognitoUserPoolClientLogicalId: string;
40
- CognitoIdentityPoolLogicalId: string;
41
- IdentityPoolAuthenticatedIAMRoleLogicalId: string;
42
- IdentityPoolUnauthenticatedIAMRoleLogicalId: string;
43
- };
44
-
45
- export { PASSWORD_MINIMUM_LENGTH, createAuthTemplate };
package/dist/index.js DELETED
@@ -1,335 +0,0 @@
1
- /** Powered by @ttoss/config. https://ttoss.dev/docs/modules/packages/config/ */
2
- "use strict";
3
-
4
- var __defProp = Object.defineProperty;
5
- var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
6
- var __getOwnPropNames = Object.getOwnPropertyNames;
7
- var __hasOwnProp = Object.prototype.hasOwnProperty;
8
- var __export = (target, all) => {
9
- for (var name in all) __defProp(target, name, {
10
- get: all[name],
11
- enumerable: true
12
- });
13
- };
14
- var __copyProps = (to, from, except, desc) => {
15
- if (from && typeof from === "object" || typeof from === "function") {
16
- for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
17
- get: () => from[key],
18
- enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
19
- });
20
- }
21
- return to;
22
- };
23
- var __toCommonJS = mod => __copyProps(__defProp({}, "__esModule", {
24
- value: true
25
- }), mod);
26
-
27
- // src/index.ts
28
- var src_exports = {};
29
- __export(src_exports, {
30
- PASSWORD_MINIMUM_LENGTH: () => PASSWORD_MINIMUM_LENGTH,
31
- createAuthTemplate: () => createAuthTemplate
32
- });
33
- module.exports = __toCommonJS(src_exports);
34
-
35
- // src/config.ts
36
- var PASSWORD_MINIMUM_LENGTH = 8;
37
-
38
- // src/template.ts
39
- var CognitoUserPoolLogicalId = "CognitoUserPool";
40
- var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
41
- var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
42
- var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
43
- var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
44
- var DenyStatement = {
45
- Effect: "Deny",
46
- Action: ["*"],
47
- Resource: ["*"]
48
- };
49
- var defaultPrincipalTags = {
50
- appClientId: "aud",
51
- userId: "sub"
52
- };
53
- var createAuthTemplate = ({
54
- autoVerifiedAttributes = ["email"],
55
- identityPool,
56
- schema,
57
- usernameAttributes = ["email"]
58
- } = {}) => {
59
- const AutoVerifiedAttributes = Array.isArray(autoVerifiedAttributes) && autoVerifiedAttributes.length > 0 ? autoVerifiedAttributes : [];
60
- const template = {
61
- AWSTemplateFormatVersion: "2010-09-09",
62
- Resources: {
63
- [CognitoUserPoolLogicalId]: {
64
- /**
65
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
66
- */
67
- Type: "AWS::Cognito::UserPool",
68
- Properties: {
69
- AutoVerifiedAttributes,
70
- Policies: {
71
- PasswordPolicy: {
72
- MinimumLength: PASSWORD_MINIMUM_LENGTH,
73
- RequireLowercase: false,
74
- RequireNumbers: false,
75
- RequireSymbols: false,
76
- RequireUppercase: false,
77
- TemporaryPasswordValidityDays: 30
78
- }
79
- },
80
- UsernameAttributes: usernameAttributes,
81
- UsernameConfiguration: {
82
- CaseSensitive: false
83
- },
84
- UserPoolName: {
85
- Ref: "AWS::StackName"
86
- }
87
- }
88
- },
89
- [CognitoUserPoolClientLogicalId]: {
90
- /**
91
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
92
- */
93
- Type: "AWS::Cognito::UserPoolClient",
94
- Properties: {
95
- SupportedIdentityProviders: ["COGNITO"],
96
- UserPoolId: {
97
- Ref: "CognitoUserPool"
98
- }
99
- }
100
- }
101
- },
102
- Outputs: {
103
- Region: {
104
- Description: "You use this value on Amplify Auth `region`.",
105
- Value: {
106
- Ref: "AWS::Region"
107
- },
108
- Export: {
109
- Name: {
110
- "Fn::Join": [":", [{
111
- Ref: "AWS::StackName"
112
- }, "Region"]]
113
- }
114
- }
115
- },
116
- UserPoolId: {
117
- Description: "You use this value on Amplify Auth `userPoolId`.",
118
- Value: {
119
- Ref: CognitoUserPoolLogicalId
120
- },
121
- Export: {
122
- Name: {
123
- "Fn::Join": [":", [{
124
- Ref: "AWS::StackName"
125
- }, "UserPoolId"]]
126
- }
127
- }
128
- },
129
- AppClientId: {
130
- Description: "You use this value on Amplify Auth `userPoolWebClientId`.",
131
- Value: {
132
- Ref: CognitoUserPoolClientLogicalId
133
- },
134
- Export: {
135
- Name: {
136
- "Fn::Join": [":", [{
137
- Ref: "AWS::StackName"
138
- }, "AppClientId"]]
139
- }
140
- }
141
- }
142
- }
143
- };
144
- if (schema) {
145
- const Schema = schema.map(attribute => {
146
- let NumberAttributeConstraints = void 0;
147
- if (attribute.numberAttributeConstraints) {
148
- NumberAttributeConstraints = {
149
- MaxValue: attribute.numberAttributeConstraints?.maxValue,
150
- MinValue: attribute.numberAttributeConstraints?.minValue
151
- };
152
- }
153
- let StringAttributeConstraints = void 0;
154
- if (attribute.stringAttributeConstraints) {
155
- StringAttributeConstraints = {
156
- MaxLength: attribute.stringAttributeConstraints?.maxLength,
157
- MinLength: attribute.stringAttributeConstraints?.minLength
158
- };
159
- }
160
- return {
161
- AttributeDataType: attribute.attributeDataType,
162
- DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
163
- Mutable: attribute.mutable,
164
- Name: attribute.name,
165
- NumberAttributeConstraints,
166
- Required: attribute.required,
167
- StringAttributeConstraints
168
- };
169
- });
170
- template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
171
- }
172
- if (identityPool?.enabled) {
173
- template.Resources[CognitoIdentityPoolLogicalId] = {
174
- /**
175
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
176
- */
177
- Type: "AWS::Cognito::IdentityPool",
178
- Properties: {
179
- AllowUnauthenticatedIdentities: identityPool.allowUnauthenticatedIdentities || false,
180
- CognitoIdentityProviders: [{
181
- ClientId: {
182
- Ref: CognitoUserPoolClientLogicalId
183
- },
184
- ProviderName: {
185
- "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
186
- }
187
- }]
188
- }
189
- };
190
- if (identityPool.name) {
191
- template.Resources[CognitoIdentityPoolLogicalId].Properties.IdentityPoolName = identityPool.name;
192
- }
193
- template.Resources.CognitoIdentityPoolRoleAttachment = {
194
- /**
195
- * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
196
- */
197
- Type: "AWS::Cognito::IdentityPoolRoleAttachment",
198
- Properties: {
199
- IdentityPoolId: {
200
- Ref: CognitoIdentityPoolLogicalId
201
- },
202
- Roles: {}
203
- }
204
- };
205
- if (!identityPool.authenticatedRoleArn) {
206
- template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
207
- Type: "AWS::IAM::Role",
208
- Properties: {
209
- AssumeRolePolicyDocument: {
210
- Version: "2012-10-17",
211
- Statement: [{
212
- Effect: "Allow",
213
- Principal: {
214
- Federated: "cognito-identity.amazonaws.com"
215
- },
216
- Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
217
- Condition: {
218
- StringEquals: {
219
- "cognito-identity.amazonaws.com:aud": {
220
- Ref: CognitoIdentityPoolLogicalId
221
- }
222
- },
223
- "ForAnyValue:StringLike": {
224
- "cognito-identity.amazonaws.com:amr": "authenticated"
225
- }
226
- }
227
- }]
228
- },
229
- Policies: identityPool.authenticatedPolicies || [{
230
- PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
231
- PolicyDocument: {
232
- Version: "2012-10-17",
233
- Statement: [DenyStatement]
234
- }
235
- }]
236
- }
237
- };
238
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = {
239
- "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
240
- };
241
- } else {
242
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = identityPool.authenticatedRoleArn;
243
- }
244
- if (!identityPool.unauthenticatedRoleArn) {
245
- template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
246
- Type: "AWS::IAM::Role",
247
- Properties: {
248
- AssumeRolePolicyDocument: {
249
- Version: "2012-10-17",
250
- Statement: [{
251
- Effect: "Allow",
252
- Principal: {
253
- Federated: "cognito-identity.amazonaws.com"
254
- },
255
- Action: "sts:AssumeRoleWithWebIdentity",
256
- Condition: {
257
- StringEquals: {
258
- "cognito-identity.amazonaws.com:aud": {
259
- Ref: CognitoIdentityPoolLogicalId
260
- }
261
- },
262
- "ForAnyValue:StringLike": {
263
- "cognito-identity.amazonaws.com:amr": "unauthenticated"
264
- }
265
- }
266
- }]
267
- },
268
- Policies: identityPool.authenticatedPolicies || [{
269
- PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
270
- PolicyDocument: {
271
- Version: "2012-10-17",
272
- Statement: [DenyStatement]
273
- }
274
- }]
275
- }
276
- };
277
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = {
278
- "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
279
- };
280
- } else {
281
- template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = identityPool.unauthenticatedRoleArn;
282
- }
283
- if (identityPool.principalTags || identityPool.principalTags === void 0) {
284
- const PrincipalTags = (() => {
285
- if (typeof identityPool.principalTags === "boolean") {
286
- return defaultPrincipalTags;
287
- }
288
- if (identityPool.principalTags === void 0) {
289
- return defaultPrincipalTags;
290
- }
291
- return identityPool.principalTags;
292
- })();
293
- template.Resources.CognitoIdentityPoolPrincipalTag = {
294
- Type: "AWS::Cognito::IdentityPoolPrincipalTag",
295
- Properties: {
296
- IdentityPoolId: {
297
- Ref: CognitoIdentityPoolLogicalId
298
- },
299
- IdentityProviderName: {
300
- "Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
301
- },
302
- PrincipalTags,
303
- UseDefaults: false
304
- }
305
- };
306
- }
307
- if (!template.Outputs) {
308
- template.Outputs = {};
309
- }
310
- template.Outputs.IdentityPoolId = {
311
- Description: "You use this value on Amplify Auth `identityPoolId`.",
312
- Value: {
313
- Ref: CognitoIdentityPoolLogicalId
314
- },
315
- Export: {
316
- Name: {
317
- "Fn::Join": [":", [{
318
- Ref: "AWS::StackName"
319
- }, "CognitoIdentityPoolId"]]
320
- }
321
- }
322
- };
323
- }
324
- return template;
325
- };
326
- createAuthTemplate.CognitoUserPoolLogicalId = CognitoUserPoolLogicalId;
327
- createAuthTemplate.CognitoUserPoolClientLogicalId = CognitoUserPoolClientLogicalId;
328
- createAuthTemplate.CognitoIdentityPoolLogicalId = CognitoIdentityPoolLogicalId;
329
- createAuthTemplate.IdentityPoolAuthenticatedIAMRoleLogicalId = IdentityPoolAuthenticatedIAMRoleLogicalId;
330
- createAuthTemplate.IdentityPoolUnauthenticatedIAMRoleLogicalId = IdentityPoolUnauthenticatedIAMRoleLogicalId;
331
- // Annotate the CommonJS export names for ESM import in node:
332
- 0 && (module.exports = {
333
- PASSWORD_MINIMUM_LENGTH,
334
- createAuthTemplate
335
- });