Skip to content

akerra6993/rds-data-viewer-react-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
docs
docs
 
 
public
public
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

Local Development

This project was bootstrapped with Create React App.

To run the project locally, you can run:

npm start

Runs the app in the development mode.
Open http://localhost:3000 to view it in the browser.

The page will reload if you make edits.
You will also see any lint errors in the console.

Continuous Deployment

This application is hosted using AWS Amplify. The Amplify project is configured to track the GitHub Repository. Commits to the main branch will automatically be built and deployed. See the Amplify project in AWS console for build settings and the hosted URL.

continuous deployment

Authentication and Permissions

This application uses AWS Cognito to generate an authentication token for anonymous (unauthenticated) users, then uses AWS STS to generate temporary AWS credentials which allow the user to assume a certain IAM role. The role has policies attached which permit anyone assuming that role to perform certain actions.

The below diagram illustrates the authentication flow:

auth flow

This is referred to as the "Basic (Classic) AuthFlow" for Cognito: https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html. It is required for this app since RDS and EC2 APIs are not supported when using enhanced auth (see https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html).

Required AWS API calls

The data sources for this application are:

The IAM role assumed by the anonymous users (Cognito_RDSDataAppPoolUnauth_Role) must have the necessary access to these services to fetch the data. The permission is granted via policies attached to the role.

RDSDataPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "rds:DescribeDBInstances",
            "Resource": "*"
        }
    ]
}

EC2DataPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*"
        }
    ]
}

CloudWatchGetMetricDataPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "cloudwatch:GetMetricData",
            "Resource": "*"
        }
    ]
}

AWS Resource Summary

All required AWS resources for this project:

  • Cognito Identity Pool

    • Allow unauthenticated access
    • Enable basic authentication flow

  • Amplify Application

    • Framework = React
    • Track GitHub repository

  • IAM Policies

    • RDSDataPolicy
    • EC2DataPolicy
    • CloudWatchGetMetricDataPolicy

  • IAM Role: auto-created by Cognito (the UnAuth role)

    • Attach IAM policies listed above
    • Trust policy to allow unauthenticated Cognito identities to assume this role (this is automatically configured if the role is created by Cognito)

About

React web app for viewing AWS RDS instance data

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages