Add documentation for odds, ends, and gotchas #5
Conversation
docs/THE_INSIDE_STORY.md
Outdated
| confusing UI, I believe an AWS support engineer did submit a request to change | ||
| it so the info box goes away when everything is correctly configured. | ||
|
|
||
| Where to configure the base URL |
There was a problem hiding this comment.
should this line be formatted as a ## title (then adjusting the below title too)?
There was a problem hiding this comment.
Oooh good catch, I think this was a note from me while writing the doc, should be removed now! TY!
There was a problem hiding this comment.
Feels like I'm becoming privy to some classified information.
| This code functions to bring together AWS Cognito with AWS Connect using the | ||
| Lambda defined in the | ||
| [Custom AWS IDP](https://github.com/newjersey/custom-aws-idp) | ||
| repo. It utilizes Cognito's | ||
| [Hosted UI](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-hosted-ui-user-sign-in.html) | ||
| so that the baseline login security is fully managed by AWS (with JWTs | ||
| containing login session metadata). In order to send invite-emails to new users | ||
| and manage password resetting, AWS Simple Email Service (SES) has been used to | ||
| register a verified domain and a verified email. The Cognito User Pool is also | ||
| configured to require MFA. One of those MFA methods is allowed to be SMS, and | ||
| setting up the phone number for those text messages is done in Amazon Simple | ||
| Notification Service (SNS) and Amazon Pinpoint / Pinpoint SMS. | ||
|
|
||
| To make this all work took some unintuitive steps and some long lead times, so | ||
| this document serves to help anyone in the future trying to replicate or emulate | ||
| some parts of this system as well as to update the right things if this system | ||
| changes. |
There was a problem hiding this comment.
This may just be me, but I feel like it'll be more readable in a bulleted list, each bullet corresponding to a service?
| ## Generating (and handling) a valid SAML Response | ||
|
|
||
| As described in the README for Custom AWS IDP, there was a lot of difficulty | ||
| generating a valid, signed SAML Response which AWS could consume. As well, |
There was a problem hiding this comment.
Grammatically, the "As well" feels off here, maybe "Also"? Similarly below, maybe I just haven't heard that
| ## Setting up emails | ||
|
|
||
| We wanted to set up Cognito's *Messaging* configuration so that users would be | ||
| able to get an invitation-email with their first (temporary) password and also |
There was a problem hiding this comment.
invitation email, perhaps no need for hyphen
|
|
||
| We wanted to set up Cognito's *Messaging* configuration so that users would be | ||
| able to get an invitation-email with their first (temporary) password and also | ||
| so that users could receive emails to help for forgotten-password resets. As it |
There was a problem hiding this comment.
I'm going to leave this one, I agree about the above hyphen, but I think this one is good to have to help explain the type or reset.
| able to get an invitation-email with their first (temporary) password and also | ||
| so that users could receive emails to help for forgotten-password resets. As it | ||
| turned out, this was much harder than it seemed, requiring enough understanding | ||
| of email security and the AWS Email Service (SES) to get to the point where |
There was a problem hiding this comment.
Simple Email Service to avoid confusion?
No description provided.