{"id":26299218,"url":"https://github.com/trackit/aws-api-gateway-cognito","last_synced_at":"2025-05-12T14:54:53.016Z","repository":{"id":36248815,"uuid":"222736324","full_name":"trackit/aws-api-gateway-cognito","owner":"trackit","description":"AWS API Gateway with lambdas functions and AWS Cognito with serverless","archived":false,"fork":false,"pushed_at":"2022-03-04T15:23:39.000Z","size":25,"stargazers_count":10,"open_issues_count":0,"forks_count":3,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-31T23:33:45.629Z","etag":null,"topics":["api-gateway","aws","cognito","serverless"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trackit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-19T16:08:14.000Z","updated_at":"2022-06-07T09:39:44.000Z","dependencies_parsed_at":"2022-08-08T13:47:08.906Z","dependency_job_id":null,"html_url":"https://github.com/trackit/aws-api-gateway-cognito","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-api-gateway-cognito","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-api-gateway-cognito/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-api-gateway-cognito/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trackit%2Faws-api-gateway-cognito/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trackit","download_url":"https://codeload.github.com/trackit/aws-api-gateway-cognito/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253759598,"owners_count":21959781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","aws","cognito","serverless"],"created_at":"2025-03-15T06:47:48.976Z","updated_at":"2025-05-12T14:54:52.980Z","avatar_url":"https://github.com/trackit.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-api-gateway-cognito\n\nAWS API Gateway with lambdas functions and AWS Cognito\n\n## Infrastructure\n\n![Infrastructure schema](infrastructure.png)\n\n## Requirements\n\n- [NodeJS](https://nodejs.org/en/)\n  - [Serverless](https://www.serverless.com/) `$ npm install serverless -g`\n- [Python3](https://www.python.org/downloads/) with pip (optional: see `Create and authenticate a user using our python script (new)` part)\n  - [Boto3](https://aws.amazon.com/sdk-for-python/) `$ python -m pip install boto3`\n\n## Configuration\n\nAt first, you need to have the credetials for your AWS account in `~/.aws/credentials`.\n\n\nBefore you deploy the resources, you can modify the `config.json` file.\n\nIn this file you'll find some particular information about the deployment like the name of the service, the name of the Cognito User Pool, the region where you want to deploy it...\n\nYou should modify with your proper information.\n\n## Deployment\n\nYou can now start the deployment into using the serverless command: `$\u003e serverless deploy`.\n\n## Test your API Gateway with Cognito\n\nWhen the deployment is done, you can find in the AWS Console the different resources deployed such as API Gateway, Lambdas and Cognito.\n\nIf you want to test the authentication, you need to create a user into your Cognito User Pool and get a token for your user, that's why you have the `example-auth.json` file.\n\nFirst, you have to connect to the AWS Console and go on Cognito -\u003e User Pool -\u003e Your User Pool (get and save your Pool Id) --\u003e App Clients and click on `Show details` and click on `Enable username password auth for admin APIs for authentication (ALLOW_ADMIN_USER_PASSWORD_AUTH)` and Save app client changes. (get and save your App client Id too).\n\n### Create and authenticate a user using our python script (new)\n\nWe've created a new [script](cognito_user.py) that you can use to create and/or authenticate a user.\nYou can take a look at the different possibility using this script by running the following command:\n`$ ./cognito_user.py --help`\n\n#### Create a user\n\nOnce it's done you can simply run the following command:\n\n```shell\n$ ./cognito_user.py mail@example.com $userPoolId $clientId --region $region --profile $profile --create\nUser password:\nToken: eyJraWQiOiJuOXJFTE1qZlwvZ0hCakEwRDFOVzZGYk...\n```\n\n\u003e Note that the given password (`User password`) will be your final password. We'll first generate a random temporary password to validate the NEW_PASSWORD_REQUIRED change.\n\u003e\n\u003e The `--profile` is your profile already configured through AWS CLI (see `$ aws configure help`)\n\u003e\n\u003e The above command will return you a token that you can use to make authenticated requests.\n\n#### Authenticate a user\n\nIf you've already created a user you can avoid the `--create` to only authenticate your user. It will also return you a token that you can use to make authenticated requests:\n\n```shell\n$ ./cognito_user.py mail@example.com $userPoolId $clientId --region $region --profile $profile\nUser password:\nToken: eyJraWQiOiJuOXJFTE1qZlwvZ0hCakEwRDFOVzZGYk...\n```\n\n### Create and authenticate a user step by step with AWS CLI\n\n#### Create a user\n\nTo create a user you have to launch the following command (replace the $ variables, and note that you will need to change the password):\n\n`$\u003e aws cognito-idp admin-create-user --user-pool-id $userPoolId --username $userName --temporary-password $userPassword`\n\n\nYou now have to modify the `example-auth.json` into replacing the different variables and do the following command to initiate your user:\n\n`$\u003e aws cognito-idp admin-initiate-auth --cli-input-json file://example-auth.json`\n\ncopy the value of `Session` in the output and do the following command to change the password (replace the $ variables):\n\n`$\u003e aws cognito-idp admin-respond-to-auth-challenge --user-pool-id $userPoolId --client-id $clientId --challenge-name NEW_PASSWORD_REQUIRED --challenge-responses NEW_PASSWORD=$newPassword,USERNAME=$userName --session $session`\n\n\n#### Use your user to test endpoints which required authentication\n\nOnce you have your user created, initiated and with a new password (don't forget to change the password by the new password in the `example-auth.json` file) you can do the following command and get your token:\n\n`$\u003e aws cognito-idp admin-initiate-auth --cli-input-json file://example-auth.json`\n\nIn the output, the value of `tokenId` is your token, you can use it to make some requests to your endpoints (with Postman for example).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Faws-api-gateway-cognito","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrackit%2Faws-api-gateway-cognito","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrackit%2Faws-api-gateway-cognito/lists"}