valdeir2000/cloudformation-http-api-jwt.yaml

## cloudformation-http-api-jwt.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: |
  Meu Primeiro Stack no AWS CloudFormation
  Capturando Token: `http --form POST https://<cognito-subdomain>.auth.<region>.amazoncognito.com/oauth2/token \
    grant_type=client_credentials \
    client_id=<client-id> \
    client_secret=<secret-id> \
    scope="HttpApiWithJWT---ResourceServerIdentifier/read"`

Resources:
  NewUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: HttpApiWithJWT---UserPool
      Policies:
        PasswordPolicy:
          MinimumLength: 6
          RequireUppercase: false
          RequireLowercase: false
          RequireNumbers: false
          RequireSymbols: false
      MfaConfiguration: 'OFF'
      DeviceConfiguration:
        ChallengeRequiredOnNewDevice: false
        DeviceOnlyRememberedOnUserPrompt: false

  UserPoolResourceServer:
    Type: AWS::Cognito::UserPoolResourceServer
    Properties:
      Identifier: HttpApiWithJWT---ResourceServerIdentifier
      Name: HttpApiWithJWT---ResourceServerName
      UserPoolId: !Ref NewUserPool
      Scopes:
        - ScopeDescription: Leitura
          ScopeName: read

  NewUserPoolClient:
    Type: AWS::Cognito::UserPoolClient
    Properties:
      UserPoolId: !Ref NewUserPool
      ClientName: HttpApiWithJWT---AppClient
      GenerateSecret: true
      ExplicitAuthFlows:
        - ALLOW_ADMIN_USER_PASSWORD_AUTH
        - ALLOW_USER_PASSWORD_AUTH
        - ALLOW_USER_SRP_AUTH
        - ALLOW_REFRESH_TOKEN_AUTH
      TokenValidityUnits:
        AccessToken: minutes
        IdToken: minutes
      RefreshTokenValidity: 30
      AccessTokenValidity: 60
      IdTokenValidity: 60
      EnableTokenRevocation: true
      PreventUserExistenceErrors: ENABLED
      SupportedIdentityProviders:
        - COGNITO
      AllowedOAuthFlows:
        - client_credentials
      AllowedOAuthScopes:
        - HttpApiWithJWT---ResourceServerIdentifier/read

  UserPoolDomain:
    Type: AWS::Cognito::UserPoolDomain
    Properties:
      Domain: haftas-first-stack
      UserPoolId: !Ref NewUserPool

  NewApi:
    Type: AWS::ApiGatewayV2::Api
    Properties:
      Name: MyFirstApiFromCloudformation
      ProtocolType: HTTP

  NewIntegrationAPI:
    Type: AWS::ApiGatewayV2::Integration
    Properties:
      ApiId: !Ref NewApi
      IntegrationType: AWS_PROXY
      PayloadFormatVersion: '2.0'
      IntegrationUri: !Join
        - ':'
        - - arn
          - aws
          - lambda
          - !Sub ${AWS::Region}
          - !Sub ${AWS::AccountId}
          - function
          - aws-http-api-jwt-dev-hello

  NewStageDefault:
    Type: AWS::ApiGatewayV2::Stage
    Properties:
      ApiId: !Ref NewApi
      StageName: $default
      AutoDeploy: true

  NewRouteForHome:
    Type: AWS::ApiGatewayV2::Route
    Properties:
      ApiId: !Ref NewApi
      RouteKey: ANY /
      Target: !Join
        - '/'
        - - integrations
          - !Ref NewIntegrationAPI
	AWSTemplateFormatVersion: '2010-09-09'
	Description: \|
	Meu Primeiro Stack no AWS CloudFormation
	Capturando Token: `http --form POST https://<cognito-subdomain>.auth.<region>.amazoncognito.com/oauth2/token \
	grant_type=client_credentials \
	client_id=<client-id> \
	client_secret=<secret-id> \
	scope="HttpApiWithJWT---ResourceServerIdentifier/read"`

	Resources:
	NewUserPool:
	Type: AWS::Cognito::UserPool
	Properties:
	UserPoolName: HttpApiWithJWT---UserPool
	Policies:
	PasswordPolicy:
	MinimumLength: 6
	RequireUppercase: false
	RequireLowercase: false
	RequireNumbers: false
	RequireSymbols: false
	MfaConfiguration: 'OFF'
	DeviceConfiguration:
	ChallengeRequiredOnNewDevice: false
	DeviceOnlyRememberedOnUserPrompt: false

	UserPoolResourceServer:
	Type: AWS::Cognito::UserPoolResourceServer
	Properties:
	Identifier: HttpApiWithJWT---ResourceServerIdentifier
	Name: HttpApiWithJWT---ResourceServerName
	UserPoolId: !Ref NewUserPool
	Scopes:
	- ScopeDescription: Leitura
	ScopeName: read

	NewUserPoolClient:
	Type: AWS::Cognito::UserPoolClient
	Properties:
	UserPoolId: !Ref NewUserPool
	ClientName: HttpApiWithJWT---AppClient
	GenerateSecret: true
	ExplicitAuthFlows:
	- ALLOW_ADMIN_USER_PASSWORD_AUTH
	- ALLOW_USER_PASSWORD_AUTH
	- ALLOW_USER_SRP_AUTH
	- ALLOW_REFRESH_TOKEN_AUTH
	TokenValidityUnits:
	AccessToken: minutes
	IdToken: minutes
	RefreshTokenValidity: 30
	AccessTokenValidity: 60
	IdTokenValidity: 60
	EnableTokenRevocation: true
	PreventUserExistenceErrors: ENABLED
	SupportedIdentityProviders:
	- COGNITO
	AllowedOAuthFlows:
	- client_credentials
	AllowedOAuthScopes:
	- HttpApiWithJWT---ResourceServerIdentifier/read

	UserPoolDomain:
	Type: AWS::Cognito::UserPoolDomain
	Properties:
	Domain: haftas-first-stack
	UserPoolId: !Ref NewUserPool

	NewApi:
	Type: AWS::ApiGatewayV2::Api
	Properties:
	Name: MyFirstApiFromCloudformation
	ProtocolType: HTTP

	NewIntegrationAPI:
	Type: AWS::ApiGatewayV2::Integration
	Properties:
	ApiId: !Ref NewApi
	IntegrationType: AWS_PROXY
	PayloadFormatVersion: '2.0'
	IntegrationUri: !Join
	- ':'
	- - arn
	- aws
	- lambda
	- !Sub ${AWS::Region}
	- !Sub ${AWS::AccountId}
	- function
	- aws-http-api-jwt-dev-hello

	NewStageDefault:
	Type: AWS::ApiGatewayV2::Stage
	Properties:
	ApiId: !Ref NewApi
	StageName: $default
	AutoDeploy: true

	NewRouteForHome:
	Type: AWS::ApiGatewayV2::Route
	Properties:
	ApiId: !Ref NewApi
	RouteKey: ANY /
	Target: !Join
	- '/'
	- - integrations
	- !Ref NewIntegrationAPI