IronCore864 opened a new issue, #4697: URL: https://github.com/apache/incubator-devlake/issues/4697
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/incubator-devlake/issues?q=is%3Aissue) and found no similar feature requirement. ### Use case As a DevLake SaaS user, I want to deploy DevLake in an AWS account (for example, inside an EKS cluster) and only allow logged-in users to access my DevLake environment (config UI, dashboard). I want to use AWS Cognito as the identity provider to store user information, and I want to allow users to change passwords themselves. I want to protect the backend API as well: only authenticated users are allowed to access backend APIs. ### Description ### Description - Add a user login page that is integrated with AWS Cognito. - Only users logged in successfully can access config UI and the dashboard. - Authn should be enabled on the Backend API, too; requests without authn header should be denied. ### Solution - Create an AWS Cognito user pool. - Use aws-amplify to add a login page to config-ui/dashboard. - Create an API gateway integrated with the Cognito user pool and the backend APIs. - All APIs should have authentication by default. - After logging in, the frontend can get an id_token from Cognito, which will be used in turn as the authn header to access the API gateway. ### Deliverable - login page PR, config-ui/dashboard code change PR - a list of APIs that should have authn - Terraform module to deploy Cognito user pool, with doc to create users - Terraform module to deploy API gateway, integrated with Cognito, with doc to create API using Terraform ### Related issues _No response_ ### Are you willing to submit a PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
