TechQA.

Add Cognito to Load Balancer Listener via AWS CLI

36 views Asked by At

I would like make use of AWS CLI to create a listener for my application load balancer.

aws elbv2 create-listener \
  --load-balancer-arn $ALB_ARN \
  --protocol HTTPS \
  --port 443 \
  --default-actions "Type=forward,TargetGroupArn=$TG_ARN" \
  --certificates CertificateArn=$CERT_ARN

I was able to create a listener on port 443 to forward to the target group. The shell variables represent the arn for the application load balancer (ALB), target group (TG) and certificate (CERT).

How can I add to this command Cognito authentication for an existing user pool? (It is either fine to modify the existing listener or to create a new one, however I need to do this via AWS CLI).

Thank you very much!

amazon-web-services amazon-cognito aws-cli
Original Q&A
1

There are 1 answers

0
Halod On BEST ANSWER

You will need to first create a JSON file with the actions mentioned. Below is an example taken from link:

[{
    "Type": "authenticate-cognito",
    "AuthenticateCognitoConfig": {
        "UserPoolArn": "arn:aws:cognito-idp:region-code:account-id:userpool/user-pool-id",
        "UserPoolClientId": "abcdefghijklmnopqrstuvwxyz123456789",
        "UserPoolDomain": "userPoolDomain1",
        "SessionCookieName": "my-cookie",
        "SessionTimeout": 3600,
        "Scope": "email",
        "AuthenticationRequestExtraParams": {
            "display": "page",
            "prompt": "login"
        },
        "OnUnauthenticatedRequest": "deny"
    },
    "Order": 1
},
{
    "Type": "forward",
    "TargetGroupArn": "arn:aws:elasticloadbalancing:region-code:account-id:targetgroup/target-group-name/target-group-id",
    "Order": 2
}]

In this, you will need to fill the lines UserPoolArn, UserPoolClientId, UserPoolDomain, TargetGroupArn and optinally SessionCookieName to meet your deployment. Once all is filled, below CLI will create a new HTTPS listener with Auth config:

aws elbv2 create-listener \
  --load-balancer-arn $ALB_ARN \
  --protocol HTTPS \
  --port 443 \
  --certificates CertificateArn=$CERT_ARN \
  --default-actions file://config.json

config.json is the file with the settings

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-COGNITO

Related Questions in AWS-CLI

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions