bc-serverservice AWS

This is a user service which maps AWS Cognito users and groups into BeyondCron users and roles.

Environment variables

AWS_CONFIG Name of a configuration file containing AWS user service configuration variables. If not an absolute file name, BeyondCron will search BEYONDCRON_DIR_CONFIG, the directory in which bc-server was started, and ~/.AWS_CONFIG for this file
. Default is aws.dat
AWS_ACCESS_KEY_ID AWS access key ID. Default is derived by the default credential provider chain.
AWS_SECRET_ACCESS_KEY AWS access key secret. Default is derived by the default credential provider chain.
AWS_REGION AWS region. Default is the derived by the default region provider chain.

Configuration variables

The following configuration variables can be defined within the AWS_CONFIG file, or as environment variables.

AWS_COGNITO_CLIENT_ADMIN_ID Cognito admin app client id. This app client is used for authenticating users, and must be created without a secret and ADMIN_NO_SRP_AUTH enabled.
AWS_COGNITO_CLIENT_RESET_ID Cognito password reset app client id. This app client is for restting user passwords, and requires a a secret. Setting of ADMIN_NO_SRP_AUTH is not requried.
AWS_COGNITO_CLIENT_RESET_SECRET Reset app client secret.
AWS_COGNITO_POOL_ID Cognito user pool id.
AWS_COGNITO_REFRESH_PERIOD Period in minutes after which the Cognito user/group → BeyondCron user/role mappings are refreshed. The command user service can be used to refresh on demand. Default is 15 minutes.
BEYONDCRON_USER_SERVICE_USER_CREATE Allow BeyondCron to create new users. Default is false.
BEYONDCRON_USER_SERVICE_USER_VALIDATE Allow BeyondCron to validate users, rather than requring validation via a welcome email. Default is false.
BEYONDCRON_USER_SERVICE_PASSWORD_CHANGE Allow users to change their password using BeyondCron. Default is false.
BEYONDCRON_USER_SERVICE_PASSWORD_RESET Allow user to reset their password using BeyondCron. Default is false.

Pool attributes

This service requires the attributes to be defined for the user pool.

Attribute Type Min length Max length Mutable
email standard
given_name stanard
family_name stanard
data custom string 0 2048 yes

See also

  • service user AD
  • service user Unix