runway.hooks.staticsite.auth_at_edge.lambda_config module

CFNgin prehook responsible for creation of Lambda@Edge functions.

runway.hooks.staticsite.auth_at_edge.lambda_config.write(context, provider, **kwargs)[source]

Writes/Uploads the configured lambdas for Auth@Edge.

Lambda@Edge does not have the ability to allow Environment variables at the time of this writing. In order to configure our lambdas with dynamic variables we first will go through and update a “shared” template with all of the configuration elements and add that to a temporary folder along with each of the individual Lambda@Edge functions. This temporary folder is then used with the CFNgin awsLambda hook to build the functions.

  • context (cfngin.Context) – The CFNgin context.

  • provider (cfngin.Provider) – The CFNgin provider.

Keyword Arguments
  • client_id (str) – The ID of the Cognito User Pool Client.

  • cookie_settings (dict) – The settings for our customized cookies.

  • http_headers (dict) – The additional headers added to our requests.

  • nonce_signing_secret_param_name (str) – SSM param name to store nonce signing secret.

  • oauth_scopes (List[str]) – The validation scopes for our OAuth requests.

  • redirect_path_auth_refresh (str) – The URL path for authorization refresh redirect (Correlates to the refresh auth lambda).

  • redirect_path_sign_in (str) – The URL path to be redirected to after sign in (Correlates to the parse auth lambda).

  • redirect_path_sign_out (str) – The URL path to be redirected to after sign out (Correlates to the root to be asked to resigning).

  • required_group (Optional[str]) – Optional User Pool group to which access should be restricted.

  • user_pool_id (str) – The ID of the Cognito User Pool.

runway.hooks.staticsite.auth_at_edge.lambda_config.get_nonce_signing_secret(param_name, context)[source]

Retrieve signing secret, generating & storing it first if not present.


Generate a random key of specified length from the allowed secret characters.


length (int) – The length of the random key.