Home/iptv-manager-service
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added cognito authentication - Fix 1
All checks were successful
AWS Deploy on Push / build (push) Successful in 1m28s
Details

Browse Source
This commit is contained in:
Stefano Fiorini
2025-05-15 15:33:12 -05:00
parent a07a28525f
commit 749e66e63f
5 changed files with 91 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
infrastructure/stack.py
View File

@@ -70,20 +70,13 @@ class IptvUpdaterStack(Stack):
"AmazonSSMManagedInstanceCore"
)
)
# Read the userdata script with proper path resolution
script_dir = os.path.dirname(os.path.abspath(__file__))
userdata_path = os.path.join(script_dir, "userdata.sh")
userdata_file = open(userdata_path, "rb").read()
# Creates a userdata object for Linux hosts
userdata = ec2.UserData.for_linux()
# Adds one or more commands to the userdata object.
userdata.add_commands(
f'echo "COGNITO_USER_POOL_ID={user_pool.user_pool_id}" >> /etc/environment',
f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment'
# Add Cognito permissions to instance role
role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonCognitoReadOnly"
)
)
userdata.add_commands(str(userdata_file, 'utf-8'))
# EC2 Instance
instance = ec2.Instance(
@@ -98,8 +91,7 @@ class IptvUpdaterStack(Stack):
),
security_group=security_group,
key_pair=key_pair,
role=role,
user_data=userdata,
role=role
)
# Create Elastic IP
@@ -117,37 +109,55 @@ class IptvUpdaterStack(Stack):
password_policy=cognito.PasswordPolicy(
min_length=8,
require_lowercase=True,
require_numbers=True,
require_digits=True,
require_symbols=True,
require_uppercase=True
),
account_recovery=cognito.AccountRecovery.EMAIL_ONLY
)
# Add App Client
# Add App Client with the correct callback URL
client = user_pool.add_client("IptvUpdaterClient",
o_auth=cognito.OAuthSettings(
flows=cognito.OAuthFlows(
authorization_code_grant=True
),
scopes=[cognito.OAuthScope.OPENID],
callback_urls=[f"https://{instance.instance_public_dns_name}/auth/callback"]
callback_urls=[
"http://localhost:8000/auth/callback", # For local testing
"https://*.amazonaws.com/auth/callback" # Will match EC2 public DNS
]
)
)
# Add Cognito permissions to instance role
role.add_managed_policy(
iam.ManagedPolicy.from_aws_managed_policy_name(
"AmazonCognitoReadOnly"
# Add domain for hosted UI
domain = user_pool.add_domain("IptvUpdaterDomain",
cognito_domain=cognito.CognitoDomainOptions(
domain_prefix="iptv-updater"
)
)
# Read the userdata script with proper path resolution
script_dir = os.path.dirname(os.path.abspath(__file__))
userdata_path = os.path.join(script_dir, "userdata.sh")
userdata_file = open(userdata_path, "rb").read()
# Output the public DNS name
CfnOutput(
self, "InstancePublicDNS",
value=instance.instance_public_dns_name,
# Creates a userdata object for Linux hosts
userdata = ec2.UserData.for_linux()
# Adds one or more commands to the userdata object.
userdata.add_commands(
f'echo "COGNITO_USER_POOL_ID={user_pool.user_pool_id}" >> /etc/environment',
f'echo "COGNITO_CLIENT_ID={client.user_pool_client_id}" >> /etc/environment'
)
userdata.add_commands(str(userdata_file, 'utf-8'))
# Output Cognito information
# Update instance with userdata
instance.add_user_data(userdata.render())
# Outputs
CfnOutput(self, "InstancePublicIP", value=eip.attr_public_ip)
CfnOutput(self, "UserPoolId", value=user_pool.user_pool_id)
CfnOutput(self, "UserPoolClientId", value=client.user_pool_client_id)
CfnOutput(self, "UserPoolClientId", value=client.user_pool_client_id)
CfnOutput(self, "CognitoDomainUrl",
value=f"https://{domain.domain_name}.auth.{self.region}.amazoncognito.com"
)