Custom Amazon Cognito Messages to Phones or E-Mails

To create a custom message for Cognito do the following:

  1. Create a new lambda function NodeJS
  2. Go to your Amazon Cognito User Pool Triggers and assign your new lambda function to the “Custom Message” section.
  3. Choose which messages you want to modify
    1. The available options are(there might be more)
      1. CustomMessage_AdminCreateUser
      2. CustomMessage_ResendCode
      3. CustomMessage_ForgotPassword
        1. NOTICE: when setting the verification code for the forgot password you must have the following data in your emailMessage: {####}
          1. If you don’t have this AWS Cognito will replace your message content with it’s default.
      4. CustomMessage_UpdateUserAttribute
      5. CustomMessage_VerifyUserAttribute
      6. CustomMessage_Authentication
      7. More info: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-lambda-trigger-syntax-shared.html

 

Sample code below:

const https = require("https");

    //if(event.userPoolId === "theSpecialUserPool") {
        // Identify why was this function invoked
        if(event.triggerSource === "CustomMessage_AdminCreateUser") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Welcome to the service. Your user name is " + event.request.usernameParameter + " Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Welcome to the service";
            event.response.emailMessage = "Welcome to the service. Your user name is " + event.request.usernameParameter + " Your temporary password is " + event.request.codeParameter;
        }

        if(event.triggerSource === "CustomMessage_ForgotPassword") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Forgot password";
            event.response.emailMessage = "Your temporary password is " + event.request.codeParameter;
        }

        if(event.triggerSource === "CustomMessage_UpdateUserAttribute") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Verify email";
            event.response.emailMessage = "Your temporary password is " + event.request.codeParameter;
        }

        if(event.triggerSource === "CustomMessage_VerifyUserAttribute") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Verify email";
            event.response.emailMessage = "Your temporary password is " + event.request.codeParameter;
        }

        if(event.triggerSource === "CustomMessage_ForgotPassword") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Verify email";
            event.response.emailMessage = "Your temporary password is " + event.request.codeParameter;
        }

        if(event.triggerSource === "CustomMessage_Authentication") {
            // Ensure that your message contains event.request.codeParameter event.request.usernameParameter. This is the placeholder for the code and username that will be sent to your user.
            event.response.smsMessage = "Your temporary password is " + event.request.codeParameter;
            event.response.emailSubject = "Verify email";
            event.response.emailMessage = "Your temporary password is " + event.request.codeParameter;
        }
        // Create custom message for other events
    //}
    // Customize messages for other user pools

    //

    // Return result to Cognito
    context.done(null, event);
};

For example you can use the following for custom email verification messages.

Advertisements

Helper Scripts for Docker, git and Java developers

Hi,

Here are some of my own scripts that I use when developing to ease my life:

Building a Java Gradle project, then building a docker image and pushing it

./gradlew test
if [ $? -eq 0 ]; then
    echo Tests OK
    gradle clean
    gradle generateGitProperties
    gradle bootRepackage
    ./cleandocker.sh
    docker rmi {your image name + tag}
    docker build -t {your image name + tag} .
    ./dockerregistrylogin.sh
    docker push {your image name + tag}
else
    echo Tests Failed
    exit 1
fi

Clean docker from all running containers and stopped ones

echo "Stoping all containers"
docker stop $(docker ps -a -q)
echo "Removing all containers"
docker rm $(docker ps -a -q)
echo "Starting dev environment"

Commit your code to git after gradle tests are successfull

./gradlew test
if [ $? -eq 0 ]; then
    echo Tests OK
    git add .
    git commit -m "$1"
    git push
else
    echo Tests Failed
    exit 1
fi

Merge your branch with your master

git checkout master
git pull origin master
git merge dev -m "$1"
git push origin master
git checkout dev

This one is for AWS Developers to run and get the AWS ECR docker login

#Notice: To use a certain profile for login define additional profiles like this: aws configure --profile awscli

function doAwsDockerRegistryLogin()
{
    local  myresult=$(aws ecr get-login --no-include-email --region eu-central-1 --profile awscli)
    echo "$myresult"
}

result=$(doAwsDockerRegistryLogin)   # or result=`myfunc`
eval $result

 

AWS ECS Docker container and load balancing with service discovery

If you have a micro service architecture in AWS and you want to direct trafifc and balance the traffic you need and Elastic Load Balancer with target groups.

To my experiment this is what you need to do in order to direct traffic from a single ELB FQDN to multiple applications/containers.

This setup assumes that you have a one webapp/client and one or more back-end services to which the client talks to.

The steps:

  1.  Make sure that your container have a host port defined of 0. This will make ECS service automatically assign a dynamic port.
  2. Create a target group for each application (client app and all back-end services)
  3. Create the ELB and add rules to your listener, or example:
    1. ClientApp: no rules here, all traffic is assumed to go to the root of the DNS
    2. Backend services: IF rule with path rule of something like “/api/myapi* and associate the wanted target group
      1. This will redirect all traffic that contain /api/myapi to the designated target group
  4. Next go to ECS and in your cluster create a service or each client and back-end service that you want to redirect traffic. The reason you have to create a service or each app is that you can only associate one ELB and Target Group for each container and it’s port, even if you have multiple container in your task definition only one container can capture your traffic unless you do other configuration in your docker host.

 

 

Gradle + Java: Multi projects

Here are a few tips for making a Java multi project work with Gradle:

Step 1

Create a settings.gradle file in your main project and add this with your changes:

include(‘:{my secondary project name here}’)
// Uncomment the line below if your secondary project is in a different path than the main project
// project(“:{my secondary project name here}”).projectDir = file(“../{my secondary project folder name one level up, on the same level as the main project”)
rootProject.name = ‘my main project name here’

Step 2

Associate the secondary project with your main project:

Go to your main project build.gradle file and add the following:

dependencies {
compile project(‘:{my secondary project name here}’)
}

 Step 3: Extra

This is just extra: If you want to simply refer a local library file in your main project you do this:

dependencies {
compile files(‘lib/{my library name}.jar’)
testCompile files(‘lib/{my library name}.jar’)
}

 

Spring Boot CORS Bean

Hi,

Here is a code sample for enabling CORS for your Spring Boot application.

In the example below it is assumed that you have your configurations for allowed methods, origins etc somewhere configured and passed. In this case a cors setting class.

@Bean
    public FilterRegistrationBean corsFilterRegistrationBean() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(Arrays.asList(this.corsSettings.getOrigin().split(",")));
        configuration.setAllowedMethods(Arrays.asList(this.corsSettings.getMethods().split(",")));
        List<String> headers = Arrays.asList(this.corsSettings.getHeaders().split(","));
        for (String header: headers
             ) {
            configuration.addAllowedHeader(header);

        }
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }

Creating self-signed certificates for AWS(or Azure)

Ok you can use openssl to create a self-signed cert:

openssl genrsa 2048 > privatekey.pem
openssl req -new -key privatekey.pem -out csr.pem
openssl x509 -req -days 365 -in csr.pem -signkey privatekey.pem -out server.crt
Then you can upload it to AWS by:
aws iam upload-server-certificate –server-certificate-name {certname} –certificate-body file://server.crt –private-key file://privatekey.pem
Simple :).