setup infra for userpool

2025-06-21 11:03:50 +09:00 · 2025-06-21 11:03:50 +09:00 · 6bb4081c20
commit 6bb4081c20
parent 49946b6546
5 changed files with 42 additions and 7 deletions
--- a/infra/backend.ts
+++ b/infra/backend.ts
@ -99,17 +99,19 @@ new aws.iam.RolePolicy(`${prefix}-api-role-policy`, {


 // ---- cognito ----
-const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, {
+export const userPool = new aws.cognito.UserPool(`${prefix}-cognito-userpool`, {
  tags,
  autoVerifiedAttributes: ["email"],
  usernameAttributes: ["email"],
  passwordPolicy: {
    minimumLength: 8,
-    requireSymbols: true,
+    requireLowercase: true,
+    requireUppercase: true,
    requireNumbers: true,
  },
 });
-new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, {
+export const userPoolClient = new aws.cognito.UserPoolClient(`${prefix}-cognito-userpool-cli`, {
  userPoolId: userPool.id,
  generateSecret: false,
+  preventUserExistenceErrors: "ENABLED",
 });
--- a/infra/deployment.ts
+++ b/infra/deployment.ts
@ -91,9 +91,26 @@ const codebuild = new aws.codebuild.Project(`${prefix}-codebuild`, {
    image: "aws/codebuild/standard:7.0",
    type: "LINUX_CONTAINER",
    environmentVariables: [
-      { name: "IMBUSY_BE_LAMBDA", value: backend.lambda.name, },
-      { name: "IMBUSY_BE_BUCKET", value: backend.bucket.bucket, },
-      { name: "IMBUSY_FE_BUCKET", value: frontend.bucket.bucket, },
+      {
+        name: "IMBUSY_BE_USERPOOL_CLI",
+        value: backend.userPoolClient.id,
+      },
+      {
+        name: "IMBUSY_BE_LAMBDA",
+        value: backend.lambda.name,
+      },
+      {
+        name: "IMBUSY_BE_BUCKET",
+        value: backend.bucket.bucket,
+      },
+      {
+        name: "IMBUSY_FE_BUCKET",
+        value: frontend.bucket.bucket,
+      },
+      {
+        name: "IMBUSY_FE_USERPOOL_URL",
+        value: frontend.userPoolUrl,
+      },
    ],
  },
  serviceRole: role.arn,
--- a/infra/frontend.ts
+++ b/infra/frontend.ts
@ -6,6 +6,7 @@ import * as fs from "fs/promises";
 import mime from "mime";

 import * as common  from "./common";
+import * as backend from "./backend";

 const tags   = common.tags;
 const prefix = `${common.prefix}-frontend`;
@ -75,3 +76,12 @@ export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`
    cloudfrontDefaultCertificate: true,
  },
 });
+
+
+// ---- cognito domain ----
+const userPoolDomain = new aws.cognito.UserPoolDomain(`${prefix}-userpool-domain`, {
+    domain: "imbusy-auth",
+    userPoolId: backend.userPool.id,
+});
+export const userPoolUrl =
+    pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`;
--- a/infra/index.ts
+++ b/infra/index.ts
@ -11,3 +11,6 @@ export const feDomain   = frontend.cloudfront.domainName;
 export const beBucket   = backend.bucket.bucket;
 export const beLambda   = backend.lambda.name;
 export const beEndpoint = backend.api.apiEndpoint;
+
+export const feUserPoolUrl = frontend.userPoolUrl;
+export const beUserPoolCli = backend.userPoolClient.id;
--- a/3
+++ b/3
@ -8,4 +8,7 @@ export IMBUSY_BE_BUCKET=$(pulumi stack output beBucket)
 export IMBUSY_BE_LAMBDA=$(pulumi stack output beLambda)
 export IMBUSY_FE_BUCKET=$(pulumi stack output feBucket)

+export IMBUSY_BE_USERPOOL_CLI=$(pulumi stack output beUserPoolCli)
+export IMBUSY_FE_USERPOOL_URL=$(pulumi stack output feUserPoolUrl)
+
 cd ../