feat: use nodejs 18 for auth lambdas

packages/amplify-category-auth/package.json

@@ -54,6 +54,7 @@
   },
   "devDependencies": {
     "@aws-sdk/client-cognito-identity-provider": "^3.303.0",
+    "@aws-sdk/client-iam": "^3.303.0",
     "@types/mime-types": "^2.1.1",
     "cloudform-types": "^4.2.0",
     "jest": "^29.5.0",

packages/amplify-category-auth/resources/auth-custom-resource/hostedUILambda.js

@@ -1,6 +1,12 @@
 const response = require('cfn-response');
-const aws = require('aws-sdk');
-const identity = new aws.CognitoIdentityServiceProvider();
+const {
+  CognitoIdentityProviderClient,
+  CreateUserPoolDomainCommand,
+  DeleteUserPoolDomainCommand,
+  DescribeUserPoolCommand,
+  DescribeUserPoolDomainCommand,
+} = require('@aws-sdk/client-cognito-identity-provider');
+const identity = new CognitoIdentityProviderClient({});
 
 exports.handler = (event, context) => {
   // Don't return promise, response.send() marks context as done internally
@@ -10,31 +16,28 @@ exports.handler = (event, context) => {
 async function checkDomainAvailability(domainName) {
   const params = { Domain: domainName };
   try {
-    const res = await identity.describeUserPoolDomain(params).promise();
-    if (res.DomainDescription && res.DomainDescription.UserPool) {
-      return false;
-    }
-    return true;
+    const res = await identity.send(new DescribeUserPoolDomainCommand(params));
+    return !(res.DomainDescription && res.DomainDescription.UserPoolId);
   } catch (err) {
     return false;
   }
 }
 
 async function deleteUserPoolDomain(domainName, userPoolId) {
   const params = { Domain: domainName, UserPoolId: userPoolId };
-  await identity.deleteUserPoolDomain(params).promise();
+  await identity.send(new DeleteUserPoolDomainCommand(params));
 }
 
 async function createUserPoolDomain(domainName, userPoolId) {
   const params = {
     Domain: domainName,
     UserPoolId: userPoolId,
   };
-  await identity.createUserPoolDomain(params).promise();
+  await identity.send(new CreateUserPoolDomainCommand(params));
 }
 
 async function createOrUpdateDomain(inputDomainName, userPoolId) {
-  const result = await identity.describeUserPool({ UserPoolId: userPoolId }).promise();
+  const result = await identity.send(new DescribeUserPoolCommand({ UserPoolId: userPoolId }));
   if (result.UserPool.Domain === inputDomainName) {
     // if existing domain is same as input domain do nothing.
     return;

packages/amplify-category-auth/resources/auth-custom-resource/hostedUIProviderLambda.js

@@ -1,104 +1,108 @@
 const response = require('cfn-response');
-const aws = require('aws-sdk');
-const identity = new aws.CognitoIdentityServiceProvider();
-exports.handler = (event, context, callback) => {
-  try {
-    const userPoolId = event.ResourceProperties.userPoolId;
-    let hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);
-    let hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);
-    if (hostedUIProviderCreds.length === 0) {
-      response.send(event, context, response.SUCCESS, {});
+const {
+  CognitoIdentityProviderClient,
+  CreateIdentityProviderCommand,
+  DeleteIdentityProviderCommand,
+  UpdateIdentityProviderCommand,
+} = require('@aws-sdk/client-cognito-identity-provider');
+const identity = new CognitoIdentityProviderClient({});
+
+exports.handler = (event, context) => {
+  // Don't return promise, response.send() marks context as done internally
+  const ignoredPromise = handleEvent(event, context);
+};
+
+function getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {
+  const providerMetaIndex = hostedUIProviderMeta.findIndex((provider) => provider.ProviderName === providerName);
+  const providerMeta = hostedUIProviderMeta[providerMetaIndex];
+  const providerCredsIndex = hostedUIProviderCreds.findIndex((provider) => provider.ProviderName === providerName);
+  const providerCreds = hostedUIProviderCreds[providerCredsIndex];
+  let requestParams = {
+    ProviderName: providerMeta.ProviderName,
+    UserPoolId: userPoolId,
+    AttributeMapping: providerMeta.AttributeMapping,
+  };
+  if (providerMeta.ProviderName === 'SignInWithApple') {
+    if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {
+      requestParams.ProviderDetails = {
+        client_id: providerCreds.client_id,
+        team_id: providerCreds.team_id,
+        key_id: providerCreds.key_id,
+        private_key: providerCreds.private_key,
+        authorize_scopes: providerMeta.authorize_scopes,
+      };
+    } else {
+      requestParams = null;
     }
-    if (event.RequestType == 'Delete') {
-      response.send(event, context, response.SUCCESS, {});
+  } else {
+    if (providerCreds.client_id && providerCreds.client_secret) {
+      requestParams.ProviderDetails = {
+        client_id: providerCreds.client_id,
+        client_secret: providerCreds.client_secret,
+        authorize_scopes: providerMeta.authorize_scopes,
+      };
+    } else {
+      requestParams = null;
     }
-    if (event.RequestType == 'Update' || event.RequestType == 'Create') {
-      let getRequestParams = (providerName) => {
-        let providerMetaIndex = hostedUIProviderMeta.findIndex((provider) => provider.ProviderName === providerName);
-        let providerMeta = hostedUIProviderMeta[providerMetaIndex];
-        let providerCredsIndex = hostedUIProviderCreds.findIndex((provider) => provider.ProviderName === providerName);
-        let providerCreds = hostedUIProviderCreds[providerCredsIndex];
-        let requestParams = {
-          ProviderName: providerMeta.ProviderName,
-          UserPoolId: userPoolId,
-          AttributeMapping: providerMeta.AttributeMapping,
-        };
-        if (providerMeta.ProviderName === 'SignInWithApple') {
-          if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {
-            requestParams.ProviderDetails = {
-              client_id: providerCreds.client_id,
-              team_id: providerCreds.team_id,
-              key_id: providerCreds.key_id,
-              private_key: providerCreds.private_key,
-              authorize_scopes: providerMeta.authorize_scopes,
-            };
-          } else {
-            requestParams = null;
-          }
-        } else {
-          if (providerCreds.client_id && providerCreds.client_secret) {
-            requestParams.ProviderDetails = {
-              client_id: providerCreds.client_id,
-              client_secret: providerCreds.client_secret,
-              authorize_scopes: providerMeta.authorize_scopes,
-            };
+  }
+  return requestParams;
+}
+
+async function createIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {
+  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);
+  if (!requestParams) {
+    return;
+  }
+  requestParams.ProviderType = requestParams.ProviderName;
+  await identity.send(new CreateIdentityProviderCommand(requestParams));
+}
+
+async function updateIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {
+  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);
+  if (!requestParams) {
+    return;
+  }
+  await identity.send(new UpdateIdentityProviderCommand(requestParams));
+}
+
+async function deleteIdentityProvider(providerName, userPoolId) {
+  const params = { ProviderName: providerName, UserPoolId: userPoolId };
+  await identity.send(new DeleteIdentityProviderCommand(params));
+}
+
+async function handleEvent(event, context) {
+  try {
+    const userPoolId = event.ResourceProperties.userPoolId;
+    const hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);
+    const hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);
+    if (hostedUIProviderCreds.length !== 0) {
+      if (event.RequestType === 'Update' || event.RequestType === 'Create') {
+        const listIdentityProvidersResponse = await identity
+          .listIdentityProviders({
+            UserPoolId: userPoolId,
+            MaxResults: 60,
+          })
+          .promise();
+        console.log(listIdentityProvidersResponse);
+        const providerList = listIdentityProvidersResponse.Providers.map((provider) => provider.ProviderName);
+        const providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);
+        for (const providerMetadata of hostedUIProviderMeta) {
+          if (providerList.indexOf(providerMetadata.ProviderName) > -1) {
+            await updateIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);
           } else {
-            requestParams = null;
+            await createIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);
           }
         }
-        return requestParams;
-      };
-      let createIdentityProvider = (providerName) => {
-        let requestParams = getRequestParams(providerName);
-        if (!requestParams) {
-          return Promise.resolve();
-        }
-        requestParams.ProviderType = requestParams.ProviderName;
-        return identity.createIdentityProvider(requestParams).promise();
-      };
-      let updateIdentityProvider = (providerName) => {
-        let requestParams = getRequestParams(providerName);
-        if (!requestParams) {
-          return Promise.resolve();
+        for (const provider of providerList) {
+          if (providerListInParameters.indexOf(provider) < 0) {
+            await deleteIdentityProvider(provider, userPoolId);
+          }
         }
-        return identity.updateIdentityProvider(requestParams).promise();
-      };
-      let deleteIdentityProvider = (providerName) => {
-        let params = { ProviderName: providerName, UserPoolId: userPoolId };
-        return identity.deleteIdentityProvider(params).promise();
-      };
-      let providerPromises = [];
-      identity
-        .listIdentityProviders({ UserPoolId: userPoolId, MaxResults: 60 })
-        .promise()
-        .then((result) => {
-          console.log(result);
-          let providerList = result.Providers.map((provider) => provider.ProviderName);
-          let providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);
-          hostedUIProviderMeta.forEach((providerMetadata) => {
-            if (providerList.indexOf(providerMetadata.ProviderName) > -1) {
-              providerPromises.push(updateIdentityProvider(providerMetadata.ProviderName));
-            } else {
-              providerPromises.push(createIdentityProvider(providerMetadata.ProviderName));
-            }
-          });
-          providerList.forEach((provider) => {
-            if (providerListInParameters.indexOf(provider) < 0) {
-              providerPromises.push(deleteIdentityProvider(provider));
-            }
-          });
-          return Promise.all(providerPromises);
-        })
-        .then(() => {
-          response.send(event, context, response.SUCCESS, {});
-        })
-        .catch((err) => {
-          console.log(err.stack);
-          response.send(event, context, response.FAILED, { err });
-        });
+      }
     }
+    response.send(event, context, response.SUCCESS, {});
   } catch (err) {
     console.log(err.stack);
     response.send(event, context, response.FAILED, { err });
   }
-};
+}

packages/amplify-category-auth/resources/auth-custom-resource/mfaLambda.js

@@ -1,14 +1,16 @@
 const response = require('cfn-response');
-const aws = require('aws-sdk');
-const identity = new aws.CognitoIdentityServiceProvider();
-exports.handler = (event, context, callback) => {
-  if (event.RequestType == 'Delete') {
-    response.send(event, context, response.SUCCESS, {});
-  }
-  if (event.RequestType == 'Update' || event.RequestType == 'Create') {
-    let totpParams = {};
-    try {
-      totpParams = {
+const { CognitoIdentityProviderClient, SetUserPoolMfaConfigCommand } = require('@aws-sdk/client-cognito-identity-provider');
+const identity = new CognitoIdentityProviderClient({});
+
+exports.handler = (event, context) => {
+  // Don't return promise, response.send() marks context as done internally
+  const ignoredPromise = handleEvent(event, context);
+};
+
+async function handleEvent(event, context) {
+  try {
+    if (event.RequestType === 'Update' || event.RequestType === 'Create') {
+      const totpParams = {
         UserPoolId: event.ResourceProperties.userPoolId,
         MfaConfiguration: event.ResourceProperties.mfaConfiguration,
         SmsMfaConfiguration: {
@@ -18,20 +20,14 @@ exports.handler = (event, context, callback) => {
             ExternalId: event.ResourceProperties.smsConfigExternalId,
           },
         },
-        SoftwareTokenMfaConfiguration: { Enabled: event.ResourceProperties.totpEnabled.toLowerCase() === true ? true : false },
+        SoftwareTokenMfaConfiguration: { Enabled: event.ResourceProperties.totpEnabled.toLowerCase() === 'true' },
       };
       console.log(totpParams);
-    } catch (e) {
-      response.send(event, context, response.FAILED, { e });
+
+      await identity.send(new SetUserPoolMfaConfigCommand(totpParams));
     }
-    identity
-      .setUserPoolMfaConfig(totpParams)
-      .promise()
-      .then((res) => {
-        response.send(event, context, response.SUCCESS, { res });
-      })
-      .catch((err) => {
-        response.send(event, context, response.FAILED, { err });
-      });
+    response.send(event, context, response.SUCCESS, {});
+  } catch (e) {
+    response.send(event, context, response.FAILED, { e });
   }
-};
+}