Deploy service stack - User Authentication

From Izara Wiki
Jump to navigation Jump to search

The User Authentication stack sets up services needed to allow user account creation and access control to the different endpoints and actions for the project. It is normally the first stack that needs to be deployed.

Below are the instructions to setup the User Authentication stack, sorted in the order required to complete the process.


Front end - Test Client

(this step is optional)

Test Client can be used to sign up user accounts and send requests to the backend services, you can begin by cloning the client to your local machine ready to add Cognito and API Gateway settings.

Test Client setup instructions


Service - User Account

Most services require the AppLevel Lambda authorizer which is deployed in User Account service, so we deploy this first.

Deploy the service

Follow the Setup Production Environment instructions at User Account repository and setup instructions, but stop once you reach the Run initial setup stage, this stage requires the RBAC database to be deployed which has not been done yet.

At Update {app|rbacUser}/src/initial_setup/config.js stage you will need to set the below values.

app service:

  • Set the service name of your RBAC service in const serviceNameRbac variable
  • Set the service name of your Permission Handler service in const serviceNamePermission variable
  • Set a hard-coded superuser role_id_key in const role_id_key_superuser variable
  • In the seedDynamodbConfig() function you can update the default_role_user > config_value > role_id_key to match whichever role you want your initial user to be, this defaults to the role_id_key_superuser variable

rbacApp service:

  • Set the service name of your RBAC service in const serviceNameRbac variable
  • Three user roles are created in the default initial setup, basicuser, verifieduser, and superuser. Set their hard-coded role_id_key's in the variables role_id_key_basicuser, role_id_key_verifieduser, and role_id_key_superuser.

The initial default_role_user will normally be a superuser role, role_id_key's are hard-coded in initial setup's across multiple service deploys, these hard-coded values can be changed in the config.js for each service deployed.

Update Test Client (optional)

If you are using the Front End - Test Client to send requests you can connect it to the User Account service endpoints by:

Add the User Account API Gateway endpoint

Follow the Add apiGateway endpoint's instructions from the Test Client setup instructions, the API Gateway and Stage will match the ones used when deploying this service.

Add Cognito settings

Because the User Account is the service that creates the Cognito resources, you will probably also need to complete the Add Cognito settings, see Test Client setup instructions


Service - RBAC

Deploy the service

Follow the Setup Production Environment instructions at RBAC repository and setup instructions

At Update app/src/initial_setup/config.js stage you will need to:

  • Set the hard-coded superuser role_id_key in const role_id_key_superuser variable, this matches the value in set in User Account service

Update Test Client (optional)

If you are using the Front End - Test Client to send requests you can connect it to the RBAC service endpoints by following the Add apiGateway endpoint's instructions from the Test Client setup instructions, the API Gateway and Stage will match the ones used when deploying this service.


Service - Permission Handler

Deploy the service

Follow the Setup Production Environment instructions at Permission Handler repository and setup instructions

At Update app/src/initial_setup/config.js stage you will need to:

  • Add the service name of previously deployed RBAC service in const serviceNameRbac variable
  • Set the hard-coded superuser role_id_key in const role_id_key_superuser variable, this matches the value in set in User Account service

Update Test Client (optional)

If you are using the Front End - Test Client to send requests you can connect it to the Permission Handler service endpoints by following the Add apiGateway endpoint's instructions from the Test Client setup instructions, the API Gateway and Stage will match the ones used when deploying this service.


Service - User Account

Now that the RBAC database tables have been deployed we can continue with the Run initial setup stage in User Account repository and setup instructions


Create initial superuser (optional)

Normally you will want to create a superuser account for the project, you can do this by signing up through the Test Client, the user that signs up will get the role that was set in default_role_user setting when deploying User Account above.

After this is done you will probably want to change the default_role_user to a new value, the role you want new users to be assigned when they sign up, to do this:

  • find the role_id_key of the new role you want to set, you should be able to find this in the initial data created in the RBAC service's app/src/initial_setup/config.js file
  • Navigate in AWS console to DynamoDB service
  • Select the Config table for your User Account service
  • Find the Item (record) for default_role_user ("config_key" = "service_config", "config_tag": "default_role_user")
  • Edit the Item (record) and set the config_value > role_id_key to the new value and save
Retrieved from "https://izara.io/wiki/index.php?title=Deploy_service_stack_-_User_Authentication&oldid=166"