software.amazon.jsii.JsiiObject

software.constructs.Construct

com.cloudforgeci.api.core.annotation.BaseFactory

com.cloudforgeci.api.security.CognitoAuthenticationFactory

All Implemented Interfaces:: software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

public class CognitoAuthenticationFactory extends BaseFactory

Manages AWS Cognito User Pools for OIDC authentication.

Quick Start:

 {
   "authMode": "alb-oidc",
   "cognitoAutoProvision": true,
   "cognitoDomainPrefix": "myapp-auth",
   "cognitoMfaEnabled": true,
   "cognitoMfaMethod": "both"  // TOTP + SMS
 }

Features:

Auto-provision User Pools with security best practices
OAuth 2.0 App Client for ALB OIDC integration
MFA support: TOTP (authenticator apps) and SMS
User groups with role-based access control
Compliance-ready (PCI-DSS, HIPAA, SOC 2, GDPR)

MFA Configuration:

"totp" - Authenticator apps only (Google Authenticator, Authy)
"sms" - Text message codes (requires AWS SMS spending limit > $0)
"both" - Users choose their preferred method (default)

SMS Requirements: AWS accounts default to $0/month SMS spending limit. To enable SMS MFA: AWS Console → Service Quotas → Amazon SNS → "Account spending limit for SMS" → Request increase to $1-$10/month

Removal Policy: Production User Pools are RETAINED on stack deletion to prevent data loss. Reuse with cognitoUserPoolId in deployment context.

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default, software.constructs.IConstruct.Jsii$Proxy
Field Summary

Fields inherited from class com.cloudforgeci.api.core.annotation.BaseFactory
cfc, config, ctx
Constructor Summary

Constructors

Constructor

Description

CognitoAuthenticationFactory(software.constructs.Construct scope, String id)
Method Summary

Modifier and Type

Method

Description

void

create()

Abstract method that must be implemented by all factory subclasses.

Methods inherited from class com.cloudforgeci.api.core.annotation.BaseFactory
getDeploymentContext, getSecurityProfileConfiguration, getSystemContext

Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString

Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Constructor Details
- CognitoAuthenticationFactory
  
  public CognitoAuthenticationFactory(software.constructs.Construct scope, String id)
Method Details
- create
  
  public void create()
  
  Description copied from class: BaseFactory
  
  Abstract method that must be implemented by all factory subclasses. This method should contain the actual infrastructure creation logic.
  
  Specified by:
  
  create in class BaseFactory

Class CognitoAuthenticationFactory

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

Nested classes/interfaces inherited from interface software.constructs.IConstruct

Field Summary

Fields inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

Constructor Summary

Method Summary

Methods inherited from class com.cloudforgeci.api.core.annotation.BaseFactory

Methods inherited from class software.constructs.Construct

Methods inherited from class software.amazon.jsii.JsiiObject

Methods inherited from class java.lang.Object

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Constructor Details

CognitoAuthenticationFactory

Method Details

create