Amazon Cognito can be used as an IdP (Identity Provider) to secure the Amazon CloudFront Distribution created by this repository.
In order to get started, login to the AWS Console with an identity that has the ability to manage Amazon Cognito User Pools and App integrations.
- Search for
Cognitoin the search bar and click on theCognitoservice. - Click on
Manage User Poolsnext:
- Select an existing User Pool or Create a user pool by clicking on the
Create a user poolbutton in the top-left corner of the page. - After selecting an existing Cognito User Pool or creating a new User Pool, navigate to
App integration > App client settingson the left of the page:
- On the
App client settingspage select the following: 5a.Enabled Identity Providers= check theCognito User Pool
5b.Sign in and sign out URLs= forCallback URL(s)provide the Amazon CloudFront distribution HTTPS endpoint with_callbackappended to the end. Provide the appropriateSign out URL(s)value that is suitable.
5c.OAuth 2.0= At the minimum forAllowed OAuth FlowscheckAuthorization code grant. ForAllowed OAuth Scopescheckemailandopenidat the minimum.
- After providing the necessary arguments click on
Save changes. - On the next page, provide an appropriate
Amaon Cognito domainendpoint:
- Navigate back to the
General settingsand click onApp Clients. - Create a new App client and provide it a name that is suitable for your Amazon CloudFront use-case. Select the appropriate
Auth Flows Configurationand then click save. - Expand the newly-create App Client and copy the
App client idand theApp client secretinto a secure location that can be later referenced. - Update the AWS Secrets Manager JSON configuration with these values and Base64 Encode the document.
- Congratulations! You are ready to go!
