Auth@Edge

[voodooGQ]

Summary

Creates the ability to generate a private static site using Auth@Edge as described here: https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/

Why This Is Needed

This has been a frequent request of our development teams to be able to create a single page application behind an authentication interface.

What Changed

Added

• Auth@Edge Blueprint which inherits from the standard StaticSite Blueprint
• Template files for the Lambda@Edge functions that will be generated by Runway
• Custom CFNgin prehook to update the domain name of the Cognito authentication interface
• Custom CFNgin prehook to generate a dynamic code package for each of the Lambda@Edge functions. This is necessary since Lambda@Edge does not allow environment variables at this time.
• Custom CFNGin posthook to update the callback urls for the Cognito User Pool Client.
• Documentation outlining the new features and their capabilities.

Changed

• Converted the StaticSite Blueprint from using CFN Conditional logic to using pure Python conditional logic. This gives us finer-grained control over how we create our CFN templates while losing the template output consistency. This isn't a problem in and of itself but does require dependency of Runway to generate the templates.

Screenshots

[ITProKyle]

I would prefer to stop using runway.hooks and instead have all hooks in runway.cfngin.hooks so they are all grouped together. we can't move anything that already exists there till the next major release since it could be breaking but, i don't think that means we need to continue putting new things in runway.hooks.

[troyready]

I think it'd be fine to just wrap a substitution regex around the whole line (or nearly the whole line).