runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config module¶
CFNgin prehook responsible for creation of Lambda@Edge functions.
- pydantic model runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.HookArgs[source]¶
Bases:
HookArgsBaseModel
Hook arguments.
Show JSON schema
{ "title": "HookArgs", "description": "Hook arguments.", "type": "object", "properties": { "tags": { "additionalProperties": { "type": "string" }, "default": {}, "title": "Tags", "type": "object" }, "bucket": { "title": "Bucket", "type": "string" }, "client_id": { "title": "Client Id", "type": "string" }, "cookie_settings": { "additionalProperties": true, "title": "Cookie Settings", "type": "object" }, "http_headers": { "additionalProperties": true, "title": "Http Headers", "type": "object" }, "nonce_signing_secret_param_name": { "title": "Nonce Signing Secret Param Name", "type": "string" }, "oauth_scopes": { "items": { "type": "string" }, "title": "Oauth Scopes", "type": "array" }, "redirect_path_refresh": { "title": "Redirect Path Refresh", "type": "string" }, "redirect_path_sign_in": { "title": "Redirect Path Sign In", "type": "string" }, "redirect_path_sign_out": { "title": "Redirect Path Sign Out", "type": "string" }, "required_group": { "anyOf": [ { "type": "string" }, { "type": "null" } ], "default": null, "title": "Required Group" } }, "required": [ "bucket", "client_id", "cookie_settings", "http_headers", "nonce_signing_secret_param_name", "oauth_scopes", "redirect_path_refresh", "redirect_path_sign_in", "redirect_path_sign_out" ] }
- field http_headers: dict[str, Any] = PydanticUndefined¶
The additional headers added to our requests.
- field nonce_signing_secret_param_name: str = PydanticUndefined¶
SSM param name to store nonce signing secret.
- field redirect_path_refresh: str = PydanticUndefined¶
The URL path for authorization refresh redirect (Correlates to the refresh auth lambda).
- field redirect_path_sign_in: str = PydanticUndefined¶
The URL path to be redirected to after sign in (Correlates to the parse auth lambda).
- runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.get_nonce_signing_secret(param_name: str, context: runway.context.CfnginContext) str [source]¶
Retrieve signing secret, generating & storing it first if not present.
- runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.random_key(length: int = 16) str [source]¶
Generate a random key of specified length from the allowed secret characters.
- Parameters:
length – The length of the random key.
- runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.write(context: CfnginContext, provider: Provider, *__args: Any, **kwargs: Any) dict[str, Any] [source]¶
Writes/Uploads the configured lambdas for Auth@Edge.
Lambda@Edge does not have the ability to allow Environment variables at the time of this writing. In order to configure our lambdas with dynamic variables we first will go through and update a “shared” template with all of the configuration elements and add that to a temporary folder along with each of the individual Lambda@Edge functions. This temporary folder is then used with the CFNgin awsLambda hook to build the functions.