DEV Community: Andrew Shanks The latest articles on DEV Community by Andrew Shanks (@awshanks). https://dev.to/awshanks https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F130101%2F252d1415-9d78-43b8-8b5b-ef6828c1c268.jpeg DEV Community: Andrew Shanks https://dev.to/awshanks en AWSAmplify - A simple Multi Tenant Approach using Post Confirmation Lambda Trigger Andrew Shanks Sat, 24 Oct 2020 08:04:48 +0000 https://dev.to/awshanks/awsamplify-a-simple-multi-tenant-approach-using-post-confirmation-lambda-trigger-2d24 https://dev.to/awshanks/awsamplify-a-simple-multi-tenant-approach-using-post-confirmation-lambda-trigger-2d24 <p>Your application may have the need for separate groups of users to access their own space. One way of managing this is by using Cognito groups to achieve this.</p> <p>@AWSAmplify gives you the ability to create a post confirmation lambda trigger out of the box where you can choose the name of a group to add users to.</p> <p>However this will add all users who signup to the same group which would not give the access control required to have a group per tenant.</p> <h1> Example 1 </h1> <p>Assuming you have already created the post confirmation lambda from the amplify console already, let's modify the generated lambda function to create a random group name of our choosing when a user signs up.</p> <p>Go to the source for the lambda trigger located at: <code>amplify/backend/function/&lt;GENERATEDID&gt;PostConfirmation/src/index.js</code></p> <p>Modify it as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/* eslint-disable-line */</span> <span class="kd">const</span> <span class="nx">aws</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">aws-sdk</span><span class="dl">'</span><span class="p">);</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">v4</span> <span class="k">as</span> <span class="nx">uuidv4</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">uuid</span><span class="dl">'</span><span class="p">;</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">handler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cognitoidentityserviceprovider</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nc">CognitoIdentityServiceProvider</span><span class="p">({</span> <span class="na">apiVersion</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2016-04-18</span><span class="dl">'</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">groupPrefix</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">&lt;SOME_PREFIX&gt;</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">uuid</span> <span class="o">=</span> <span class="nf">uuidv4</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">groupParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">GroupName</span><span class="p">:</span> <span class="nx">groupPrefix</span> <span class="o">+</span> <span class="nx">uuid</span><span class="p">,</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">addUserParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">GroupName</span><span class="p">:</span> <span class="nx">groupPrefix</span> <span class="o">+</span> <span class="nx">uuid</span><span class="p">,</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="na">Username</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userName</span><span class="p">,</span> <span class="p">};</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">getGroup</span><span class="p">(</span><span class="nx">groupParams</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">createGroup</span><span class="p">(</span><span class="nx">groupParams</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">adminAddUserToGroup</span><span class="p">(</span><span class="nx">addUserParams</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>When finished push this update using <code>amplify push</code></p> <p>This will create a group name with a UUID added each time a user signs up if it doesn't already exist then add the user to it.</p> <p>This can be used as a basis to have individuals be assigned to a group that is created. This can be extended as in the example below.</p> <h1> Example 2 </h1> <p>The example below will create 2 UserGroups, Admin and Employee and assign the current user to the Admin group. We also need to resolve an issue with lambda execution time, which is limited to 5 seconds in Cognito.<br><br> As we call more services the lambda trigger takes longer to execute and may be called more than once due to this limitation.</p> <p>There is also an open bug with the auto generated code that causes the modules to be loaded inside the execution of the lambda rather than at cold-start that uses up much of that time. See [<a href="https://github.com/aws-amplify/amplify-cli/issues/3212#issuecomment-654315960">https://github.com/aws-amplify/amplify-cli/issues/3212#issuecomment-654315960</a>] for a solution.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="cm">/* eslint-disable-line */</span> <span class="kd">const</span> <span class="nx">aws</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">aws-sdk</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span><span class="na">v4</span><span class="p">:</span> <span class="nx">uuidv4</span><span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">uuid</span><span class="dl">'</span><span class="p">);</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">handler</span> <span class="o">=</span> <span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">cognitoidentityserviceprovider</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nc">CognitoIdentityServiceProvider</span><span class="p">({</span><span class="na">apiVersion</span><span class="p">:</span> <span class="dl">'</span><span class="s1">2016-04-18</span><span class="dl">'</span><span class="p">});</span> <span class="kd">const</span> <span class="nx">groupPrefix</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">&lt;SOME_PREFIX&gt;</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">uuid</span> <span class="o">=</span> <span class="nf">uuidv4</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">owner</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">_owner</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">employee</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">_employee</span><span class="dl">'</span> <span class="kd">const</span> <span class="nx">ownerGroup</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">groupPrefix</span><span class="p">}${</span><span class="nx">uuid</span><span class="p">}${</span><span class="nx">owner</span><span class="p">}</span><span class="s2">`</span> <span class="kd">const</span> <span class="nx">employeeGroup</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">groupPrefix</span><span class="p">}${</span><span class="nx">uuid</span><span class="p">}${</span><span class="nx">employee</span><span class="p">}</span><span class="s2">`</span> <span class="kd">const</span> <span class="nx">groupParamsOwner</span> <span class="o">=</span> <span class="p">{</span> <span class="na">GroupName</span><span class="p">:</span> <span class="nx">ownerGroup</span><span class="p">,</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">groupParamsEmployee</span> <span class="o">=</span> <span class="p">{</span> <span class="na">GroupName</span><span class="p">:</span> <span class="nx">employeeGroup</span><span class="p">,</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">addUserParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">GroupName</span><span class="p">:</span> <span class="nx">ownerGroup</span><span class="p">,</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="na">Username</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userName</span><span class="p">,</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">getUserParams</span> <span class="o">=</span> <span class="p">{</span> <span class="na">UserPoolId</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userPoolId</span><span class="p">,</span> <span class="na">Username</span><span class="p">:</span> <span class="nx">event</span><span class="p">.</span><span class="nx">userName</span><span class="p">,</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Attempting to list groups for </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">userName</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">userGroups</span> <span class="o">=</span> <span class="kc">null</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">userGroups</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">adminListGroupsForUser</span><span class="p">(</span><span class="nx">getUserParams</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">userGroups: </span><span class="dl">'</span><span class="p">,</span> <span class="nx">userGroups</span><span class="p">)</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">"</span><span class="s2">error retrieving user</span><span class="dl">"</span><span class="p">,</span> <span class="nx">e</span><span class="p">)</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">userGroups</span> <span class="o">==</span> <span class="kc">null</span> <span class="o">||</span> <span class="nx">userGroups</span><span class="p">.</span><span class="nx">Groups</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">getGroup</span><span class="p">(</span><span class="nx">groupParamsOwner</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">createGroup</span><span class="p">(</span><span class="nx">groupParamsOwner</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">getGroup</span><span class="p">(</span><span class="nx">groupParamsEmployee</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">createGroup</span><span class="p">(</span><span class="nx">groupParamsEmployee</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="p">}</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">cognitoidentityserviceprovider</span><span class="p">.</span><span class="nf">adminAddUserToGroup</span><span class="p">(</span><span class="nx">addUserParams</span><span class="p">).</span><span class="nf">promise</span><span class="p">();</span> <span class="nf">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">event</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{</span> <span class="nf">callback</span><span class="p">(</span><span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>For this approach you will need to give an additional cognito permissions to the lambda function: <code>adminListGroupsForUser</code>.</p> <p>In <code>amplify/backend/auth/&lt;GENERATEDID&gt;/&lt;GENERATEDID&gt;-cloudformation-template.yml</code>. we add <code>- cognito-idp:AdminListGroupsForUser</code> to the <code>&lt;GENERATEDID&gt;PostConfirmationAddToGroupCognito</code> policy.</p> <p>When finished push this update using <code>amplify push</code></p> aws cognito javascript amplify AWS Amplify - Mixed Public & Private Application Routing Andrew Shanks Fri, 07 Aug 2020 10:58:17 +0000 https://dev.to/awshanks/aws-amplify-mixed-public-private-application-routing-1d9b https://dev.to/awshanks/aws-amplify-mixed-public-private-application-routing-1d9b <p>Hi. This is my first post! I wanted to begin with something simple yet informative that has helped me on my side projects with Amplify.</p> <p>This post assumes basic knowledge of setting up an Amplify project and is based on a React UI implementation.</p> <p>Creating authenticated react applications with <a href="https://twitter.com/AWSAmplify">@AWSAmplify</a> is simple when you want to wrap the App using <em>withAuthenticator(App)</em>.</p> <p>This works well when you are creating a demo site but when you want to send this to production you usually would want a homepage and some public links to talk about your products etc. There are many results on google relating to this kind of question and many ways to go about it.</p> <p>Mixing public and private routes is usually a bit more involved. You would start using <em>AmplifyAuthenticator</em> in a custom component and track the users logged in state rather than use <em>withAuthenticator</em>.</p> <p>This GitHub example by <a href="https://dev.to/mwarger">Mat Warger</a> is very informative, if your site needs it and worth learning how it works. <a href="https://github.com/mwarger/amplify-auth-examples">https://github.com/mwarger/amplify-auth-examples</a></p> <h2> A Simple Solution </h2> <p>But wait! I want to use the free goodness of <em>withAuthenticator</em>, my site isn't that complicated. Here is where nested routing using react-router comes in.</p> <p>Declare you main App component which contains the top level routing that contains a ProtectedApp component which could be for admin functions.</p> <p>App.js<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const App = () =&gt; { return ( &lt;Router&gt; &lt;Switch&gt; &lt;Route path="/" exact render={() =&gt; &lt;Home/&gt;}/&gt; &lt;Route path="/admin" render={() =&gt; &lt;ProtectedApp /&gt;}/&gt; &lt;/Switch&gt; &lt;/Router&gt; ); } export default App; </code></pre> </div> <p>The <em>ProtectedApp</em> contains the routes for the admin function and this is wrapped in <em>withAuthenticator(ProtectedApp)</em></p> <p>ProtectedApp.js<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import Amplify from "aws-amplify"; import awsExports from "./aws-exports"; Amplify.configure(awsExports); const ProtectedApp = () =&gt; { return ( &lt;div&gt; &lt;Header /&gt; &lt;Switch&gt; &lt;Route path="/admin" exact render={() =&gt; &lt;AdminPanel /&gt;}/&gt; &lt;Route path="/admin/create" exact render={() =&gt; &lt;CreateUser /&gt;}/&gt; &lt;/Switch&gt; &lt;/div&gt; ); } export default withAuthenticator(ProtectedApp); </code></pre> </div> <p>Now you can have private application routes protected but still able to use <em>withAuthenticator</em> to handle the auth while having easily accessible public routes for advertising and as a home page.</p> <p>Hopefully this will help others navigate auth with Amplify!</p> aws react amplify