bc-serverservice user AWS

This is a user service which maps AWS Cognito users and groups into BeyondCron users and roles.

Configuration variables

The following configuration variables can be defined using the config set command. One set, the service can be loaded/reloaded using the user service reload command.

beyondcron.user.service AWS
aws.access.key.id AWS access key ID. Default is derived by the default credential provider chain.
aws.secret.access.key AWS access key secret. Default is derived by the default credential provider chain.
aws.region AWS region. Default is the derived by the default region provider chain.
aws.cognito.client.admin.id Cognito admin app client id. This app client is used for authenticating users, and must be created without a secret and ADMIN_NO_SRP_AUTH enabled.
aws.cognito.client.reset.id Cognito password reset app client id. This app client is for restting user passwords, and requires a a secret. Setting of ADMIN_NO_SRP_AUTH is not requried.
aws.cognito.client.reset.secret Reset app client secret.
aws.cognito.pool.id Cognito user pool id.
aws.cognito.refresh.period Period in minutes after which the Cognito user/group → BeyondCron user/role mappings are refreshed. The command user service refresh can be used to refresh on demand. Default is 15 minutes.
beyondcron.user.service.user.create Allow BeyondCron to create new users. Default is false.
beyondcron.user.service.user.validate Allow BeyondCron to validate users, rather than requring validation via a welcome email. Default is false.
beyondcron.user.service.password.change Allow users to change their password using BeyondCron. Default is false.
beyondcron.user.service.password.reset Allow user to reset their password using BeyondCron. Default is false.

aws.secret.access.key & aws.cognito.client.reset.secret are secret configuration variables, and as such can only be viewed by users with write access to /_beyondcron/configuration.

Pool attributes

This service requires the attributes to be defined for the user pool.

Attribute Type Min length Max length Mutable
email standard
given_name stanard
family_name stanard
data custom string 0 2048 yes


BeyondCron % config set aws.access.key.id AKIAIT
BeyondCron % config set aws.secret.access.key o0BQNc…
BeyondCron % config set aws.region us-west-1
BeyondCron % config set aws.cognito.pool.id us-west-2_5Xv…
BeyondCron % config set aws.cognito.client.admin.id 5n6qc…
BeyondCron % config set aws.cognito.client.reset.id 2p01s…
BeyondCron % config set aws.cognito.client.reset.secret 1hd8p…
BeyondCron % config set beyondcron.user.service AWS
BeyondCron % user service reload

See also

  • service user AD
  • service user Unix