WP Suite Gatey Cognito Infrastructure

Public source repository for the WP Suite Gatey Cognito Infrastructure deployment package used by Gatey and selected AI-Kit and Flow authentication scenarios.

This repository is intentionally source-available only in part.

What is included in this public repository

This repository contains the public deployment contract and the code that is useful to review when adopting the SAR / CloudFormation package:

• template.yaml — the source SAM/CloudFormation template
• SAR-README.md — the deployment-focused SAR readme shown to deployers
• templates/email-templates/ — email template assets used by the stack
• scripts/ — build, packaging, upload and publication scripts
• src/custom-resource/ — source of the custom resource Lambda used during deployment
• src/shared/ — shared helpers required by the custom resource Lambda
• .artifacts/ — generated deployment artifacts published for installation, including prebuilt/minified Lambda bundles and the generated SAR template

What is not included in source form

The runtime Lambda sources that implement product-specific backend behavior are not published here in original source form.

That includes these handlers:

• src/pre-signup/
• src/pre-token-generation/
• src/post-confirmation/
• src/custom-email-sender/

These components are distributed as deployment artifacts through .artifacts/ and S3-hosted release artifacts.

Why the repository is structured this way

The goal of this repository is to provide:

• a reviewable infrastructure template
• transparency around deployment-time custom resources
• deployment scripts and documentation
• installable release artifacts for evaluation and use

while keeping certain runtime implementation details proprietary.

Artifact model

The deployable artifacts are generated by scripts/publish-sar.sh and related build scripts.

During publishing:

• the source template.yaml is transformed into a generated SAR/deployment template
• the generated template is written to .artifacts/template.sar.yaml
• prebuilt Lambda bundles and related assets are placed under .artifacts/
• those artifacts are uploaded to the release S3 bucket and used by published versions

Because of this, the public repository should be understood as a deployment-facing repository, not as a full internal development workspace.

Email delivery model

The deployment package supports two operational modes for Cognito email delivery:

• Cognito-managed email for the simpler default path.
• SES-backed developer email when HTML email templates, custom subject lines, or email OTP MFA are required.

For SES-backed deployments, the safest approach is to provide a pre-created, already verified SES identity instead of relying on verification to complete during stack deployment.

Repository contents intended for public review

If you are evaluating this package, the most relevant files are:

• README.md
• SAR-README.md
• template.yaml
• scripts/publish-sar.sh
• src/custom-resource/handler.ts
• templates/email-templates/*
• .artifacts/template.sar.yaml

Building and publishing

Internal development may use additional private sources that are not present in this repository. Public consumers should treat the checked-in .artifacts/ output as the deployable release representation.

License

See LICENSE for license terms applicable to this repository.

Availability of deployment artifacts does not by itself grant rights beyond the applicable license and service terms.