setup infra for userpool

infra/backend.ts

@@ -99,17 +99,19 @@ new aws.iam.RolePolicy(`${prefix}-api-role-policy`, {
 
 
 // ---- cognito ----
-const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, {
+export const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, {
   tags,
   autoVerifiedAttributes: ["email"],
   usernameAttributes: ["email"],
   passwordPolicy: {
     minimumLength: 8,
-    requireSymbols: true,
+    requireLowercase: true,
+    requireUppercase: true,
     requireNumbers: true,
   },
 });
-new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, {
+export const userPoolClient = new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, {
   userPoolId: userPool.id,
   generateSecret: false,
+  preventUserExistenceErrors: "ENABLED",
 });

infra/deployment.ts

@@ -91,9 +91,26 @@ const codebuild = new aws.codebuild.Project(`${prefix}-codebuild`, {
     image: "aws/codebuild/standard:7.0",
     type: "LINUX_CONTAINER",
     environmentVariables: [
-      { name: "IMBUSY_BE_LAMBDA", value: backend.lambda.name, },
+      {
-      { name: "IMBUSY_BE_BUCKET", value: backend.bucket.bucket, },
+        name: "IMBUSY_BE_USERPOOL_CLI",
-      { name: "IMBUSY_FE_BUCKET", value: frontend.bucket.bucket, },
+        value: backend.userPoolClient.id,
+      },
+      {
+        name: "IMBUSY_BE_LAMBDA",
+        value: backend.lambda.name,
+      },
+      {
+        name: "IMBUSY_BE_BUCKET",
+        value: backend.bucket.bucket,
+      },
+      {
+        name: "IMBUSY_FE_BUCKET",
+        value: frontend.bucket.bucket,
+      },
+      {
+        name: "IMBUSY_FE_USERPOOL_URL",
+        value: frontend.userPoolUrl,
+      },
     ],
   },
   serviceRole: role.arn,

infra/frontend.ts

@@ -6,6 +6,7 @@ import * as fs from "fs/promises";
 import mime from "mime";
 
 import * as common  from "./common";
+import * as backend from "./backend";
 
 const tags   = common.tags;
 const prefix = `${common.prefix}-frontend`;
@@ -75,3 +76,12 @@ export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`
     cloudfrontDefaultCertificate: true,
   },
 });
+
+
+// ---- cognito domain ----
+const userPoolDomain = new aws.cognito.UserPoolDomain(`${prefix}-userpool-domain`, {
+    domain: "imbusy-auth",
+    userPoolId: backend.userPool.id,
+});
+export const userPoolUrl =
+    pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`;

infra/index.ts

@@ -11,3 +11,6 @@ export const feDomain   = frontend.cloudfront.domainName;
 export const beBucket   = backend.bucket.bucket;
 export const beLambda   = backend.lambda.name;
 export const beEndpoint = backend.api.apiEndpoint;
+
+export const feUserPoolUrl = frontend.userPoolUrl;
+export const beUserPoolCli = backend.userPoolClient.id;

setenv

@@ -8,4 +8,7 @@ export IMBUSY_BE_BUCKET=$(pulumi stack output beBucket)
 export IMBUSY_BE_LAMBDA=$(pulumi stack output beLambda)
 export IMBUSY_FE_BUCKET=$(pulumi stack output feBucket)
 
+export IMBUSY_BE_USERPOOL_CLI=$(pulumi stack output beUserPoolCli)
+export IMBUSY_FE_USERPOOL_URL=$(pulumi stack output feUserPoolUrl)
+
 cd ../