Fixed review comments

aws-samples · Jan 5, 2024 · 77585ca · 77585ca
1 parent 269396d
commit 77585ca
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/apigw-websocket-api-lambda-authorizer/Readme.md b/apigw-websocket-api-lambda-authorizer/Readme.md
@@ -1,6 +1,6 @@
 # WebSocket API Cognito Authentication using Lambda Authorizer
 
-This pattern demonstrates how to integrate Cognito authentication with Amazon API Gateway WebSocket API.
+This pattern demonstrates how to integrate Amazon Cognito authentication with Amazon API Gateway WebSocket API.
 
 It includes the Lambda implementations for Lambda Authorizer, Lambda functions for $connect, $disconnect and custom route, and AWS Serverless Application Model (SAM) code to deploy backend infrastructure.
 
@@ -48,13 +48,15 @@ API Gateway Websocket API doesn't support [Cognito authorizer](https://docs.aws.
 In order to test, follow the steps given below:
 
 ### Step 1. Create a user in Cognito user pool
+> Note: For production workloads, you should use a strong password; the password given below is simply for demonstration purposes.
+
 ```bash
 # perform sign-up
 aws cognito-idp sign-up \
   --region YOUR_COGNITO_REGION \
   --client-id YOUR_COGNITO_APP_CLIENT_ID  \
   --username [email protected] \
-  --password Passw0rd!
+  --password Passw0rd! 
 
 # confirm sign-up  
 aws cognito-idp admin-confirm-sign-up \

diff --git a/apigw-websocket-api-lambda-authorizer/src/LambdaAuthorizer/Readme.md b/apigw-websocket-api-lambda-authorizer/src/LambdaAuthorizer/Readme.md
@@ -3,6 +3,7 @@
 This starter project consists of:
 * Function.cs - class file containing a class with a single function handler method
 * aws-lambda-tools-defaults.json - default argument settings for use with Visual Studio and command line deployment tools for AWS
+* CognitoJwtVerifier - class file to verify ID and access JWT tokens obtained from Amazon Cognito 
 
 You may also have a test project depending on the options selected.
 

diff --git a/apigw-websocket-api-lambda-authorizer/template.yaml b/apigw-websocket-api-lambda-authorizer/template.yaml
@@ -77,7 +77,10 @@ Resources:
         - Statement:
             Effect: Allow
             Action: execute-api:ManageConnections
-            Resource: arn:aws:execute-api:*:*:*/@connections/*
+            Resource: !Sub 
+            - arn:aws:execute-api:${region}:{accountId}:*/@connections/*
+            - region: !Ref 'AWS::Region'
+              accountId: !Ref 'AWS:AccountId'
       Environment:
         Variables:
           TABLE_NAME: !Ref 'ConnectionMappingTableName'