A CloudFormation custom resource provider for managing Auth0.com resources. When you deploy applications in Amazon ECS which uses Auth0.com for authentication and authorization, you need to configure Auth0 Clients and Resource Servers (APIs). With this Custom CloudFormation Provider you can deploy applications, ECS Services and the Auth0 configuration from a single Cloudformation module.
The provider supports both the Auth0 resources from the:
- Management API through Custom::Auth0.
- Authorization extension API through Custom::Authz0.
To install the custom resource provider, you first need to create an non-interactive application in Auth0 which is allowed to invoke the Auth0 Management API.
Please get an Auth0 administration API token manually, and set the following environment variables:
export AUTH0_API_TOKEN=
Unfortunately, we cannot add the authorization extension programmatically. Please follow the Auth0 Authorization Extension installation instructions and set the environment variable AUTH0_AUTHZ_API to point to the API.
export AUTH0_AUTHZ_API=<url of the authorization extension API>
At the moment of writing, the URL for the installation Authorization Extension version 2.4 is:
export AUTH0_AUTHZ_API=https://${AUTH0_DOMAIN}/auth0.com/webtask.io/adf6e2f2b84784b57522e3b19dfc9201
Now create the application, by typing:
./bin/create-custom-auth0-provider-application -d $AUTH0_DOMAIN \
-p $AWS_DEFAULT_PROFILE \
-r $AWS_DEFAULT_REGION \
-u $AUTH0_AUTHZ_URL
This script will create the application in Auth0 and store its credentials of this application in the
Parameter Store under
/cfn-auth0-provider/tenant, /cfn-auth0-provider/client_id and /cfn-auth0-provider/client_secret
respectively. The Authorization extension API URL will be stored under /cfn-auth0-provider/authorization_url
To deploy the provider, type:
aws cloudformation create-stack \
--capabilities CAPABILITY_IAM \
--stack-name cfn-auth0-provider \
--template-body file://cloudformation/cfn-auth0-provider.json
aws cloudformation wait stack-create-complete --stack-name cfn-auth0-providerThis CloudFormation template will use our pre-packaged provider from 463637877380.dkr.ecr.eu-central-1.amazonaws.com/xebia/cfn-auth0-provider:2.0.0.