UNPKG

@rayova/cdk-cognito-secret

Version:

Export Cognito client secrets to Secrets Manager

github.com/rayova/cdk-cognito-secret

rayova/cdk-cognito-secret

83 lines (81 loc) 3.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
var __create = Object.create; var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __getProtoOf = Object.getPrototypeOf; var __hasOwnProp = Object.prototype.hasOwnProperty; var __markAsModule = (target) => __defProp(target, "__esModule", { value: true }); var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __reExport = (target, module2, copyDefault, desc) => { if (module2 && typeof module2 === "object" || typeof module2 === "function") { for (let key of __getOwnPropNames(module2)) if (!__hasOwnProp.call(target, key) && (copyDefault || key !== "default")) __defProp(target, key, { get: () => module2[key], enumerable: !(desc = __getOwnPropDesc(module2, key)) || desc.enumerable }); } return target; }; var __toESM = (module2, isNodeMode) => { return __reExport(__markAsModule(__defProp(module2 != null ? __create(__getProtoOf(module2)) : {}, "default", !isNodeMode && module2 && module2.__esModule ? { get: () => module2.default, enumerable: true } : { value: module2, enumerable: true })), module2); }; var __toCommonJS = /* @__PURE__ */ ((cache) => { return (module2, temp) => { return cache && cache.get(module2) || (temp = __reExport(__markAsModule({}), module2, 1), cache && cache.set(module2, temp), temp); }; })(typeof WeakMap !== "undefined" ? /* @__PURE__ */ new WeakMap() : 0); // src/user-pool-client-secret.lambda.ts var user_pool_client_secret_lambda_exports = {}; __export(user_pool_client_secret_lambda_exports, { handler: () => handler }); var AWS = __toESM(require("aws-sdk")); async function handler(event) { console.log("event =", event); const requestType = event.RequestType; if (!requestType) { throw new Error("Request type not specified"); } if (requestType === "Delete") { return {}; } const resourceProperties = event.ResourceProperties ?? {}; function getResourceProperty(name) { const value = resourceProperties[name]; if (value === void 0) { throw new Error(`Resource is missing the ${name} property`); } return value; } const userPoolId = getResourceProperty("userPoolId"); const userPoolClientId = getResourceProperty("userPoolClientId"); const userPoolRegion = resourceProperties.userPoolRegion ?? void 0; const secretArn = getResourceProperty("secretArn"); const issuer = getResourceProperty("issuer"); const secretArnParts = secretArn.split(":"); const secretRegion = secretArnParts[3]; const idsp = new AWS.CognitoIdentityServiceProvider({ region: userPoolRegion }); const sm = new AWS.SecretsManager({ region: secretRegion }); const { UserPoolClient } = await idsp.describeUserPoolClient({ UserPoolId: userPoolId, ClientId: userPoolClientId }).promise(); if (!UserPoolClient) { throw new Error("Received an empty UserPoolClient when describing the user pool client"); } await sm.putSecretValue({ SecretId: secretArn, SecretString: JSON.stringify({ issuer, clientId: UserPoolClient.ClientId, clientSecret: UserPoolClient.ClientSecret }) }).promise(); return {}; } module.exports = __toCommonJS(user_pool_client_secret_lambda_exports); // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { handler });