runway.blueprints.staticsite.auth_at_edge module

Blueprint for the Authorization@Edge implementation of a Static Site.

Described in detail in this blogpost: https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/

class runway.blueprints.staticsite.auth_at_edge.AuthAtEdge[source]

Bases: StaticSite

Auth@Edge Blueprint.

__init__(name: str, context: runway.context.CfnginContext, mappings: dict[str, dict[str, Any]] | None = None, description: str | None = None) None[source]

Initialize the Blueprint.

Parameters:

  • name – A name for the blueprint.

  • context – Context the blueprint is being executed under.

  • mappings – CloudFormation Mappings to be used in the template.

  • description – Used to describe the resulting CloudFormation template.

add_version(title: str, lambda_function: Function) Version[source]

Create a version association with a Lambda@Edge function.

In order to ensure different versions of the function are appropriately uploaded a hash based on the code of the lambda is appended to the name. As the code changes so will this hash value.

Parameters:

  • title – The name of the function in PascalCase.

  • lambda_function – The Lambda function.

create_template() None[source]

Create the Blueprinted template for Auth@Edge.

get_auth_at_edge_lambda(title: str, description: str, handler: str, role: Role) Function[source]

Create an Auth@Edge lambda resource.

Parameters:

  • title – The name of the function in PascalCase.

  • description – Description to be displayed in the lambda panel.

  • handler – The underscore separated representation of the name of the lambda. This handle is used to determine the handler for the lambda as well as identify the correct Code hook_data information.

  • role – The Lambda Execution Role.

get_auth_at_edge_lambda_and_ver(title: str, description: str, handle: str, role: Role) dict[str, Any][source]

Create a lambda function and its version.

Parameters:

  • title – The name of the function in PascalCase.

  • description – Description to be displayed in the lambda panel.

  • handle – The underscore separated representation of the name of the lambda. This handle is used to determine the handler for the lambda as well as identify the correct Code hook_data information.

  • role – The Lambda Execution Role.

get_distribution_options(bucket: Bucket, oai: CloudFrontOriginAccessIdentity, lambda_funcs: list[LambdaFunctionAssociation], check_auth_lambda_version: Version, http_headers_lambda_version: Version, parse_auth_lambda_version: Version, refresh_auth_lambda_version: Version, sign_out_lambda_version: Version) dict[str, Any][source]

Retrieve the options for our CloudFront distribution.

Keyword Arguments:

  • bucket – The bucket resource.

  • oai – The origin access identity resource.

  • lambda_funcs – List of Lambda Function associations.

  • check_auth_lambda_version – Lambda Function Version to use.

  • http_headers_lambda_version – Lambda Function Version to use.

  • parse_auth_lambda_version – Lambda Function Version to use.

  • refresh_auth_lambda_version – Lambda Function Version to use.

  • sign_out_lambda_version – Lambda Function Version to use.

Returns:

The CloudFront Distribution Options.