Hi I was wondering can I import already existing Auth cognit Serverless Stack #help

Join Slack

Hi, I was wondering can I import already existing ...

# help

Gabriel

06/16/2021, 8:39 AM

Hi, I was wondering can I import already existing Auth cognito?

Frank

06/16/2021, 5:49 PM

Hey @Gabriel, is the cognito user pool you are trying to import created in the same SST app?

Gabriel

06/16/2021, 7:39 PM

@Frank no it has been created manually in the AWS. I can see the CDK supports importing https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-cognito#importing-user-pools by const awesomePool = cognito.UserPool.fromUserPoolId(this, 'awesome-user-pool', 'us-east-1_oiuR12Abd');

Frank

06/18/2021, 7:34 AM

@Gabriel, yes you can import an existing UserPool using the command above. But no CDK does not allow using an imported UserPool and hooking it up to IdentityPool (at least not out of the box).

Frank

06/18/2021, 7:40 AM

Let me take a crack at it and see if I can put something together.

Frank

06/18/2021, 7:52 AM

Oh btw, you won’t be able to configure triggers to an imported UserPool. Is that okay with you?

Gabriel

06/18/2021, 8:18 AM

ah ok. but as an alternative can I import just the IdentityPool ? I mean my current setup is that I have AWS amplify app that has cognito connected. (via Identity pool) Cognito then has a bunch of triggers for registration and web_app_client and native_app_client and oath2 enabled (data.read and data.write custom scopes) what this allowed then that the authorizer in the API gateway can accept the IdTokens.

Frank

06/18/2021, 5:32 PM

hmm.. I’ve often see two types of Cognito setup: 1. Using both UserPool + IdentityPool, and uses IAM authorization for the API 2. Using only UserPool, and uses authorizer authorization for the API

Frank

06/18/2021, 5:33 PM

It’s not clear to me which setup you are adopting. 🤔

Frank

06/18/2021, 5:34 PM

Let me know.

Gabriel

06/18/2021, 8:56 PM

ah ok I think im getting confused. its because my amplify frontend is using the user pool + identity pool (because you need both for the amplify analytics kinesis stream to work) and then the API is using authorizer which points to userpool (which has oath enabled so it can authorize IdTokens)

Frank

06/18/2021, 9:06 PM

Ah I see. That makes sense. And are you looking to create an API in SST, and import the user pool so you can setup authorizers?

Gabriel

06/19/2021, 8:28 PM

@Frank yes that was what I was thinking about. since otherwise I would have to migrate existing users (which can be done, but if I could just import the userpool that would be great)

Frank

06/21/2021, 9:13 AM

You can try something like this:

Copy code

import { HttpUserPoolAuthorizer } from "@aws-cdk/aws-apigatewayv2-authorizers";

const userPool = cognito.UserPool.fromUserPoolId(this, 'my-pool', 'us-east-1_oiuR12Abd');

const userPoolClient = cognito.UserPoolClient.fromUserPoolClientId(this, "my-client', '...');

new Api(this, "Api", {
  defaultAuthorizationType: ApiAuthorizationType.JWT,
  defaultAuthorizer: new HttpUserPoolAuthorizer({
    userPool,
    userPoolClient,
  }),
  defaultAuthorizationScopes: ["user.id", "user.email"],
  routes: {
    "GET /notes": "src/list.main",
  },
});

Frank

02/27/2022, 9:49 AM

Hi @Gabriel, it’s been a long while, hope you are doing great! I wanted to keep you posted that we just released v0.66.0 with support for importing existing User Pool into

Auth

. Here’s an example https://docs.serverless-stack.com/constructs/Auth#importing-an-existing-user-pool

Gabriel

02/27/2022, 9:50 AM

Thanks for the update

5 Views

Open in Slack

Previous Next