- Amazon Cognito
- Amazon DynamoDB
- Amazon API Gateway
- AWS Lambda
- API Gateway Dashboard -> Create API -> REST API -> Build
- Protocol - REST -> Create new API -> API name [aws_live_api] -> Endpoint Type - Regional -> Create API
- Resources -> Actions -> Create Resource -> Resource Name [Items] -> Create Resource
- DynamoDB Dashboard -> Tables -> Create table -> Table name [Items] -> Partition key [id] -> Create table
- Lambda Dashboard -> Create function -> Name [put_item_function] -> Create function
- Inserir código da função
put_item_function.js
disponível na pasta/src
-> Deploy - Configuration -> Execution role -> Abrir a Role no console do IAM
- IAM -> Roles -> Role criada no passo anterior -> Permissions -> Add inline policy
- Service - DynamoDB -> Manual actions -> add actions -> putItem
- Resources -> Add arn -> Selecionar o arn da tabela criada no DynamoDB -> Add
- Review policy -> Name [lambda_dynamodb_putItem_policy] -> Create policy
- API Gateway Dashboard -> Selecionar a API criada -> Resources -> Selecionar o resource criado -> Action -> Create method - POST
- Integration type -> Lambda function -> Use Lambda Proxy Integration -> Lambda function -> Selecionar a função Lambda criada -> Save
- Actions -> Deploy API -> Deployment Stage -> New Stage [dev] -> Deploy
- Add Request -> Method POST -> Copiar o endpoint gerado no API Gateway
- Body -> Raw -> JSON -> Adicionar o seguinte body
{
"id": "003",
"price": 600
}
- Send
-
Cognito Dashboard -> Manage User Pools -> Create a User Pool -> Pool name [TestPool]
-
How do you want your end users to sign in? - Email address or phone number -> Next Step
-
What password strength do you want to require?
-
Do you want to enable Multi-Factor Authentication (MFA)? Off -> Next Step
-
Do you want to customize your email verification messages? -> Verification type - Link -> Next Step
-
Which app clients will have access to this user pool? -> App client name [TestClient] -> Create App Client -> Next Step
-
Create Pool
-
App integration -> App client settings -> Enabled Identity Providers - Cognito User Pool
-
Callback URL(s) [https://example.com/logout]
-
OAuth 2.0 -> Allowed OAuth Flows - Authorization code grant -Implicit grant
-
Allowed OAuth Scopes - email - openid
-
Save Changes
-
Domain name -> Domain prefix [awsservice] -> Save
-
API Gateway Dashboard -> Selecionar a API criada -> Authorizers -> Create New Authorizer
-
Name [CognitoAuth] -> Type - Cognito -> Cognito User Pool [pool criada anteriormente] -> Token Source [Authorization]
-
Resources -> selecionar o resource criado -> selecionar o método criado -> Method Request -> Authorization - Selecionar o autorizador criado
-
Add request -> Authorization
-
Type - OAuth 2.0
-
Callback URL [https://example.com/logout]
-
Auth URL [https://mudar.auth.sa-east-1.amazoncognito.com/login]
-
Client ID - obter o Client ID do Cognito em App clients
-
Scope [email - openid]
-
Client Authentication [Send client credentials in body]
-
Get New Acces Token
-
Copiar o token gerado
-
Selecionar a request para inserir item criada -> Authorization -> Type - Bearer Token -> Inserir o token copiado
-
Send