Added Elastic Beanstalk support to Cognito quickstart app

Author: Jasmine Wang

Diff for: .ebextensions/app.config

@@ -0,0 +1,3 @@
+packages:
+  yum:
+    krb5-devel: []

Diff for: .ebextensions/build-angular.config

@@ -0,0 +1,22 @@
+files:
+  "/opt/elasticbeanstalk/hooks/appdeploy/pre/55_build_angular.sh":
+    mode: "000755"
+    owner: root
+    group: root
+    content: |
+      #!/usr/bin/env bash
+
+      set -xe
+
+      EB_APP_CURRENT_DIR=$(/opt/elasticbeanstalk/bin/get-config container -k app_deploy_dir)
+      EB_APP_STAGING_DIR=$(/opt/elasticbeanstalk/bin/get-config container -k app_staging_dir)
+      EB_APP_USER=$(/opt/elasticbeanstalk/bin/get-config container -k app_user)
+      EB_APP_STAGING_NM_DIR=$EB_APP_STAGING_DIR/node_modules/.bin
+
+      NODE_PATH=$(/opt/elasticbeanstalk/bin/get-config container -k nodejs_install_dir)
+      NODE_PATH_FULL=`ls -td $NODE_PATH/node-* | head -1`/bin
+      export PATH=$NODE_PATH_FULL:$PATH
+      export PATH=$EB_APP_STAGING_NM_DIR:$PATH
+
+      cd $EB_APP_STAGING_DIR
+      npm run build

Diff for: .ebextensions/nodecommand.config

@@ -0,0 +1,3 @@
+option_settings:
+  aws:elasticbeanstalk:container:nodejs:
+    NodeCommand: "npm start"

Diff for: .gitignore

@@ -1,11 +1,11 @@
 # See http://help.github.com/ignore-files/ for more about ignoring files.
 
 # compiled output
-/dist
+/dist/**/*
 /tmp
 
 # dependencies
-/node_modules
+/node_modules/**/*
 /src/bower_components
 /public/bower_components
 
@@ -28,3 +28,13 @@ testem.log
 #System Files
 .DS_Store
 Thumbs.db
+
+# Elastic Beanstalk Files
+.elasticbeanstalk/*
+!.elasticbeanstalk/*.cfg.yml
+!.elasticbeanstalk/*.global.yml
+
+# Build Artifacts
+Archive.zip
+test.pem
+resetConfig.sh

Diff for: app.js

@@ -0,0 +1,61 @@
+var express = require('express');
+var path = require('path');
+var favicon = require('serve-favicon');
+var logger = require('morgan');
+var cookieParser = require('cookie-parser');
+var bodyParser = require('body-parser');
+
+var routes = require('./routes/index');
+var api = require('./routes/api');
+
+var app = express();
+
+// view engine setup
+app.set('views', path.join(__dirname, 'dist'));
+app.set('view engine', 'ejs');
+app.engine('html', require('ejs').renderFile);
+
+// uncomment after placing your favicon in /public
+//app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
+app.use(logger('dev'));
+app.use(bodyParser.json());
+app.use(bodyParser.urlencoded({ extended: false }));
+app.use(cookieParser());
+app.use(express.static(path.join(__dirname, 'dist')));
+
+app.use('/api', api);
+app.use('/', routes);
+
+// catch 404 and forward to error handler
+app.use(function(req, res, next) {
+  var err = new Error('Not Found');
+  err.status = 404;
+  next(err);
+});
+
+// error handlers
+
+// development error handler
+// will print stacktrace
+if (app.get('env') === 'development') {
+  app.use(function(err, req, res, next) {
+    res.status(err.status || 500);
+    res.render('error', {
+      message: err.message,
+      error: err
+    });
+  });
+}
+
+// production error handler
+// no stacktraces leaked to user
+app.use(function(err, req, res, next) {
+  res.status(err.status || 500);
+  res.render('error', {
+    message: err.message,
+    error: {}
+  });
+});
+
+
+module.exports = app;

Diff for: app_config.json

@@ -0,0 +1,7 @@
+{
+    "AWS_REGION": "us-west-2",
+    "AWS_COGNITO_USERPOOLID": "us-west-2_yv5XO7TOC",
+    "AWS_COGNITO_CLIENTID": "7euuf658388svpl2rnfdcqn626",
+    "AWS_COGNITO_IDENTITY_POOL_ID": "us-west-2:b4e35c1b-6b80-4dda-8111-f5db206d4a11",
+    "AWS_DYNAMODB_TABLENAME": "LoginTrailbudilovdeletecogdemo"
+}

Diff for: aws/authrole.json

@@ -23,7 +23,7 @@
         "dynamodb:DeleteItem"
       ],
       "Resource": [
-        "arn:aws:dynamodb:REGION:ACCOUNT_NUMBER:table/TABLE_NAME"
+        "DDB_TABLE_ARN"
       ],
       "Condition": {
         "ForAllValues:StringEquals": {

Diff for: aws/createResources.sh

@@ -1,75 +1,193 @@
 #!/usr/bin/env bash
 
-ROOT_NAME=budilovdelete
+ROOT_NAME=budilovdeletecogdemo
 # Bucket name must be all lowercase, and start/end with lowecase letter or number
 # $(echo...) code to work with versions of bash older than 4.0
 BUCKET_NAME=budilov-$(echo "$ROOT_NAME" | tr '[:upper:]' '[:lower:]')
 TABLE_NAME=LoginTrail$ROOT_NAME
 
-# Replace with your 12-digit AWS account ID (e.g., 123456789012)
-AWS_ACCOUNT=540403165297
 ROLE_NAME_PREFIX=$ROOT_NAME
 POOL_NAME=$ROOT_NAME
 IDENTITY_POOL_NAME=$ROOT_NAME
 REGION=us-west-2
+EB_INSTANCE_TYPE=t2.small
+EB_PLATFORM=node.js
+CURR_DIR=$( cd $(dirname $0) ; pwd -P )
+
+DDB_TABLE_ARN=""
+IDENTITY_POOL_ID=""
+USER_POOL_ID=""
+USER_POOL_CLIENT_ID=""
+
+
+createS3Bucket() {
+    # Create the bucket
+    aws s3 mb s3://$BUCKET_NAME/ --region $REGION
+    # Add the ‘website’ configuration and bucket policy
+    aws s3 website s3://$BUCKET_NAME/ --index-document index.html --error-document index.html
+    cat s3-bucket-policy.json | sed 's/BUCKET_NAME/'$BUCKET_NAME'/' > /tmp/s3-bucket-policy.json
+    aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy file:///tmp/s3-bucket-policy.json
+    #Build the project and sync it up to the bucket
+    ng build --prod ../
+    aws s3 sync ../dist/ s3://$BUCKET_NAME/
+}
+
+createDDBTable() {
+    # Create DDB Table
+    aws dynamodb create-table \
+        --table-name $TABLE_NAME \
+        --attribute-definitions \
+            AttributeName=userId,AttributeType=S \
+            AttributeName=activityDate,AttributeType=S \
+        --key-schema AttributeName=userId,KeyType=HASH AttributeName=activityDate,KeyType=RANGE \
+        --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
+        --region $REGION \
+        > /tmp/dynamoTable
+
+    DDB_TABLE_ARN=$(perl -nle 'print $& if m{"TableArn":\s*"\K([^"]*)}' /tmp/dynamoTable | awk -F'"' '{print $1}')
+}
+
+createCognitoResources() {
+    # Create a Cognito Identity and Set roles
+    aws cognito-identity create-identity-pool --identity-pool-name $IDENTITY_POOL_NAME --allow-unauthenticated-identities --region $REGION| grep IdentityPoolId | awk '{print $2}' | xargs |sed -e 's/^"//'  -e 's/"$//' -e 's/,$//' > /tmp/poolId
+    IDENTITY_POOL_ID=$(cat /tmp/poolId)
+    echo "Created an identity pool with id of " $IDENTITY_POOL_ID
+
+    # Create an IAM role for unauthenticated users
+    cat unauthrole-trust-policy.json | sed 's/IDENTITY_POOL/'$IDENTITY_POOL_ID'/' > /tmp/unauthrole-trust-policy.json
+    aws iam create-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role --assume-role-policy-document file:///tmp/unauthrole-trust-policy.json > /tmp/iamUnauthRole
+    aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-name CognitoPolicy --policy-document file://unauthrole.json
+
+    # Create an IAM role for authenticated users
+    cat authrole-trust-policy.json | sed 's/IDENTITY_POOL/'$IDENTITY_POOL_ID'/' > /tmp/authrole-trust-policy.json
+    aws iam create-role --role-name $ROLE_NAME_PREFIX-authenticated-role --assume-role-policy-document file:///tmp/authrole-trust-policy.json > /tmp/iamAuthRole
+    cat authrole.json | sed 's~DDB_TABLE_ARN~'$DDB_TABLE_ARN'~' > /tmp/authrole.json
+    aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-name CognitoPolicy --policy-document file:///tmp/authrole.json
+
+    # Create the user pool
+    aws cognito-idp create-user-pool --pool-name $POOL_NAME --auto-verified-attributes email --policies file://user-pool-policy.json --region $REGION > /tmp/$POOL_NAME-create-user-pool
+    USER_POOL_ID=$(grep -E '"Id":' /tmp/$POOL_NAME-create-user-pool | awk -F'"' '{print $4}')
+    echo "Created user pool with an id of " $USER_POOL_ID
+
+    # Create the user pool client
+    aws cognito-idp create-user-pool-client --user-pool-id $USER_POOL_ID --no-generate-secret --client-name webapp --region $REGION > /tmp/$POOL_NAME-create-user-pool-client
+    USER_POOL_CLIENT_ID=$(grep -E '"ClientId":' /tmp/$POOL_NAME-create-user-pool-client | awk -F'"' '{print $4}')
+    echo "Created user pool client with id of " $USER_POOL_CLIENT_ID
+
+    # Add the user pool and user pool client id to the identity pool
+    aws cognito-identity update-identity-pool --allow-unauthenticated-identities --identity-pool-id $IDENTITY_POOL_ID --identity-pool-name $IDENTITY_POOL_NAME --cognito-identity-providers ProviderName=cognito-idp.$REGION.amazonaws.com/$USER_POOL_ID,ClientId=$USER_POOL_CLIENT_ID --region $REGION
+
+    # Update cognito identity with the roles
+    UNAUTH_ROLE_ARN=$(perl -nle 'print $& if m{"Arn":\s*"\K([^"]*)}' /tmp/iamUnauthRole | awk -F'"' '{print $1}')
+    AUTH_ROLE_ARN=$(perl -nle 'print $& if m{"Arn":\s*"\K([^"]*)}' /tmp/iamAuthRole | awk -F'"' '{print $1}')
+    aws cognito-identity set-identity-pool-roles --identity-pool-id $IDENTITY_POOL_ID --roles authenticated=$AUTH_ROLE_ARN,unauthenticated=$UNAUTH_ROLE_ARN --region $REGION
+}
+
+createEBResources() {
+    cd $CURR_DIR/../
+    sleep 1
+    eb init $ROOT_NAME --region $REGION --platform $EB_PLATFORM
+    sleep 1
+    eb create $ROOT_NAME -d --region $REGION --platform $EB_PLATFORM --instance_type $EB_INSTANCE_TYPE
+    cd $CURR_DIR
+}
+
+verifyEBCLI() {
+    if command -v eb >/dev/null; then
+        echo "Creating Elastic Beanstalk environment ..."
+        createEBResources
+    else
+        echo "Please install the Elastic Beanstalk Command Line Interface first"
+        exit 1;
+    fi
+}
+
+writeConfigFiles() {
+(
+cat <<EOF
+export const environment = {
+    production: false,
+
+    region: '$REGION',
+
+    identityPoolId: '$IDENTITY_POOL_ID',
+    userPoolId: '$USER_POOL_ID',
+    clientId: '$USER_POOL_CLIENT_ID',
+
+    rekognitionBucket: 'rekognition-pics',
+    albumName: "usercontent",
+    bucketRegion: '$REGION',
+
+    ddbTableName: '$TABLE_NAME'
+};
+
+EOF
+) > $CURR_DIR/../src/environments/environment.ts
+
+(
+cat <<EOF
+export const environment = {
+    production: true,
+
+    region: '$REGION',
+
+    identityPoolId: '$IDENTITY_POOL_ID',
+    userPoolId: '$USER_POOL_ID',
+    clientId: '$USER_POOL_CLIENT_ID',
+
+    rekognitionBucket: 'rekognition-pics',
+    albumName: "usercontent",
+    bucketRegion: '$REGION',
+
+    ddbTableName: '$TABLE_NAME'
+};
+
+EOF
+) > $CURR_DIR/../src/environments/environment.prod.ts
+
+cd $CURR_DIR/../
+git add .
+git commit -m "Updated config files for created resources"
+cd $CURR_DIR
+
+}
+
+
+PS3='Where would you like to deploy your application? '
+options=("Elastic Beanstalk" "S3" "Quit")
+select opt in "${options[@]}"
+do
+
+    createDDBTable
+    createCognitoResources
+    writeConfigFiles
+
+    case $opt in
+        "Elastic Beanstalk")
+            verifyEBCLI
+            break
+            ;;
+        "S3")
+#            echo "you chose S3"
+            createS3Bucket
+            break
+            ;;
+        "Quit")
+            break
+            ;;
+        *) echo invalid option;;
+    esac
+done
 
-# Create the bucket
-aws s3 mb s3://$BUCKET_NAME/ --region $REGION
-# Add the ‘website’ configuration and bucket policy
-aws s3 website s3://$BUCKET_NAME/ --index-document index.html --error-document index.html
-cat s3-bucket-policy.json | sed 's/BUCKET_NAME/'$BUCKET_NAME'/' > /tmp/s3-bucket-policy.json
-aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy file:///tmp/s3-bucket-policy.json
-#Build the project and sync it up to the bucket
-ng build --prod ../
-aws s3 sync ../dist/ s3://$BUCKET_NAME/
-
-# Create DDB Table
-aws dynamodb create-table \
-    --table-name $TABLE_NAME \
-    --attribute-definitions \
-        AttributeName=userId,AttributeType=S \
-        AttributeName=activityDate,AttributeType=S \
-    --key-schema AttributeName=userId,KeyType=HASH AttributeName=activityDate,KeyType=RANGE \
-    --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1 \
-    --region $REGION
-
-
-# Create a Cognito Identity and Set roles
-aws cognito-identity create-identity-pool --identity-pool-name $IDENTITY_POOL_NAME --allow-unauthenticated-identities --region $REGION| grep IdentityPoolId | awk '{print $2}' | xargs |sed -e 's/^"//'  -e 's/"$//' -e 's/,$//' > /tmp/poolId
-identityPoolId=$(cat /tmp/poolId)
-echo "Created an identity pool with id of " $identityPoolId
-
-# Create an IAM role for unauthenticated users
-cat unauthrole-trust-policy.json | sed 's/IDENTITY_POOL/'$identityPoolId'/' > /tmp/unauthrole-trust-policy.json
-aws iam create-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role --assume-role-policy-document file:///tmp/unauthrole-trust-policy.json
-aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-name CognitoPolicy --policy-document file://unauthrole.json
-
-# Create an IAM role for authenticated users
-cat authrole-trust-policy.json | sed 's/IDENTITY_POOL/'$identityPoolId'/' > /tmp/authrole-trust-policy.json
-aws iam create-role --role-name $ROLE_NAME_PREFIX-authenticated-role --assume-role-policy-document file:///tmp/authrole-trust-policy.json
-cat authrole.json | sed 's/TABLE_NAME/'$TABLE_NAME'/' | sed 's/ACCOUNT_NUMBER/'$AWS_ACCOUNT'/' | sed 's/REGION/'$REGION'/' > /tmp/authrole.json
-aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-name CognitoPolicy --policy-document file:///tmp/authrole.json
-
-# Create the user pool
-aws cognito-idp create-user-pool --pool-name $POOL_NAME --auto-verified-attributes email --schema Name=email,Required=true --policies file://user-pool-policy.json --region $REGION > /tmp/$POOL_NAME-create-user-pool
-userPoolId=$(grep -E '"Id":' /tmp/$POOL_NAME-create-user-pool | awk -F'"' '{print $4}')
-echo "Created user pool with an id of " $userPoolId
-
-# Create the user pool client
-aws cognito-idp create-user-pool-client --user-pool-id $userPoolId --no-generate-secret --client-name webapp --region $REGION > /tmp/$POOL_NAME-create-user-pool-client
-userPoolClientId=$(grep -E '"ClientId":' /tmp/$POOL_NAME-create-user-pool-client | awk -F'"' '{print $4}')
-echo "Created user pool client with id of " $userPoolClientId
-
-# Add the user pool and user pool client id to the identity pool
-aws cognito-identity update-identity-pool --allow-unauthenticated-identities --identity-pool-id $identityPoolId --identity-pool-name $IDENTITY_POOL_NAME --cognito-identity-providers ProviderName=cognito-idp.$REGION.amazonaws.com/$userPoolId,ClientId=$userPoolClientId --region $REGION
-
-# Update cognito identity with the roles
-# If this command gives you an error, associate the roles manually
-aws cognito-identity set-identity-pool-roles --identity-pool-id $identityPoolId --roles authenticated=arn:aws:iam::$AWS_ACCOUNT:role/$ROLE_NAME_PREFIX-authenticated-role,unauthenticated=arn:aws:iam::$AWS_ACCOUNT:role/$ROLE_NAME_PREFIX-unauthenticated-role --region $REGION
 
 sleep 3
 echo "Region: " $REGION
 echo "DynamoDB: " $TABLE_NAME
 echo "Bucket name: " + $BUCKET_NAME
 echo "Identity Pool name: " $IDENTITY_POOL_NAME
-echo "Identity Pool id: " $identityPoolId
+echo "Identity Pool id: " $IDENTITY_POOL_ID
+
+
+
+
+