Class: AWSCDK::HealthLake::CfnFHIRDatastore::IdentityProviderConfigurationProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
health_lake/cfn_fhir_datastore.rb

Overview

The identity provider configuration selected when the data store was created.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authorization_strategy:, fine_grained_authorization_enabled: nil, idp_lambda_arn: nil, metadata: nil) ⇒ IdentityProviderConfigurationProperty

Returns a new instance of IdentityProviderConfigurationProperty.

Parameters:

  • authorization_strategy (String)

    The authorization strategy selected when the HealthLake data store is created.

  • fine_grained_authorization_enabled (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    The parameter to enable SMART on FHIR fine-grained authorization for the data store.

  • idp_lambda_arn (String, nil) (defaults to: nil)

    The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.

  • metadata (String, nil) (defaults to: nil)

    The JSON metadata elements to use in your identity provider configuration.



707
708
709
710
711
712
713
714
715
716
# File 'health_lake/cfn_fhir_datastore.rb', line 707

def initialize(authorization_strategy:, fine_grained_authorization_enabled: nil, idp_lambda_arn: nil, metadata: nil)
  @authorization_strategy = authorization_strategy
  Jsii::Type.check_type(@authorization_strategy, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationStrategy")
  @fine_grained_authorization_enabled = fine_grained_authorization_enabled
  Jsii::Type.check_type(@fine_grained_authorization_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "fineGrainedAuthorizationEnabled") unless @fine_grained_authorization_enabled.nil?
  @idp_lambda_arn = idp_lambda_arn
  Jsii::Type.check_type(@idp_lambda_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "idpLambdaArn") unless @idp_lambda_arn.nil?
  @metadata = 
  Jsii::Type.check_type(@metadata, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "metadata") unless @metadata.nil?
end

Instance Attribute Details

#authorization_strategyString (readonly)

The authorization strategy selected when the HealthLake data store is created.

HealthLake provides support for both SMART on FHIR V1 and V2 as described below.

  • SMART_ON_FHIR_V1 – Support for only SMART on FHIR V1, which includes read (read/search) and write (create/update/delete) permissions.
  • SMART_ON_FHIR – Support for both SMART on FHIR V1 and V2, which includes create , read , update , delete , and search permissions.
  • AWS_AUTH – The default HealthLake authorization strategy; not affiliated with SMART on FHIR.


728
729
730
# File 'health_lake/cfn_fhir_datastore.rb', line 728

def authorization_strategy
  @authorization_strategy
end

#fine_grained_authorization_enabledBoolean, ... (readonly)

The parameter to enable SMART on FHIR fine-grained authorization for the data store.



733
734
735
# File 'health_lake/cfn_fhir_datastore.rb', line 733

def fine_grained_authorization_enabled
  @fine_grained_authorization_enabled
end

#idp_lambda_arnString? (readonly)

The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.



738
739
740
# File 'health_lake/cfn_fhir_datastore.rb', line 738

def idp_lambda_arn
  @idp_lambda_arn
end

#metadataString? (readonly)

The JSON metadata elements to use in your identity provider configuration.

Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.

authorization_endpoint : The URL to the OAuth2 authorization endpoint.

grant_types_supported : An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials .

token_endpoint : The URL to the OAuth2 token endpoint.

capabilities : An array of strings of the SMART capabilities that the authorization server supports.

code_challenge_methods_supported : An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.



755
756
757
# File 'health_lake/cfn_fhir_datastore.rb', line 755

def 
  @metadata
end

Class Method Details

.jsii_propertiesObject



757
758
759
760
761
762
763
764
# File 'health_lake/cfn_fhir_datastore.rb', line 757

def self.jsii_properties
  {
    :authorization_strategy => "authorizationStrategy",
    :fine_grained_authorization_enabled => "fineGrainedAuthorizationEnabled",
    :idp_lambda_arn => "idpLambdaArn",
    :metadata => "metadata",
  }
end

Instance Method Details

#to_jsiiObject



766
767
768
769
770
771
772
773
774
775
# File 'health_lake/cfn_fhir_datastore.rb', line 766

def to_jsii
  result = {}
  result.merge!({
    "authorizationStrategy" => @authorization_strategy,
    "fineGrainedAuthorizationEnabled" => @fine_grained_authorization_enabled,
    "idpLambdaArn" => @idp_lambda_arn,
    "metadata" => @metadata,
  })
  result.compact
end