UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

84 lines (83 loc) 2.93 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import { Construct, IConstruct } from 'constructs'; import * as cognito from '../../aws-cognito'; import * as elbv2 from '../../aws-elasticloadbalancingv2'; import { Duration } from '../../core'; /** * Properties for AuthenticateCognitoAction */ export interface AuthenticateCognitoActionProps { /** * What action to execute next * * Multiple actions form a linked chain; the chain must always terminate in a * (weighted)forward, fixedResponse or redirect action. */ readonly next: elbv2.ListenerAction; /** * The Amazon Cognito user pool. */ readonly userPool: cognito.IUserPool; /** * The Amazon Cognito user pool client. */ readonly userPoolClient: cognito.IUserPoolClient; /** * The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. */ readonly userPoolDomain: cognito.IUserPoolDomain; /** * The query parameters (up to 10) to include in the redirect request to the authorization endpoint. * * @default - No extra parameters */ readonly authenticationRequestExtraParams?: Record<string, string>; /** * The behavior if the user is not authenticated. * * @default UnauthenticatedAction.AUTHENTICATE */ readonly onUnauthenticatedRequest?: elbv2.UnauthenticatedAction; /** * The set of user claims to be requested from the IdP. * * To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. * * @default "openid" */ readonly scope?: string; /** * The name of the cookie used to maintain session information. * * @default "AWSELBAuthSessionCookie" */ readonly sessionCookieName?: string; /** * The maximum duration of the authentication session. * * @default Duration.days(7) */ readonly sessionTimeout?: Duration; /** * Allow HTTPS outbound traffic to communicate with the IdP. * * Set this property to false if the IP address used for the IdP endpoint is identifiable * and you want to control outbound traffic. * Then allow HTTPS outbound traffic to the IdP's IP address using the listener's `connections` property. * * @default true * @see https://repost.aws/knowledge-center/elb-configure-authentication-alb */ readonly allowHttpsOutbound?: boolean; } /** * A Listener Action to authenticate with Cognito */ export declare class AuthenticateCognitoAction extends elbv2.ListenerAction { private static config; private readonly allowHttpsOutbound; /** * Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) */ constructor(options: AuthenticateCognitoActionProps); bind(scope: Construct, listener: elbv2.IApplicationListener, associatingConstruct?: IConstruct | undefined): void; }