runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config module

CFNgin prehook responsible for creation of Lambda@Edge functions.

pydantic model runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.HookArgs[source]

Bases: HookArgsBaseModel

Hook arguments.

Show JSON schema
{
   "title": "HookArgs",
   "description": "Hook arguments.",
   "type": "object",
   "properties": {
      "tags": {
         "additionalProperties": {
            "type": "string"
         },
         "default": {},
         "title": "Tags",
         "type": "object"
      },
      "bucket": {
         "title": "Bucket",
         "type": "string"
      },
      "client_id": {
         "title": "Client Id",
         "type": "string"
      },
      "cookie_settings": {
         "additionalProperties": true,
         "title": "Cookie Settings",
         "type": "object"
      },
      "http_headers": {
         "additionalProperties": true,
         "title": "Http Headers",
         "type": "object"
      },
      "nonce_signing_secret_param_name": {
         "title": "Nonce Signing Secret Param Name",
         "type": "string"
      },
      "oauth_scopes": {
         "items": {
            "type": "string"
         },
         "title": "Oauth Scopes",
         "type": "array"
      },
      "redirect_path_refresh": {
         "title": "Redirect Path Refresh",
         "type": "string"
      },
      "redirect_path_sign_in": {
         "title": "Redirect Path Sign In",
         "type": "string"
      },
      "redirect_path_sign_out": {
         "title": "Redirect Path Sign Out",
         "type": "string"
      },
      "required_group": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Required Group"
      }
   },
   "required": [
      "bucket",
      "client_id",
      "cookie_settings",
      "http_headers",
      "nonce_signing_secret_param_name",
      "oauth_scopes",
      "redirect_path_refresh",
      "redirect_path_sign_in",
      "redirect_path_sign_out"
   ]
}

field bucket: str = PydanticUndefined

S3 bucket name.

field client_id: str = PydanticUndefined

The ID of the Cognito User Pool Client.

field cookie_settings: dict[str, Any] = PydanticUndefined

The settings for our customized cookies.

field http_headers: dict[str, Any] = PydanticUndefined

The additional headers added to our requests.

field nonce_signing_secret_param_name: str = PydanticUndefined

SSM param name to store nonce signing secret.

field oauth_scopes: list[str] = PydanticUndefined

The validation scopes for our OAuth requests.

field redirect_path_refresh: str = PydanticUndefined

The URL path for authorization refresh redirect (Correlates to the refresh auth lambda).

field redirect_path_sign_in: str = PydanticUndefined

The URL path to be redirected to after sign in (Correlates to the parse auth lambda).

field redirect_path_sign_out: str = PydanticUndefined

The URL path to be redirected to after sign out (Correlates to the root to be asked to resigning).

field required_group: str | None = None

Optional User Pool group to which access should be restricted.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.get_nonce_signing_secret(param_name: str, context: runway.context.CfnginContext) str[source]

Retrieve signing secret, generating & storing it first if not present.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.random_key(length: int = 16) str[source]

Generate a random key of specified length from the allowed secret characters.

Parameters:

length – The length of the random key.

runway.cfngin.hooks.staticsite.auth_at_edge.lambda_config.write(context: CfnginContext, provider: Provider, *__args: Any, **kwargs: Any) dict[str, Any][source]

Writes/Uploads the configured lambdas for Auth@Edge.

Lambda@Edge does not have the ability to allow Environment variables at the time of this writing. In order to configure our lambdas with dynamic variables we first will go through and update a “shared” template with all of the configuration elements and add that to a temporary folder along with each of the individual Lambda@Edge functions. This temporary folder is then used with the CFNgin awsLambda hook to build the functions.