-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathsetup_cognito.sh
executable file
·93 lines (79 loc) · 2.46 KB
/
setup_cognito.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/bin/bash
set -e
COGNITO_ID_NAME=poliko
EXEC_ROLE_NAME_UNAUTH=poliko_unauth
EXEC_ROLE_NAME_AUTH=poliko_auth
ACCOUNT_NUMBER=$(aws ec2 describe-security-groups --group-names 'Default' --query 'SecurityGroups[0].OwnerId' --output text)
REGION=us-east-1
cat << EOF > /tmp/trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Federated": "cognito-identity.amazonaws.com"
},
"Action": "sts:AssumeRoleWithWebIdentity"
}
]
}
EOF
cat << EOF > /tmp/unauth_poliko.json
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"rekognition:DetectLabels",
"rekognition:DetectFaces",
"polly:SynthesizeSpeech"
],
"Resource": [ "*" ]
}]
}
EOF
cat << EOF > /tmp/auth_poliko.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*",
"cognito-identity:*"
],
"Resource": [
"*"
]
}
]
}
EOF
create_execution_role() {
ROLE_ARN_AUTH=$(aws iam create-role --role-name $EXEC_ROLE_NAME_AUTH --assume-role-policy-document file:///tmp/trust-policy.json --query Role.Arn --output text)
ROLE_ARN_UNAUTH=$(aws iam create-role --role-name $EXEC_ROLE_NAME_UNAUTH --assume-role-policy-document file:///tmp/trust-policy.json --query Role.Arn --output text)
aws iam put-role-policy --role-name $EXEC_ROLE_NAME_AUTH --policy-name save-mePolicy --policy-document file:///tmp/auth_poliko.json
aws iam put-role-policy --role-name $EXEC_ROLE_NAME_UNAUTH --policy-name save-mePolicy --policy-document file:///tmp/unauth_poliko.json
echo $ROLE_ARN_AUTH
echo $ROLE_ARN_UNAUTH
}
create_cognito_id() {
IDENTITY_POOL_ID=$(aws cognito-identity create-identity-pool --identity-pool-name $COGNITO_ID_NAME --allow-unauthenticated-identities --region $REGION --query IdentityPoolId --output text)
POOL_ARN=arn:aws:cognito-identity:$REGION:$ACCOUNT_NUMBER:identitypool/$IDENTITY_POOL_ID
echo $IDENTITY_POOL_ID
echo $POOL_ARN
echo $EXEC_ROLE_NAME_AUTH
echo $EXEC_ROLE_NAME_UNAUTH
TT=$(aws cognito-identity set-identity-pool-roles --region $REGION --identity-pool-id $IDENTITY_POOL_ID --roles authenticated=$ROLE_ARN_AUTH,unauthenticated=$ROLE_ARN_UNAUTH)
echo $TT
}
update_configuration() {
sed -i.bak s/REPLACE_ME/$IDENTITY_POOL_ID/g ai.js
}
# main
create_execution_role
create_cognito_id
update_configuration