Revert "Revert "Enable custom service endpoints for sample application""

Author: whummer

.gitignore

@@ -8,6 +8,7 @@
 /node_modules
 /src/bower_components
 /public/bower_components
+package-lock.json
 
 # IDEs and editors
 /.idea

README.md

@@ -94,4 +94,18 @@ eb deploy
 eb open
 ```
 
+## Local Testing
 
+This section contains instructions on how to test the application locally (using mocked services instead of the real AWS services).
+
+### LocalStack
+
+To test this application using [LocalStack](https://github.com/localstack/localstack), you can use the `awslocal` CLI (https://github.com/localstack/awscli-local).
+```
+pip install awscli-local
+```
+Simply parameterize the `./createResources.sh` installation script with `aws_cmd=awslocal`:
+```
+cd aws; aws_cmd=awslocal ./createResources.sh
+```
+Once the code is deployed to the local S3 server, the application is accessible via http://localhost:4572/cognitosample-localapp/index.html (Assuming "localapp" has been chosen as resource name in the previous step)

aws/createResources.sh

@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+aws_cmd=${aws_cmd:-aws}
+
 # Bucket name must be all lowercase, and start/end with lowecase letter or number
 # $(echo...) code to work with versions of bash older than 4.0
 
@@ -24,64 +26,63 @@ IDENTITY_POOL_ID=""
 USER_POOL_ID=""
 USER_POOL_CLIENT_ID=""
 
-
 createCognitoResources() {
     # Create a Cognito Identity and Set roles
-    aws cognito-identity create-identity-pool --identity-pool-name $IDENTITY_POOL_NAME --allow-unauthenticated-identities --region $REGION| grep IdentityPoolId | awk '{print $2}' | xargs |sed -e 's/^"//'  -e 's/"$//' -e 's/,$//' > /tmp/poolId
+    $aws_cmd cognito-identity create-identity-pool --identity-pool-name $IDENTITY_POOL_NAME --allow-unauthenticated-identities --region $REGION| grep IdentityPoolId | awk '{print $2}' | xargs |sed -e 's/^"//'  -e 's/"$//' -e 's/,$//' > /tmp/poolId
     IDENTITY_POOL_ID=$(cat /tmp/poolId)
     echo "Created an identity pool with id of " $IDENTITY_POOL_ID
 
     # Create an IAM role for unauthenticated users
     cat unauthrole-trust-policy.json | sed 's/IDENTITY_POOL/'$IDENTITY_POOL_ID'/' > /tmp/unauthrole-trust-policy.json
-    aws iam create-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role --assume-role-policy-document file:///tmp/unauthrole-trust-policy.json > /tmp/iamUnauthRole
+    $aws_cmd iam create-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role --assume-role-policy-document file:///tmp/unauthrole-trust-policy.json > /tmp/iamUnauthRole
     if [ $? -eq 0 ]
     then
         echo "IAM unauthenticated role successfully created"
     else
         echo "Using the existing role ..."
-        aws iam get-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role  > /tmp/iamUnauthRole
-        aws iam update-assume-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-document file:///tmp/unauthrole-trust-policy.json
+        $aws_cmd iam get-role --role-name $ROLE_NAME_PREFIX-unauthenticated-role  > /tmp/iamUnauthRole
+        $aws_cmd iam update-assume-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-document file:///tmp/unauthrole-trust-policy.json
     fi
-    aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-name CognitoPolicy --policy-document file://unauthrole.json
+    $aws_cmd iam put-role-policy --role-name $ROLE_NAME_PREFIX-unauthenticated-role --policy-name CognitoPolicy --policy-document file://unauthrole.json
 
     # Create an IAM role for authenticated users
     cat authrole-trust-policy.json | sed 's/IDENTITY_POOL/'$IDENTITY_POOL_ID'/' > /tmp/authrole-trust-policy.json
-    aws iam create-role --role-name $ROLE_NAME_PREFIX-authenticated-role --assume-role-policy-document file:///tmp/authrole-trust-policy.json > /tmp/iamAuthRole
+    $aws_cmd iam create-role --role-name $ROLE_NAME_PREFIX-authenticated-role --assume-role-policy-document file:///tmp/authrole-trust-policy.json > /tmp/iamAuthRole
     if [ $? -eq 0 ]
     then
         echo "IAM authenticated role successfully created"
     else
         echo "Using the existing role ..."
-        aws iam get-role --role-name $ROLE_NAME_PREFIX-authenticated-role  > /tmp/iamAuthRole
-        aws iam update-assume-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-document file:///tmp/authrole-trust-policy.json
+        $aws_cmd iam get-role --role-name $ROLE_NAME_PREFIX-authenticated-role  > /tmp/iamAuthRole
+        $aws_cmd iam update-assume-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-document file:///tmp/authrole-trust-policy.json
     fi
     cat authrole.json | sed 's~DDB_TABLE_ARN~'$DDB_TABLE_ARN'~' > /tmp/authrole.json
-    aws iam put-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-name CognitoPolicy --policy-document file:///tmp/authrole.json
+    $aws_cmd iam put-role-policy --role-name $ROLE_NAME_PREFIX-authenticated-role --policy-name CognitoPolicy --policy-document file:///tmp/authrole.json
 
     # Create the user pool
-    aws cognito-idp create-user-pool --pool-name $POOL_NAME --auto-verified-attributes email --policies file://user-pool-policy.json --region $REGION > /tmp/$POOL_NAME-create-user-pool
+    $aws_cmd cognito-idp create-user-pool --pool-name $POOL_NAME --auto-verified-attributes email --policies file://user-pool-policy.json --region $REGION > /tmp/$POOL_NAME-create-user-pool
     USER_POOL_ID=$(grep -E '"Id":' /tmp/$POOL_NAME-create-user-pool | awk -F'"' '{print $4}')
     echo "Created user pool with an id of " $USER_POOL_ID
 
     # Create the user pool client
-    aws cognito-idp create-user-pool-client --user-pool-id $USER_POOL_ID --no-generate-secret --client-name webapp --region $REGION > /tmp/$POOL_NAME-create-user-pool-client
+    $aws_cmd cognito-idp create-user-pool-client --user-pool-id $USER_POOL_ID --no-generate-secret --client-name webapp --region $REGION > /tmp/$POOL_NAME-create-user-pool-client
     USER_POOL_CLIENT_ID=$(grep -E '"ClientId":' /tmp/$POOL_NAME-create-user-pool-client | awk -F'"' '{print $4}')
     echo "Created user pool client with id of " $USER_POOL_CLIENT_ID
 
     # Add the user pool and user pool client id to the identity pool
-    aws cognito-identity update-identity-pool --allow-unauthenticated-identities --identity-pool-id $IDENTITY_POOL_ID --identity-pool-name $IDENTITY_POOL_NAME \
+    $aws_cmd cognito-identity update-identity-pool --allow-unauthenticated-identities --identity-pool-id $IDENTITY_POOL_ID --identity-pool-name $IDENTITY_POOL_NAME \
         --cognito-identity-providers ProviderName=cognito-idp.$REGION.amazonaws.com/$USER_POOL_ID,ClientId=$USER_POOL_CLIENT_ID --region $REGION \
         > /tmp/$IDENTITY_POOL_ID-add-user-pool
 
     # Update cognito identity with the roles
     UNAUTH_ROLE_ARN=$(perl -nle 'print $& if m{"Arn":\s*"\K([^"]*)}' /tmp/iamUnauthRole | awk -F'"' '{print $1}')
     AUTH_ROLE_ARN=$(perl -nle 'print $& if m{"Arn":\s*"\K([^"]*)}' /tmp/iamAuthRole | awk -F'"' '{print $1}')
-    aws cognito-identity set-identity-pool-roles --identity-pool-id $IDENTITY_POOL_ID --roles authenticated=$AUTH_ROLE_ARN,unauthenticated=$UNAUTH_ROLE_ARN --region $REGION
+    $aws_cmd cognito-identity set-identity-pool-roles --identity-pool-id $IDENTITY_POOL_ID --roles authenticated=$AUTH_ROLE_ARN,unauthenticated=$UNAUTH_ROLE_ARN --region $REGION
 }
 
 createDDBTable() {
     # Create DDB Table
-    aws dynamodb create-table \
+    $aws_cmd dynamodb create-table \
         --table-name $TABLE_NAME \
         --attribute-definitions \
             AttributeName=userId,AttributeType=S \
@@ -96,7 +97,7 @@ createDDBTable() {
         echo "DynamoDB table successfully created"
     else
         echo "Using the existing table ..."
-        aws dynamodb describe-table --table-name $TABLE_NAME > /tmp/dynamoTable
+        $aws_cmd dynamodb describe-table --table-name $TABLE_NAME > /tmp/dynamoTable
     fi
 
     DDB_TABLE_ARN=$(perl -nle 'print $& if m{"TableArn":\s*"\K([^"]*)}' /tmp/dynamoTable | awk -F'"' '{print $1}')
@@ -128,7 +129,7 @@ EOT
 
 createS3Bucket() {
     # Create the bucket
-    aws s3 mb s3://$BUCKET_NAME/ --region $REGION 2>/tmp/s3-mb-status
+    $aws_cmd s3 mb s3://$BUCKET_NAME/ --region $REGION 2>/tmp/s3-mb-status
     status=$?
 
     if [ $status -eq 0 ]
@@ -152,19 +153,19 @@ createS3Bucket() {
 
 uploadS3Bucket() {
     # Add the ‘website’ configuration and bucket policy
-    aws s3 website s3://$BUCKET_NAME/ --index-document index.html --error-document index.html  --region $REGION
+    $aws_cmd s3 website s3://$BUCKET_NAME/ --index-document index.html --error-document index.html  --region $REGION
     cat s3-bucket-policy.json | sed 's/BUCKET_NAME/'$BUCKET_NAME'/' > /tmp/s3-bucket-policy.json
-    aws s3api put-bucket-policy --bucket $BUCKET_NAME --policy file:///tmp/s3-bucket-policy.json  --region $REGION
+    $aws_cmd s3api put-bucket-policy --bucket $BUCKET_NAME --policy file:///tmp/s3-bucket-policy.json  --region $REGION
     #Build the project and sync it up to the bucket
     if [ ! -d "$NPM_DIR" ]; then
         npm install
     fi
     cd ..
     echo "Building the project"
-    ng build
+    ng build $( if [ "$aws_cmd" == "awslocal" ]; then echo "--base-href /$BUCKET_NAME/"; fi )
     cd -
     echo "Syncing files to the S3 bucket from " $ROOT_DIR/dist/
-    aws s3 sync $ROOT_DIR/dist/ s3://$BUCKET_NAME/  --region $REGION
+    $aws_cmd s3 sync $ROOT_DIR/dist/ s3://$BUCKET_NAME/  --region $REGION
 }
 
 printConfig() {
@@ -207,7 +208,13 @@ export const environment = {
     albumName: "usercontent",
     bucketRegion: '$REGION',
 
-    ddbTableName: '$TABLE_NAME'
+    ddbTableName: '$TABLE_NAME',
+
+    cognito_idp_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4590'; fi )',
+    cognito_identity_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4591'; fi )',
+    sts_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4592'; fi )',
+    dynamodb_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4569'; fi )',
+    s3_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4572'; fi )'
 };
 
 EOF
@@ -228,7 +235,13 @@ export const environment = {
     albumName: "usercontent",
     bucketRegion: '$REGION',
 
-    ddbTableName: '$TABLE_NAME'
+    ddbTableName: '$TABLE_NAME',
+
+    cognito_idp_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4590'; fi )',
+    cognito_identity_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4591'; fi )',
+    sts_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4592'; fi )',
+    dynamodb_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4569'; fi )',
+    s3_endpoint: '$( if [ "$aws_cmd" == "awslocal" ]; then echo 'http://localhost:4572'; fi )'
 };
 
 EOF

src/app/service/cognito.service.ts

@@ -8,6 +8,7 @@ import {
     CognitoUserPool
 } from "amazon-cognito-identity-js";
 import * as AWS from "aws-sdk/global";
+import * as awsservice from "aws-sdk/lib/service";
 import * as CognitoIdentity from "aws-sdk/clients/cognitoidentity";
 
 
@@ -37,14 +38,17 @@ export class CognitoUtil {
     public static _USER_POOL_ID = environment.userPoolId;
     public static _CLIENT_ID = environment.clientId;
 
-    public static _POOL_DATA = {
+    public static _POOL_DATA:any = {
         UserPoolId: CognitoUtil._USER_POOL_ID,
         ClientId: CognitoUtil._CLIENT_ID
     };
 
     public cognitoCreds: AWS.CognitoIdentityCredentials;
 
     getUserPool() {
+        if (environment.cognito_idp_endpoint) {
+            CognitoUtil._POOL_DATA.endpoint = environment.cognito_idp_endpoint;
+        }
         return new CognitoUserPool(CognitoUtil._POOL_DATA);
     }
 
@@ -71,13 +75,20 @@ export class CognitoUtil {
 
     buildCognitoCreds(idTokenJwt: string) {
         let url = 'cognito-idp.' + CognitoUtil._REGION.toLowerCase() + '.amazonaws.com/' + CognitoUtil._USER_POOL_ID;
+        if (environment.cognito_idp_endpoint) {
+            url = environment.cognito_idp_endpoint + '/' + CognitoUtil._USER_POOL_ID;
+        }
         let logins: CognitoIdentity.LoginsMap = {};
         logins[url] = idTokenJwt;
         let params = {
             IdentityPoolId: CognitoUtil._IDENTITY_POOL_ID, /* required */
             Logins: logins
         };
-        let creds = new AWS.CognitoIdentityCredentials(params);
+        let serviceConfigs : awsservice.ServiceConfigurationOptions = {};
+        if (environment.cognito_identity_endpoint) {
+            serviceConfigs.endpoint = environment.cognito_identity_endpoint;
+        }
+        let creds = new AWS.CognitoIdentityCredentials(params, serviceConfigs);
         this.setCognitoCreds(creds);
         return creds;
     }

src/app/service/ddb.service.ts

@@ -31,7 +31,11 @@ export class DynamoDBService {
             }
         };
 
-        var docClient = new DynamoDB.DocumentClient();
+        var clientParams:any = {};
+        if (environment.dynamodb_endpoint) {
+            clientParams.endpoint = environment.dynamodb_endpoint;
+        }
+        var docClient = new DynamoDB.DocumentClient(clientParams);
         docClient.query(params, onQuery);
 
         function onQuery(err, data) {
@@ -60,9 +64,14 @@ export class DynamoDBService {
 
     write(data: string, date: string, type: string): void {
         console.log("DynamoDBService: writing " + type + " entry");
-        var DDB = new DynamoDB({
+
+        let clientParams:any = {
             params: {TableName: environment.ddbTableName}
-        });
+        };
+        if (environment.dynamodb_endpoint) {
+            clientParams.endpoint = environment.dynamodb_endpoint;
+        }
+        var DDB = new DynamoDB(clientParams);
 
         // Write the item to the table
         var itemParams =

src/app/service/s3.service.ts

@@ -19,11 +19,15 @@ export class S3Service {
             region: environment.bucketRegion,
         });
 
-        var s3 = new S3({
+        let clientParams:any = {
             region: environment.bucketRegion,
             apiVersion: '2006-03-01',
             params: {Bucket: environment.rekognitionBucket}
-        });
+        };
+        if (environment.s3_endpoint) {
+            clientParams.endpoint = environment.s3_endpoint;
+        }
+        var s3 = new S3(clientParams);
 
         return s3
     }

src/app/service/user-login.service.ts

@@ -1,3 +1,4 @@
+import {environment} from "../../environments/environment";
 import {Injectable} from "@angular/core";
 import {DynamoDBService} from "./ddb.service";
 import {CognitoCallback, CognitoUtil, LoggedInCallback} from "./cognito.service";
@@ -48,7 +49,11 @@ export class UserLoginService {
                 // If the first SDK call we make wants to use our IdentityID, we have a
                 // chicken and egg problem on our hands. We resolve this problem by "priming" the AWS SDK by calling a
                 // very innocuous API call that forces this behavior.
-                let sts = new STS();
+                let clientParams:any = {};
+                if (environment.sts_endpoint) {
+                    clientParams.endpoint = environment.sts_endpoint;
+                }
+                let sts = new STS(clientParams);
                 sts.getCallerIdentity(function (err, data) {
                     console.log("UserLoginService: Successfully set the AWS credentials");
                     callback.cognitoCallback(null, result);