-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathamplify-init-resources.ts
48 lines (42 loc) · 1.4 KB
/
amplify-init-resources.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import * as cdk from '@aws-cdk/core';
import * as iam from '@aws-cdk/aws-iam';
import s3 = require('@aws-cdk/aws-s3');
export class AmplifyInitResource extends cdk.Construct {
public readonly authRole: iam.Role;
public readonly unAuthRole: iam.Role;
public readonly deploymentBucket: s3.Bucket;
constructor(scope: cdk.Construct, id: string) {
super(scope, id);
this.authRole = new iam.Role(this, 'AuthRole', {
roleName: `${cdk.Stack.of(this).stackName}-authRole`,
assumedBy: new iam.FederatedPrincipal(
'cognito-identity.amazonaws.com',
{
StringLike: {
'cognito-identity.amazonaws.com:aud': '*',
},
'ForAnyValue:StringLike': {
'cognito-identity.amazonaws.com:amr': 'authenticated',
},
},
'sts:AssumeRoleWithWebIdentity'
),
});
this.unAuthRole = new iam.Role(this, 'UnAuthRole', {
roleName: `${cdk.Stack.of(this).stackName}-unAuthRole`,
assumedBy: new iam.FederatedPrincipal(
'cognito-identity.amazonaws.com',
{
StringLike: {
'cognito-identity.amazonaws.com:aud': '*',
},
'ForAnyValue:StringLike': {
'cognito-identity.amazonaws.com:amr': 'unauthenticated',
},
},
'sts:AssumeRoleWithWebIdentity'
),
});
this.deploymentBucket = new s3.Bucket(this, 'amplifyResource');
}
}