By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Connecting Cognito, API GW in Terraform

0

Hey I have Swagger file with an API I want to run on API Gateway and use Cognito User Pool to secure it, but I don't understand how I can link the Swagger (which is just a yaml file) to Terraform? Please help.

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayAmazon CognitoTerraform
Language
English
pkz
asked a year ago393 views
1 Answer
0
Accepted Answer

On the route in the Swagger definition, you can use the CognitoAuthorizer defined as a security scheme. In the CognitoAuthorizer you define the auth type (user pool), where the token is sent (header) and what Cognito resource to use (cognito_user_pool_arn, to be set by terraform) There you can provide an ARN for the Cognito user pool by supplying the variable value in terraform as seen below.

Swagger

/hello:
  get:
    security:
      - CognitoAuthorizer: ["my-custom-scope"]

components:
  securitySchemes:
    CognitoAuthorizer:
      type: apiKey
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: cognito_user_pools
      x-amazon-apigateway-authorizer:
        providerARNs:
          - "${cognito_user_pool_arn}"
        type: cognito_user_pools

Terraform

resource "aws_cognito_user_pool" "example" {
  name = "my-user-pool"
}

resource "aws_api_gateway_rest_api" "api" {
  name        = "my-api"
  body        = templatefile("swagger.yaml", {cognito_user_pool_arn = "${aws_cognito_user_pool.example.arn}"})
}
profile pictureAWS
Pontus Palmenas
answered a year ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a year ago
  • pkz
    a year ago

    that works, thanks!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content