Wednesday, January 9, 2019

Setting up User Pool in AWS Cognito

Setting up User Pool in AWS Cognito

It's easy to get started with User Pool in AWS Cognito for your application.


Go to AWS Cognito

Click Manage User Pools


Click Create a user pool (top right corner)


Give it a name and click Review Default


As part of default, only email is required.

Scroll all the way to bottom and click


On the next screen, you should see a notification that the pool was created successfully

Save the Pool Id


You can also retrieve this Pool Id later by selecting the pool and then selecting General settings
 

Click App Clients (sub-category of General settings)


Click add an app client


Give it a name and deselect all options





Create and save App client id


That's it. Now you can use Pool ID and App Client ID in your application, such as config.js.


window._config = {
    cognito: {
        userPoolId: 'us-east-1_xxx', // e.g. us-east-2_uXboG5pAb
        userPoolClientId: '32', // e.g. 25ddkmj4v6hfsfvruhpfi7n4hv
        region: 'us-east-1' // e.g. us-east-2
    },
    api: {
        invokeUrl: 'https://xyz.execute-api.us-east-1.amazonaws.com/prod' // e.g. https://rc7nyt4tql.execute-api.us-west-2.amazonaws.com/prod',
    }
};
















at No comments:

Wednesday, January 2, 2019

Updating S3 Object ACL

Updating AWS S3 Object ACL

Do you have multiple AWS Accounts and did you accidentally upload objects to a bucket of Account A while using Account B's credential? By default without "--acl" flag, the object are still owned by Account B and as Account A, you won't be able to modify them. You could re-upload these files using correct Account credential. Or you can use the below script to modify all object's ACLs in that bucket.



$bucket = "my-bucket"
$bucketname = "s3://" + $bucket 
##These must be 64 digit CANONICAL ID###
$accountA = "XXXXXXXXXXXXXX"
$accountB = "YYYYYYYYYYYYYY"
$output = aws s3 ls $bucketname --recursive

foreach($item in $output){
    $arrayParts = $item.split(" ")
    #Get the last part of the object, which is the file name
    $object = $arrayParts[$arrayParts.count - 1]
    #If the file name then it does not end in "/", otherwise it is a prefix
    if($object[$object.length - 1] -ne "/"){
        $output2 = $bucketname + "/" + $object
        ##OPTION A###
        ##Give full control to bucket owner
        aws s3api put-object-acl --bucket $bucket --key $object --acl bucket-owner-full-control

        ##OPTION B###
        ##Give full control to both accounts
        #aws s3api put-object-acl --bucket $bucket --key $object --grant-full-control "id=$accountA,id=$accountB"
    }
}

at No comments:
Subscribe to: Posts (Atom)

AWS WAF log4j query

How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...

  • AWS WAF log4j query
    How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...
  • Terraform Errors
    Terraform Notes Terraform Errors The given key does not identify an element in this collection value. Error: Invalid index on main...
  • AWS Policy Conditions
    AWS Policy Conditions References: Condition Policy Element Condition with Multiple Keys or Values Multiple Conditions Multiple conditions ar...