diff --git a/infra/backend.ts b/infra/backend.ts index b7c5933..18bcba9 100644 --- a/infra/backend.ts +++ b/infra/backend.ts @@ -99,17 +99,19 @@ new aws.iam.RolePolicy(`${prefix}-api-role-policy`, { // ---- cognito ---- -const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, { +export const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, { tags, autoVerifiedAttributes: ["email"], usernameAttributes: ["email"], passwordPolicy: { minimumLength: 8, - requireSymbols: true, + requireLowercase: true, + requireUppercase: true, requireNumbers: true, }, }); -new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, { +export const userPoolClient = new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, { userPoolId: userPool.id, generateSecret: false, + preventUserExistenceErrors: "ENABLED", }); diff --git a/infra/deployment.ts b/infra/deployment.ts index 149b75d..70ba581 100644 --- a/infra/deployment.ts +++ b/infra/deployment.ts @@ -91,9 +91,26 @@ const codebuild = new aws.codebuild.Project(`${prefix}-codebuild`, { image: "aws/codebuild/standard:7.0", type: "LINUX_CONTAINER", environmentVariables: [ - { name: "IMBUSY_BE_LAMBDA", value: backend.lambda.name, }, - { name: "IMBUSY_BE_BUCKET", value: backend.bucket.bucket, }, - { name: "IMBUSY_FE_BUCKET", value: frontend.bucket.bucket, }, + { + name: "IMBUSY_BE_USERPOOL_CLI", + value: backend.userPoolClient.id, + }, + { + name: "IMBUSY_BE_LAMBDA", + value: backend.lambda.name, + }, + { + name: "IMBUSY_BE_BUCKET", + value: backend.bucket.bucket, + }, + { + name: "IMBUSY_FE_BUCKET", + value: frontend.bucket.bucket, + }, + { + name: "IMBUSY_FE_USERPOOL_URL", + value: frontend.userPoolUrl, + }, ], }, serviceRole: role.arn, diff --git a/infra/frontend.ts b/infra/frontend.ts index 257e233..a575b0d 100644 --- a/infra/frontend.ts +++ b/infra/frontend.ts @@ -5,7 +5,8 @@ import * as fg from "fast-glob"; import * as fs from "fs/promises"; import mime from "mime"; -import * as common from "./common"; +import * as common from "./common"; +import * as backend from "./backend"; const tags = common.tags; const prefix = `${common.prefix}-frontend`; @@ -75,3 +76,12 @@ export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront` cloudfrontDefaultCertificate: true, }, }); + + +// ---- cognito domain ---- +const userPoolDomain = new aws.cognito.UserPoolDomain(`${prefix}-userpool-domain`, { + domain: "imbusy-auth", + userPoolId: backend.userPool.id, +}); +export const userPoolUrl = + pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`; diff --git a/infra/index.ts b/infra/index.ts index 4bbbdbd..b54b4a1 100644 --- a/infra/index.ts +++ b/infra/index.ts @@ -11,3 +11,6 @@ export const feDomain = frontend.cloudfront.domainName; export const beBucket = backend.bucket.bucket; export const beLambda = backend.lambda.name; export const beEndpoint = backend.api.apiEndpoint; + +export const feUserPoolUrl = frontend.userPoolUrl; +export const beUserPoolCli = backend.userPoolClient.id; diff --git a/setenv b/setenv index 80efcc5..e15ce88 100644 --- a/setenv +++ b/setenv @@ -8,4 +8,7 @@ export IMBUSY_BE_BUCKET=$(pulumi stack output beBucket) export IMBUSY_BE_LAMBDA=$(pulumi stack output beLambda) export IMBUSY_FE_BUCKET=$(pulumi stack output feBucket) +export IMBUSY_BE_USERPOOL_CLI=$(pulumi stack output beUserPoolCli) +export IMBUSY_FE_USERPOOL_URL=$(pulumi stack output feUserPoolUrl) + cd ../