template.yml

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Resources:
  cognitoauth:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: lambda.handler
      Runtime: python3.8
      Policies: 
        - AmazonCognitoPowerUser
        - AmazonDynamoDBFullAccess
      CodeUri: lambda/
      Description: 'Lambda function to serve HTML traffic through API Gateway'
      MemorySize: 256
      Timeout: 5
      Tracing: Active
      ReservedConcurrentExecutions: 3
      Events:
        GetHtml:
          Type: HttpApi
          Properties:
            Path: '/{proxy+}'
            Method: any
      Environment:
        Variables:
          userpoolid: !Ref cognitopool
          clientid: !Ref cognitoclient
          dynamotable: !Ref cookietable

  cookietable:
    Type: "AWS::DynamoDB::Table"
    Properties:
      AttributeDefinitions:
        -
          AttributeName: "user"
          AttributeType: "S"
      KeySchema:
        -
          AttributeName: "user"
          KeyType: "HASH"        
      BillingMode: PAY_PER_REQUEST
      TimeToLiveSpecification:
          Enabled: true
          AttributeName: 'ttl'

  weblogtable:
    Type: "AWS::DynamoDB::Table"
    Properties:
      AttributeDefinitions: 
        - 
          AttributeName: "userid"
          AttributeType: "S"
        - 
          AttributeName: "unixts"
          AttributeType: "S"
      KeySchema: 
        - 
          AttributeName: "userid"
          KeyType: "HASH"
        - 
          AttributeName: "unixts"
          KeyType: "RANGE"    
      BillingMode: PAY_PER_REQUEST

  cognitopool:
    Type: "AWS::Cognito::UserPool"
    Properties:
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: false
        UnusedAccountValidityDays: 1
      AliasAttributes:
        - email
      Policies:
        PasswordPolicy:
          MinimumLength: 6
          RequireLowercase: true
          RequireNumbers: false
          RequireSymbols: false
          RequireUppercase: false

  cognitoclient:
    Type: "AWS::Cognito::UserPoolClient"
    Properties:
      UserPoolId:
        Ref: cognitopool
      GenerateSecret: false
      ExplicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
        - USER_PASSWORD_AUTH

Outputs:
  WebInterface:
    Value: { "Fn::Sub" : "https://${ServerlessHttpApi}.execute-api.${AWS::Region}.amazonaws.com/home/"}