-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: Add Authoriser Based on User Pool Group #617
Conversation
@@ -153,12 +153,14 @@ export class Filemanager extends Stack { | |||
new HttpRoute(this, 'PatchHttpRoute', { | |||
httpApi: httpApi, | |||
integration: apiIntegration, | |||
authorizer: apiGateway.cognitoAdminGroupAuthorizer, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the FM might be a use case where only the admin user (including orcabus_token
) could do non-read methods (e.g. POST, PATCH). @mmalenic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@victorskl Just an important note on each stage we must put the orcabus_token
service on the admin Cognito group and refresh the service JWT rotator to get the latest token claim.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it, will do. Thanks, Will.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Minor comment/fix.
@williamputraintan Ok to merge? |
Yes, but we would probably need cognito in stg and prod to sync up. Happy if we want to leave this out from O3 ? |
Yup, will sync up cognito accordingly, Will. No worries. |
Ok, will merge after the testing of resolved conflict is finished. |
Depends on umccr/infrastructure#487