I am looking to build a suite of tests that can be integrated into the CI/CD Pipeline for AWS Amplify. Whilst I have established my front-end testing suite, Cypress, I am trying to determine a suitable path for backend testing.
I've tested the CDK before with Template, and believe I can add a custom resource into AWS Amplify that can import the CloudFormation stacks and then test them.
Where I expect to have the tests:
Example Test Cases:
My Cognito User Pool uses SES to send emails
My Cognito User Pool has a Post Confirmation Trigger
My Lambda has the correct permissions
What is the best practise for testing backend resources for AWS Amplify? Is there already an "approved" method?
Related
I'm writing some API tests using Katalon Studio which test an AWS API Gateway secured with AWS Cognito. If I provide the JWT in the authentication header, the tests passes as expected. I'm struggling to work out how I should be requesting the JWT based on supplied credentials as part of the test. Is there an easy way I'm missing?
I am running an react app. I want to log error to my aws cloudwatch without hard coding the access key and secret key on my client side code. I am using 'Error Boundary Component' for catching error.
Thank you for your help.
I assume by "react app" you mean a React-based web application, often called an SPA for Single Page Application.
In that case you are correct, you do not want to hard-code and credentials as that would expose them to any user who has access to the page.
The most common architecture for doing this is to setup the following:
A Lambda that will take your logging event and log it for you in Cloudwatch.
An API-Gateway that your application can call that will trigger the Lambda.
An Authorizer on the API-Gateway resource that will validate a JWT that is passed from the application.
AWS Cognito that will supply your application with a JWT based on some login, either directly or via some integration with another service that is applicable for your case.
Much like AWS provides hosted UI for sign-up/in for Cognito, does there exist an app to modify user-profiles stored in Cognito?
I am looking for either hosted service or a GitHub project I can host myself.
The closest I found so far is https://github.com/MetaMetricsInc/django-warrant. It allows to get Django-app up and running, which uses Cognito as auth back-end and has profile-views. But it's not designed to be integrated into other apps (no AWS UI's like redirect-destination).
I just successfully went through the Cognito setup through AWS console, which is a manual process. I wanted to code it up next, i.e.,
I wanted to setup and configure my Cognito with Cloudformation config file AWS AWS::Cognito::UserPool. However, I don't see a field that define the open id connect providers (i.e, the Facebook and Google as identity provider).
Is there a way to do so?
I am on the Cognito team and this is not possible at this point. However, it is on our roadmap to bring CloudFormation support up to speed to all the features we have launched recently.
In order to log into AWS MFA is required. But if I had a program running on an EC2 instance that invoked AWS services via API calls, would such a program also need to authenticate using MFA or would this not be required because we are already "in?"
MFA is only required when logging into the AWS web console with a username/password. When you make API calls you would use an IAM access key, or even better (since your program is running on EC2) an IAM instance profile, which doesn't require MFA.
API calls can be made to require MFA as well using an IAM policy. However, if you were to deploy such policy, you could also exclude VPC-internal subnets from the MFA requirement so that MFA would only be required when accessing the AWS API endpoints from the outside.
Here's a link to my repository which contains an example enforcement policy (see example-mfa-policies/EnforceMFA.txt): https://github.com/vwal/awscli-mfa