From 38f464780047169a13e73a46d3baee8ba31c2c33 Mon Sep 17 00:00:00 2001
From: Agus <agusriv@amazon.com>
Date: Thu, 1 Feb 2024 11:50:01 +0100
Subject: [PATCH] apigw-lambda-cognito-authorizer

---
 .../.gitignore                                |   8 ++
 .../.npmignore                                |   6 +
 .../README.md                                 | 135 ++++++++++++++++++
 .../assets/architecture.png                   | Bin 0 -> 26361 bytes
 .../bin/apigw-lambda-cognito-authorizer.ts    |  13 ++
 .../cdk.json                                  |  64 +++++++++
 .../apigw-lambda-cognito-authorizer-stack.ts  |  72 ++++++++++
 .../package.json                              |  24 ++++
 .../tsconfig.json                             |  31 ++++
 9 files changed, 353 insertions(+)
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/.gitignore
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/.npmignore
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/README.md
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/assets/architecture.png
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/bin/apigw-lambda-cognito-authorizer.ts
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/cdk.json
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/lib/apigw-lambda-cognito-authorizer-stack.ts
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/package.json
 create mode 100644 typescript/api-gateway-lambda-cognito-authorizer/tsconfig.json

diff --git a/typescript/api-gateway-lambda-cognito-authorizer/.gitignore b/typescript/api-gateway-lambda-cognito-authorizer/.gitignore
new file mode 100644
index 000000000..f60797b6a
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/.gitignore
@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/.npmignore b/typescript/api-gateway-lambda-cognito-authorizer/.npmignore
new file mode 100644
index 000000000..c1d6d45dc
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/.npmignore
@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/README.md b/typescript/api-gateway-lambda-cognito-authorizer/README.md
new file mode 100644
index 000000000..55ae39c25
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/README.md
@@ -0,0 +1,135 @@
+## <!--BEGIN STABILITY BANNER-->
+
+![Stability: Stable](https://img.shields.io/badge/stability-Stable-success.svg?style=for-the-badge)
+
+> **This is a stable example. It should successfully build out of the box**
+>
+> This example is built on Construct Libraries marked "Stable" and does not have any infrastructure prerequisites to build.
+
+---
+
+<!--END STABILITY BANNER-->
+
+This project is intended to be sample code only. Not for use in production.
+
+## Architecture
+
+<img src="./assets/architecture.png" width=700>
+
+This project will create the following in your AWS cloud environment:
+
+- REST Api Gateway
+- Example lambda function
+
+This is an example to showcase how to add a Cognito authorizer in an REST Api Gateway with a Lambda Integration.
+
+## Deploy
+
+---
+
+Requirements:
+
+- git
+- npm (node.js)
+- AWS access key & secret for AWS user with permissions to create resources listed above
+- Cognito User Pool
+
+---
+
+First, you will need to install the AWS CDK:
+
+```
+$ npm install -g aws-cdk
+```
+
+You can check the toolkit version with this command:
+
+```
+$ cdk --version
+```
+
+Next, you will want to create a project directory:
+
+```
+$ mkdir ~/cdk-samples
+```
+
+Now you're ready to clone this repo and change to this sample directory:
+
+```
+$ git clone https://github.com/aws-samples/aws-cdk-examples.git
+$ cd typescript/api-gateway-lambda-cognito-authorizer
+```
+
+Install the required dependencies:
+
+```
+$ npm install
+```
+
+Go to `bin/apigw-lambda-cognito-authorizer.ts` and update the Cognito User Pool Id with yours.
+
+```ts
+//....
+const app = new cdk.App();
+new ApigwLambdaCognitoAuthorizerStack(
+  app,
+  "ApigwLambdaCognitoAuthorizerStack",
+  {
+    cognitoUserPoolId: "<your-cognito-userpool-id>",
+  }
+);
+```
+
+At this point you can now synthesize the CloudFormation template for this code.
+
+```
+$ cdk synth
+```
+
+If everything looks good, go ahead and deploy! This step will actually make
+changes to your AWS cloud environment.
+
+```
+$ cdk bootstrap
+$ cdk deploy
+```
+
+## Testing the app
+
+To test this application:
+
+1. Note the endpoint of the newly created Api Gateway.
+2. Retrieve the Cognito access token.
+3. Make the following call in your cli:
+
+```bash
+curl --location --request GET '<https://<api-gateway-endpoint>/<stage>/test' \
+--header 'Authorization: Bearer <your-cognito-access-token>' \
+```
+
+4. After this call you will see:
+
+```bash
+{"message":"Hello World"}
+```
+
+To clean up, issue this command (this will NOT remove CloudWatch logs -- you will need to do those manually)
+
+Also, you will need to empty the bucket before deleting the stack.
+
+```
+$ cdk destroy
+```
+
+# Useful commands
+
+- `cdk ls` list all stacks in the app
+- `cdk synth` emits the synthesized CloudFormation template
+- `cdk deploy` deploy this stack to your default AWS account/region
+- `cdk diff` compare deployed stack with current state
+- `cdk docs` open CDK documentation
+
+---
+
+This code has been tested and verified to run with AWS CDK 2.81.0
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/assets/architecture.png b/typescript/api-gateway-lambda-cognito-authorizer/assets/architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..232e8733e38a7040235ca9af9e34f470da3f6f54
GIT binary patch
literal 26361
zcmeIb2_Tef-!Lwzw4hCj6iT-2%Y<a#vsN_LWCmj}V#XShP-Mwk_7aJ)H1=VrRJM?9
z?6g_Oaw3HAzwW^~o%1~J^FH7I`@Z*k-sN;??(4p;-*sKTeVcRc>FcU9>|xzQLqo%$
zsi9&>L$i$nethV6f|1kj71qID+guIRm1y#skB`&PaE)VCuVNiNY)}qJ8g6mrjZfTS
zB6b*8EVsA{x0o2h#mXIp5wga(I15=hT6tldz-LGB0?cy6AW$|aBw}Nxn24B!poo~D
zi0EZe5pHos2?_8^L|jNp8fLOF-^v#0v<X%R<Ari?u;La|lN1sGpm=qxtWi!_jH?~D
zxDt5QbiyJXz~5jP{MNe!eq9AWq9T@}l9n(&@KMp(*#T*cysnMHLQuqELgG?jm{(il
zvd%?rF=g=C0fk0_ztoY|XbiMO+0F&y2u9RI#YBZfpg&;nl9i2>3+fjT(9MuoE8C4*
zNxMjhI3pa?on1v##B>ZbV0MP*Hg4mFba6#toHj2nDg+affL@5Ja*HSe5YWHk$_SK|
zt&0`Fmxz-U*qVw`eQsrOZbeaBl#`X9=msp*CJsfVB#bUe7-6&>VV*Fhi_-26j^Jp2
z2D$~>(L>$E%Gpi_gP>vx;jsbzoH*DTx&y*<V?b0?RB~g)*5&to{usD~^4dHXpc-|d
zEe?f1x^6Ds7{X#O4p@})p9ifmPEJVcO@eM-#LC45<NoJqHW-Jk+id`I27K@*=+M9=
zYb%Gp9W_QFuz({VMm#45`(wEV5@l<*wX>*{^u`-UtF6hKH*vMILSWoC)>DUmCC&yO
zx3KAg!2o!_(C*jQTaz3;l#vb)TW;ZTb05Gx|LbcvG3IRL^1D?0?|`$@z+94cxNfNA
zB7I$7LR<SB3NE$9UT#(nxJ~3L8bh+A?0~@`Hjw6u_1r?dD;kNlhR_W-R|$i|I-s18
z%D)pC8U(zIK!M{bV;nFpV4@So3BXmd!#X;ECsFXx-42CCUUIgwhW2v@3<}0<FizM_
zHWLNByz#ubEd&*i$r+mN=mFq6+X-2@yGjVzx?ph7Vp|tYz-WK>ttFUfX-&Nf0D^VF
zpuurB4#q7euBfO4Q#uE22Q<yrI09*7g>wLuRs!OSMFFN$bU@ic;ISBJH>=Gj2c!)&
z$rW4#<z#!2`lJFRYvb@+(0<(oVdZK^RfW)`4b(zgAUDPG?@*gM^p9EY55`kR0@a0e
z@dU)%f+)4gE}L>LCcXLW{)f;=Y>nCdA~53THYZwb3aahzupzzi&oDEXvndPz`23Jb
z`HRT>T|Nc-LR<gBr~jBaoiV^zP){$Z#4V`=&aAxgBMDT6GBhG229)044F0__*xwEU
z%KUXH7}*&8%MO1Xgn<2ZjJm_02cf4wk5JFQb?V<Yfes?Halk*1ZJv5-kP7Rst2YM!
zyn18okJSLczai_8)c(TgV&Y<IfY^T)Cm;Z-Fi}aE5*Ys*0kon11K#{eG`8gKqSbYz
zgFeO;h21cs*D+Wua4h~k!L$b22MJWquR7=7(=S%8&Kq{h2IT>X=-*d3E=X4l&czzJ
zp>CAG<KI&}R?a9(TPrNm-3o}^e~6rmiAg~m0LjOuq)UnbW`Ul6k#yLmSMsZ%Z;k!y
z$oZxT|3%Ifoq>ZRqP~ey>aBjUNI-o;YWNrX@@FpFv_HRU_|2g$MgBX#Z1LTezIQ|+
z5Rl>fyA})B9w)?qs5Tda6z{JzKDX)A{6b@CAiU6&UunGM?fvV}c*{Nh!{^vI^)F=o
zlcVuJy8I7qOtoGA4|TZ;Ocdyr|1P@R!OHPE!s<UrjZ2FB*HPn}s_7RsesKepVj?y;
zCu^!j|L?2He>cxt=K4RaD&NWo{6grz(d9@dgd!C5gAmHv!OGPYWlhx|Rxa4T9sb3R
z|JlMKJy6)I00I<2LZ9K_GvxPfJgGnt52Ti$S1J%zw;uG7E+`NdK@Q=@m=g$*AVAa!
z(8Di~pvONzQJ;Q?1wH*0*v3_nh`-5J{1LEk8srVf5o`;V{G<2=Yvp2#1P;x=Ige^P
z|8Yq5cSFKooCL{DKjK#>VQb6<>0pILxk0fuIO*o$|DNaY&m7^8gXlxi81PFr15*j<
zziK)uiA{~Mwbus1HrGKe&A%UXZfy5&ZYnA9*G(m*|FY=@_WyruDh`r~Am05w1pmj_
z*_=%cd;h(e|6Ft|x=E>jB!>UvQf)>4)R6gK#-&nG5tooqrmDoh<fr~ihR4<zTPGA2
z1Ma(_J^$~f!2UKg7T;2Jzi7m*F!)!ExHYz=kpADNz(8h{>N5Qz<jR}K6cf4P3QU}s
zh(1WeZ_N57nELM<Ba1`U0J0vx5F3hL{u2brqT+u;?Y|-H{~6B;@@%Lc(S|z(JwiSa
z)zhN-K)*Xz)Te*w5pB6?f4F8;_iD>C`yJB1=ca93^*_|J+OVPj*dG7kT>Nh8|HNBc
zy5(0zvNiS}<64Pt<?|sj0W3;xJ#Xo;|MQNOgv6#mZEd;rytU<jUbl)`ul-ZiK@o?w
z!?=KoDA2Z$V)^f>W?_G(xWpEZ|DtBMru-@j|9Yv&t-|*&HWhgCSR`m}`0q<z@h#eI
z3G`N!|1UsZYV7oHl;XFdus@m}e%0pGw_Dv78!t8&K+P>1)%kZ%_-JWpIA}Cg6fb*N
zOeOE?IIKzxl0VJMLCf_djraETH<H&>qIl6}T}fSc^77Co1L&QFd8j5zLca8~3jTvC
zJ8%ql?{eIJBA}taP4USc@4?vxzeFn=qHX5Ndd0I;nc(g3FB==nUm4KzyV5B)pW-!N
zJgjz`hK_?~8@&R@3%ZHUAUtfQqqStLgYU)utfQMRp3|lHI;L?_o|Z7qZ_a*rjF8Eu
zKtsF#77g7&T^cw~rGM6mjp;P-_FYtfG_<>UZs89NDqLow&g0l`LeA|nYj3qD*=R2=
zcHgs%Q;F#O$o+{+d}C!=kOD7Uy9k|Mp6RpTcRQ|Ne*KuZZBU$>d7am**MUa)7ILPJ
zomaLe-t3tjmhx^sj@GaCmqhozabz(zDRFp|OK9M~!K_yf9g0IANk@wmtUnU+)O-3v
z=kA{?kHojXxDz`+7ZBXtmZ3eh=;KzpJWuJ18E>CTj!^HJmYqSMr7+VA;y(u59m#sG
zleaEZnAYrM=(iPS@ToDvw7v0~DN6T|LxzMs5@|h+&bY!RDK=GoX=Op6^HP+r-*>we
zw~3;JnTdQt$W$4Q1>KbyrjsJoG`NB&V()ivd1<{bS`i;aTK8w4?W?jPMDN<f%FnU5
zr(EeQTFZmcxEC6-_wlwr&$SQ!{J6a|$5CqNeLb$eEo0$l+N<e6{=u*s@$HtS!;SH#
zUAZL$hQ8urZtb{-r>lqGCF9$7vUTqTw+ou;?ZHS5bR0QrVwYa)XLYH1eQ<%&>6*d2
zGGLJI(D40OiFLeC$r_Q;-7+`Y7i|5mo2k&I&tky6@KK>3!7oCMoFuS;Lw7nQRr1@B
zXOi(#^~9@B+11E3@~o)2BWInJ->~ve_c<D?k66|W7M%%WGtFmrcV00>^b(d>OH9(Q
z<o3DskyVBos<Go@ES@tTkOF;aj;5s~#M;_3Ylj>isS+EVMDmBV;dt(a*O8nh<7#Z>
zGnL;PqqrBQYt#EjLyrjOJ(z#}Hgsx=Nxmp`WX&O`BgdA#ue3B5Hs!!S8e2N(VnAxJ
z{MjhHFky=6J5ez?IU(oUcA9N**x1RAbS3o2^gI7L;<SvMcM#x*NGV!Xq`3qA`5}L;
z{)Coho<$Bg`rLAP*RFEAtL<-3)rJ?YdM~;tcb~ku{2b72z_(icB%8DwUT5XgE*2b`
z-lAssq|d@5AMs&XS?3nHq_52IoJz8wsY#y{x^J0+k9HsIJ>-{~?Cv((5-)LnT9uq1
z;ZdtPc(B5WMxvu?HO};EUvZaP&2Qe5gwW!v>5nuggqeJ5d@D?0#wQ)0Nv{=~loZ{t
z^chy$5sB;7WuDjzgfeZK{%{PAZ?3hxGyY+9sx&&Vd=i{HWvNCqReDLwhLyY!R8^fQ
zTBCOVXZHeSpfRX&C8gMLpjQUd@k+IyHQPu<=()hGks&sZEvUZzne21^VpL~?Tc2+Q
z^O11Wh2;T*)b2q!qG|iPu+Rn*<*|c=ul-h}c{2;mGR4*95=u$m;h6cZOI3yU)|Vn=
zg)$;)!(G?a$+)iZ9!P5aiw@KYPz+B^+}xEb_Va*SBz_lZF1#s4ysM~88#PWqI?;Qk
zo){RoT{yavp~O+D@BM`nux9M3$GjE?u%nFZlZE#VnHS~wp~FpE9nyms%%wx_FmLmd
z#bvMB6zVvBVUWstKAn_0+Vk>L4SJ+@wf0;6=oiNUaxOaPl{a?EzGl#GXkn_ShBdz=
zp)orUQ#jiEV!*u@wFBN_S@vN-gO@;VQUGxAqm0#q8Xm9{buy06_RI%D3c{UkPlF6h
zOsF{IVD?BH>GDN#!WW+#b^5R(l1-?k@lCW<JeR)kgwJqO=|$K2<uAGKjfz%l@NlQ_
zs|QMq0{oWWvPk*1bqVAS`Yy~XI*InWnK~F;;!*u=*-Uvc>P5Uw(<AGEA<wRbejH2m
z2g!YF6$9QCiQ9)wD?0OAlByRLoQ;QaW!>Ef3qkGA)_+SU&3_8kC0n1l=nUh`PK|Q9
zhIRGFYfl+`4Tjj)oYoULMWW$;e+nM>A(jhWuf4ZGg2((29L@aWBd6}ikh_v97f`bZ
z^ow__PM_kUf*wky=BigR_NPazT%7g&GBnetM#;xi_Y@VH;-yfthhh0sme`R_?~bw-
z$Jel-Zlgqp>+D^YL#m$-=5o32Cd=FAs#-6bh4vm1TzhMAQuH;^u_8CO-Ak~2&-?-<
zkMhLNQGV`OY7+iRiW5K4sW^j;;pp;U^}s1)olFG}yE-GpzL#ltAW5pv!Ua^`WgJez
z93@>v<Z^z=)M4$~$Lzh*mOZ_+_Xsi2#zZl<9OWk+LSUZaZ<|+t7m_ExZf~d)%k3a2
z7L9j}KJp~&sB~MV&$@DxG3&^5)#^gYy9pg*kLF(Q5t9SuQ7J3rJ<hqazL*Z4g{dOT
z)J`&&xN3V;@sm~m8ujje&$)j0<!ZWcy!N=kSBUnJj<h>i9`fypDQMJON-1SbC={}l
ze_QgPZeC4H^>tIC<leJuT|Zq1`Wiz>-!8g-_Tp@u0B3%0?j1-G73LOnYt)f%N~WmM
zoJJqqv|Wd3{afJihF4!y77J3cCUm5!8kEMLc;*(KLfp|UzcG*F77ZaY^ncZI>YqZ-
z^o*57js>5sjL&^j%+vtg0$A<Kr~Fyrb5Y^;4i@3NsrDq>pN5bZWc2kY)dr_!@8+On
zJ6SL?{_DP!Dg-vH`>AF${>GPg<Pt|yQ)KLw?8lDMJLw@jWgVn_6jyxOr%AG_J0sr0
zq&<nvvFL%^&);fF8iguU2HyniVk$`wmubk<OLZE$ITuD+Ut4jj;|#tt*fQBun2T(T
zTbQnx>D85;x?DIgw7%wEF`D8%S=e%6uenk8edVBiFE02j<0E~lR~HJwXrI^o1arwl
z=2?c57y21x#yD#I=>RL!(7vJ*6QqDG-%nT0>3WYmvc;R0I_aJ;Hpj)vegB{=b>p*&
zsrOWI!0xz6Ycd`#<@?ivr#Ifxx2IW#a&~35QCK-%UxN%Ax>-2jJwtj?X97FwJ^3P7
zCt0R5?A-fASW8~ztkz2E`qIfnF=U9O-3JcrD(OC^dbMN<981c!IVq|Xxg9zQ{B$H7
zt}T<3Uqu}7TVHki`K`9AX!YmP+|=h#;gT=mvdu*7_;q2@_b7AcS34G_N{38l21!#3
zeVEdDvS~}4kh#6FrBAWkY~87n9-BmXSDtyU@9MJd%Yh2_(o4G1Z=HzaXH3hSANQ?2
zjn*YF$^ZP|==voLMzos;d%7IRbULzUs&<I42Hb&e`_6p@JSiTp$tGyQiiKXZ&Vz!s
z0HzCe2Ul9;*B#VP`V^VF)N@15Tc77>@>Itqy<#?}vR4)!pLX<ld<jFlQR+=<DLPE|
zPssI_40@qgzDDaggbJ28ryp`3@+lRxsO%0qJ{F{YY0sB;VTJ9wvP~D3$4>QO+jR!2
z+y`*R%4B$Dhx7aWw-mVP!~`g!z@0HNbwnOIbFn}-S!Nh{&TaB4&#B!%eyd?B704@l
zefna(+JlTY*dd?Ap3zjl>7cfV^RpVT;{!#gOMQrFoyn3ur^06`UJb+Wf@}V$AI5!l
zzCYtkokSTdtCuHoN_y>cnEN9T6B#0eIA`vwyXT6#EL>qHh*n2suvt^2#X&bpZYeQw
z??BpjN>__e<!?&p?t;gXX!84JxkWSCx%c9^o^vAt^<LBc<+|h{zjcy1xW)ot$X;;Y
zQ75;x+4$;nR-w<r^<Xl+`DGL0Q`R3}`cFTUy#Ba#2Ny+4*R%vkKS7P7kZ?lu`W?3A
z6e-7qVpRJXOog@>rt(`*;whu37;c#+n6_?+LW}h1@x_6vm1)Z9(Rve?j-<TPrSDkL
zWxTGlU+X1Z$!k`>U0*>BRrzQV*4k6o5HqC36t;%0u%K|)KF3lVjE$At<y;<hT43Bh
z#gyRt(SKJG!Zn%&z9QdsH^9kkVaU&~&nlQ5j~S|(Uf1HcY~TC2pv%I${ISyjJ@35$
zF6Xd|92C5{{W%L@4uB}f7QZQ9Tc%W$Ti+w6o=#wQ?{8IoHq~3~TGOKy5}qi5`W#fq
zoT23r6&^Lqe{c~o717Pi9>FTvpqepAD_)IflASELz0%`UF=d~fx#Pyc96I94bVb+A
zyvH~}y7rUo@o&y*qF*E(xt;90JWeimwOs)+VRTMc6Fc($QQpN)a~M}3BKJ${4ZCo!
z0N`HKpV@|19Gvl8lwEvO$}x3v{YP-<=he_btSk1nSGy9!cf*ZcdI^HSW=Mj=&l8Z1
zc-7D&ZlCY*5X&zMqh7@aVXD`b(L9`*My?H7slLn46Klx@vm=R^=^#Hzo}BNa^6NeK
zTB3_b(q*w@AFK986(4b6?rq7=$s;PIc9?y8QG0^2FvUGU!)s5zVdr7Fvihy|<kVXh
z%OdgSb2ayV+&QFMa6-<j1AnutzeJ7satb21&T_6H5HXcnxG>r}=1+&eYcZZzG3~O_
zY3J{ByXa)ou&`xSf7p3DI}0S|pK;G~q~2(*Ata{w^U_1>@EbLsP3$CHzG_f<3ZIc?
z8w8x{%=W%L%x5q9@U*a}{L<HG-L|N>BQAll^VMtf!aVx9S>)TfN-On_W&?+_oU)^x
z_$5YjRqZ3>*UCb(n9hBqaaVr))|&M;rZYQMHXNwgX7*<#msEUa>v<|vuMs()tB@0d
zeZRM=58Rewz@R_%`|mn2_BGeX(r<M>yfaNP;NmIz>lvsW2=jVWV+jyxGCjhC%xY9M
z_9S!?<F{g}Q$Z2sX258l57}94cabaV<7pU!B|63EdiBrQMx7c`h`pp=uDpByjbPJj
zacpq(@b~-2#O;G#6`w;VI+omMC5^n^JH=C~Y+t<mIQWEp6e+%0e*GpaIPa;nTdv9C
z$h}zOxjK`iGtbdN=9)QOlGoGXUuuxE1A-b{qhWY+UV;%ePZ~Yo>@jTrE&1Wyz@U#;
zSO(77Jx+GgFZ!ShQ$J6PEpB9}1+IIHHb*;QAx-m^$z#DA;~A&QHLu4y$N*h5XZB*`
z4!4PFDQh<QGhVQ?zb!Y5F%ess=IN}5Us|}7b+%JIA{w<G#wuyTnRq(O>Sm`gjM1X4
zDfmdOph;0(uF+z?1e59L&85>W-!91&F><)?s2FLL^vhfF-Ec-?KtLYf{NC}g-Ad(L
zvugy7&%V>SAjrL#HgUs}?Y|pELlBD2Jd%Z4bMG#&5@PMLzUY<taO-UX4Iw;%cUW;F
zzUKlS%&DDPH#QxbEZ|XO-80;b_BpQ8*2!E?JG_f(BKP0@-&?wHz+4O$)a2vo+;Kmr
z>iiA#z&bu#UYBt{@Lm+m4=9kOzgABWEzOHnvllB`cL_fuu3bI>y^Gq-fkv=vuB(tA
zTzk47vXP$Dk^1NU_*1VmIH9vg;vQajDdKTdOJG!yJbc4i0Geh+zaM@G9z4$D?-_~X
z;1UBv`*{;-2x?@c`-%0SI+=s_57UCX-Lm>k#0UBnb9AS0#6eRCH@p!v4<sMpJmq+7
z1-K|0B8K#kPsT+76YFI5adS~-d0#MtA^%yhiSd3oY|trZHj4+Fv*V<XiCfcMe4|=z
z5OgwHfKoAppl1F`M9%h4nSucbxs{aK+~cTIl%irOC|YS#0VL(6m>I;MDmm@8f1OuR
z`qH*KnR~ff$pF4R=PkT;Ofi@JJ)J0vb1wIrmPf6xw6b6?3NEvM3U?&SMa17Ut0VFg
zx9!@tjsA2DAie=PB_?z2+iOBl=%HRFvtpB!n@@`;-S4cpKW~*J=(;o-!az!B3LtGa
zVS&j%p1-gN8{>jei^Q3jJoHkcp+%j(g?})=2TWkqv!2)oTv6F=h-3v2Q+pLVmf~Zp
z;wzTf;9Yy%+#vL&od#^;PgpqeBDNz6X+u_$ZmRa)4UgX))dcyeZ!|y(=_=VImfhI!
z>vXQYI{Ah{rWr(^*8K|P-Ep`ifo4+dkP5jqNh1b=$Ds@04FhSc>|G}<Ty7<dq{ZI0
zAm7G+IiJhR2603YI9UjC%1=n9)Rd0YO$S%^<}zS~sBsR$HgYO;G>qt93A@M4wsTRw
zYm%hXWU4q#l96z~+h?g)jVIZe4SCO;7sk=2jN;R$cf>#({&AhU)|@RlD^g@N=k1*8
zhqb#E`ghFF@^`)9r1aWZEdT^7a2yAy5QDD_Ju$kN<$G+jF&JNy%<&b<okh~o))6nl
zYnO-y!Y<7`@O7qpbPR93JwsK8@H_Qhqcqqdd>jUevrGIGk(v&R@AvWL`yj5=fB~R}
z@LjnJWGiNqZ|0M-gV*Aw4<+;})6jNm(!ifxB)@$!+%ME1;(<#kIt~~wQVt*~gJ4t~
z$`H6qQ00p>Wiom4xF~pG0bU>pM!3}or{O~-mK}j9#cJenIn;CM%~iB;Z(&ZpXDeU5
z1?^sReq39!!T9kj3rl^oknJT59gw`T+p9UD^W$(4YaevBEOP*m79PJ69T)gy@H&Cf
z>w=8sqLrk_RLbQ^28bLTfE;v$I0cfiPh6YAUiI)7@b#Mx89KA|Cao2VtcIBFnjW9j
zQ;994r(&e95e1~NzR<77b_!=?)KT*wP5|-r2zK0|k%nIRUAaDio(?%`-8?5zz9?^D
zS4FZxDJxZ9-Ho6j=z_4>6AiD*i^9A*MhKsI`UC;7lEERsO7X=<!uZ657WSH0$*6uv
zH?ufad6;{j&g}2Ects#Pm%{F_kIX+&G*@peVpD4o*9*r7jD3@Xn1^@@C_|u0cG!3o
zX|>*P8oU|$-o-fHnDt708|f}y`>`tUb7*Lbm1*GW92AiVC(j2rjvg2txyO~w*q0oM
zyK49~0I-3+Hx(b`n+1zXQA#?`)bWQoM;jAm&n62{&iRFlmsZsg7j!QyKpL6j>^20u
zKfdNQV`7UirS~|k@oJ@~<ID(`L$X|baFgBzXv6*VdVmEK$O$uyT1ytD6OLbYUln%x
zR?XVk_byS7saO5Q%mW<v_wFMQF>U~AeIhWn`v>^qPdOZm)nJ1MKfZVZf-?-1?Cu!c
z!_MI~`_Vk!mc=z^xt*C$KRNm}_ynTLYo_anm4_m8Att>8w9X-3iU@--uU=kOO=W__
zBI!%{%mJoLClTyH2R)%VG3qpM;|KWFCyb}Y`-P%c7-tQQ9-pGj>ME2#(y%`Ws3Jvj
z!-VGZ<Hv$fkuGyzz1Q8PkxPwy!$%+Bq>FlXLgzgPWJU$P;zyGnwFCYsf#+tPmfvJe
z^)nYPEP}l%w{ADU5=b>blSUbtS-cV19q)L#s|W2zG799|478R4ePeU<kJS+m6Td=%
zvp(xKg!vPEtekOo24}>XQojr3ZCSmtDg9O$y_Z%ac@J<BQ(AnGW}XG;K-Tr1Y~4w+
zk;roz^;3P$Lvb18O!5BmNw`J;_P$?|5T294#{!Od>lh(Vfvh>E5WCNx<xp{WZp>q6
zMDm?M1t8M?_T0DdIT~cEpq$lo+K?ntj4=Nq;>3t5Umejz_`q?NP0au_7U|IWMPt%!
zt_d@MsMAT=9ouO4*NK4xXAp$GS7NUk><yL2=y&KMl7}1VYeAOfjSj%^bNs4n^K$8t
zd*h^!ipoR2$M*%)`Yan<fOys!@LB^hcY?(`$E51y{0Av3qwx4y4S?XXL*Zu7H5&ja
za}>xak$dH?#|lh}JXsi`yHg*5Z<Jo`{+$9Lh+JhpiPFi{Nt<rtr^`D|N?1;@c$Yb;
z3sD)6HxMKqXyLmU0^{2_V@i`w&T$ZgV#Ss?AyxtUEJuYr{PTy}V<*D~vtr|&1V+EM
z2Ztc)J_pB(tuqNWcwV6Gi5DnM=cE|w$;|?_MrCTiKCXee@sDD})pK25S2FcSFv5f7
z$NwOD10q?#VYT{U5h>6%B%5?OJFA$TAT-}`3QD>7{|2BlH<$#UUMd*_=1tatU%kzu
zr%vW9a+YetlfkJC;oiZ_YQ2MfO^5yC6C-iuU%R1viGm2g`Y>VPq=i$A`Mo69iX#NZ
z3q5s^hEFpCBBV?ZDviF=1CH}p<#*u$@{tl<$V>>QI~54YWt}z+{1in)mjS`PTWya&
z;J#b<n(zK1Gp`sg>5^wbY*c&>@)tYKY~w-$FJhVP_oW;_M0efA*XWx_GZBO$*r-ki
zz4EQPggTjv^1I&$;I|)m0J!6pLJwV}BtfWR?g#7-2WVeF@c4G{>+u^A56_tHJ<vQ)
zy1RIv{<w?DR<4#O%udwr!*Dz0uB66V(H@t9kmUiitjCg?(K0gLe57GwsM-&KG~5r~
zY@>e~02HgbES%&uZ>AG3Y?%_pdP#>$_`4y%T?|3oALh+IA#&|jU%=WKV)y|mRfvEZ
z9KdM3RIAU8V!7g-ddU1)T5A>;v=cp~&#m4W#K>naH1H6^10;~Zso1X}1m^db+>mSx
z%f6R)Xz&`fcBHTm5OJS=I=>h!dm4l)3~W;Gnf0*j%*X}^p^-NMF<v=7&02<4FNF=<
zoNHPD;TJK%{>CGo8zXs#`aLdFZO|P6<&H@D*@n<GW*vcVNw^p+-(CnUM0yTNOc4t~
zS5w)5dM8ofb%-j2rE4JAcU@_?1MR^G_F$g^xYX*sXAd3qE<i|lfc-w?L3k}qEEmM)
zPwxO6X)1G4Vk8cCLaX*~2daB}$GH#{@(ulrix9fT0sY%sb>G9EJx$I!1EJy^*!^7A
zJN+{cz#aJxLI=`<4kU5-pE*zx?!U%?@Y--;b7BX(;p+1Imva(Sq|^A*0IYMHKRpO<
zc_>=bTZFP+nJP^seQ(o#9R6czG__R7oOrc1oITfXeN774aJXV|&|BFtQMmo%tAMGj
z^l-v>`?GlSooo=j>i7X`MaAW-klhD8pC$XPElIggn?;v_Bp$m*hbe|sY<~0GTPSg;
z!bO1>+VuSR_Qmm8vfG}1*fB@|6t1a4hmm`75RNGwaC2+Z<mtJ!ZTn=1Kwd$#-i03a
zd63JnipqM5$AUxlReH`%g7i{}Kz?N#*%Tw^4KgQ_AQM*-abdYGLCVp-CWt{ib`fNy
zOmmEK9s0{|xb>o*mCwKiu$L;9MiL#n%-xGYVBMWZoZ#=fQOiE{K>frEkm_j3t6H}A
zo-QAqOmc00@u?;_Utta8H%lB#dfuJ5`J19~(1bIHu=}{<&92W+bQUJN5BBKF&0ntg
z6vQ?e$YN0t1{*xbEvPODaqMLfDjGKz7-{hulcUC=qy-2foZj3$Ao=7nD0VQ(ckIJ>
zw=N#DO|k+x%hJ_POn%N>RZ}H>lOUg2x>vaJ!|r*IxhjE@hRw1w=P4b}qaBMojixL7
zx9{o&!R_@!Ji1r|?Beu*W3-OcjU}mm=b8ko-v9|}JJmIDta4sOjq>&#yrn~c0-aKQ
z4&t(FKfdHzR{Q2n1~IUi6xuXR_Pe$ei?^I_Pk>=81p0e+Lqc;JNT{Y=;C>u9c)W$z
z^XRmZY~ZiUu{_pIkf^UOjKnkF7-bA#IwpqLQSS!`;`Uy&w%fvc3h6rX{sz|-6YDU^
ziw1-zF7;lo@9fqcTN=SzdQVA~l1^8Hv_<dQ$_xgbPjYK&s##qe!T?$%`z-X>>XJid
zBV?z`_7~MrqnZuHVJl4_^G}yJ_VwQ0vA6&H{O7l!jv%?_wmRQcK`&`cW=*juvU|XG
zq9t}7WPiT|WyMM)t$qqVX#%ot=7-Nd@_G(<&<$jpDjv^*U25-{@foj4BJOPU0+9Lj
z4wOG}V!#RDru%!UetZsPHc^3X6Sr-~5>Cjv;X}(bAtO#u10LYhw~Y^qN8-KbCx*GY
zb~3P*o${G{Q9C){K7_j+i!YWjJ&@D3ZP)Q@Ami33fL^zE)+5^{<Km_&W~!V9O(SrE
zAalf^Cvcq{ro;&sHY@v}I)KhCjw6Beie$tczKNOE^k9^Pg66PpqEyqsISn#vTUX^d
zsPq7GHINqd0LXYk=qa@A10=iT8goiL9BYt2a<ABV@*Nune0-DDBB`ERXR=OKl4#Ny
zy+9nUU#{m##fH8={5;j;^F1k$_y#$?8ne@Qw%bYsveFBXL+)V6(eBm~G%dj%Sh=Jp
zhs>{>4Pi6tT4RGbO&%!(3Kx4h8+d_llxX0!w<VXAv}5N%I(%Sa>RGC9FN3zXW-Df8
zVJg{7@7yQ4QWsO@FA3JuA07v=CB)&2vnUDZyc@H}#ckg2X@P5JM^!n|#w>ns*K>F2
zOt&(b&voIxE_kGoedjt5Gy5ku<ujmkH$%=z><2|D?3n)I6_7t4xF8WD3<pYO)F~^8
z>b0YRwb3%EybKSP!-E<`Psj61$@}N;#>n$2kqg{DBsLx<Y5#yq8Iq{B)025~BkfIh
zMhYd}^J2f2<Fd1yrKnYFLrCW^u*Bmpx%{|Hb(b=M<&2S#|0iq%0$Qp{mGd_W05LR@
z;am@J$1n3y;m81TVT%qu_%C8V{;yfsqPC>@0;?LcChvvGM^UHJ5+GUQ&<Bo+xlp-D
zcb)~wOX}K78VYch!tmbT$E<8qeM&&`t|3m?(qeD%HI|L}U4R|TOBEihqQ^`L3tV=>
z3FLLTdpu>!RNsV#j*ANfmbAx=MMLuDxSvdv-Mu6P>A9~U0I5euGuwZS$Ri2g%|0|}
zx8V}K0r1`^eBl*>5zl0Y2Z;UZK0SZ_NFI#pDh3#+LO#a<5cwY19+q=X7@8X@GW?6H
z1%GS<BH&;7WF<{#)vZL(<2qvB!<-6@8)#pOf2U96adtZX(*+JAT_s}y!Te{ry%R%C
z+fSXS8}uJNE=p+LCgwO5Dn7*5u&to^zCdHoeMgQ+K3egX`gLBLOpcfv1?a&yd($8{
z^-Blb^AOb=e(nNdw#uDqWScrxc)a_<SBF4qw(bg)!0dVn2J<^yLB4GUp#&xDavT6M
zhKpe!IR}=x+GgZN;#4^JGNBshYyu1X6dGYZSRQ~s^;u1{2cWYNjX{LrL4t0Skq~~D
z?JXh{M4S1f2a<$596aCG0#n-ZcIG1C?Wr@dU9QSbopxP}WV?9AVuEncD`lxYJz_c>
zT5#C3>`PYc<bh)?+?G|Sy*t;IqboJF!O^-B@N$~oe(N_^_1ja=wI{Ts+8r#ZkUlC}
z?^|VM=K!OxlWC57I%&_jKNipCHi2r=^*-ftw)*068`qghX3z52BX_~sCJD{4MWxF1
zt|K!uIYmq?1B1fob>A<MQiSkgKE6sV`Zt`E9ovON@92K1S~ZuBDt?;$^bT0(KxpPc
zskX7k85Nl(f)0W{60dAHh~s(2+tkdXv^W^y>Q^$kaH^A<_w&Go!_CNnr*qjg$;%dg
z_Ls<mkrfEiaybbd^e#O{ilCc)BFi|6UWMCeUBu%!@{Ax6U|2>BzDu*W&%nH)H%Iw+
zn;KcukQS%O?|<$M>y<~><2uGzL0l7pWH)NljKWdhcW$58I_RJEhE*LQsJrG8eb^kL
zNC{p$7JCrMo>BAw7Zsxb9d4Ykpx$Lt78j#l4lx9rJXqM6f+v;Rtq;8wI;;sOez{sJ
zsP+NQa9)8FrNY5L2p6!=f6Bfw*_Y3=MKgZ35*vjyKikH*?0*Q93o`CH7Ak>>My4Jv
z7qzeu*)<79U!U8?lX!`THF-RbR$hHN#h#zCTX^A}BqEu4z&R;)zeXs2-c4er92D%$
zcEbR(G{)idpTe`OGdT$hT?5e~guJhYH6{Ch#423=oD=qV;<RcPApI%ItsGv0Zi>yq
zpf^Sqlt~;xZOQG&r(o0QGdfy%U!SOkPPVF_6!cz+a<AL@Ji3_0oaYlaAG8vUNahdw
z35*N*iR#|O^PYs<(m^lCbw&4;IM&y4w3ga;W=~FO4|1}-IYSYdnH5@`f1GlfvMeeD
z@iIuw#;T?GEWlX~v?NG20uRZ?oQQq#DqvS1)YSG~yak);NSY_R4dA+ZfH(CeTxY!s
z)WaRuelEE+@IC8RWidyPycaF3R>--g&q9<<1lVdtJgy!YribwfYbpZ4YDVO;udq0H
z%1?ZfyD(hkXKUCb?CQCf^u2sh`M9Dd$=%<0cCRG}EJ=sSx>eQ@a^&Uj<JJ^>Vfg%1
zUssCvv~+vH4^W;P;hF|TqkJhu-F~Pnocy6S;v{Bern;I09GHdqF3XBfuJt|(lRc7s
zGoZdr&N4{vmA-X<hMOP0H{I{R)uZ^~eYQNqRJ3)0^oH!>5xnQ#59c3wA6(2YSvcYy
zSWo$C@v7wpNVvzp>a8#I_;%eC_$m&-pCbc>onSTj{L-^tQ1r$Cst_1p{U3lvo<{hN
zCcF27GT!6|WhNXgsEb#GvCEPVtL76YviAja=@#Y|#PcHAOO|8zz;=UNxEdLE2Cdo&
zayDP(c8-v++>5U3+E<H`OPCti-ePP|Q3~SU{Fozsd&lNh&mG_W+ozg=&tjNnPvAuB
z)|EqrIRdDy_uS)2v15|^9tjnK!{ygJDn=5}4xe5J*2%1$F-0-qIMG+09Q<U&zrrg5
zNzF4tUhYug8AAAH7lTD4@bsmf3?8j5G<v;%DC(r)4MHK^I<1g2SogK<Fuhz}6F-Tc
zKFj0J`eKbOP`lW%`w4jgXL1GL#{B(Sh?6^PsCw|_BNYVu+l<UvF^QsqDj#p2{^n%a
z3hB`}LDK}4flM7XSdkC#S^FSwKVT;V!Dn%x%jen8{Ho<_IpCC&D?MGILLs|L9Vg^X
zcQ{nPJz{#<LQ#ueH7yU3yZ~tgG}uYm96^z3A8SodMigIruRTD-i8J_9zU7t<`S!_)
zPi24}f?lDrkF<#we29rH<aCP=VzJjx(Az<f1nr?e`{L(*7@Lc0ep#a!l4GkhGKA70
zs1Waek*v;aHu;uIZ;BeM^mKXvuW*~PztBGFwXFd(Gz?#8e=Y7ei%GTL&-eVMd4tJa
zeop~-hVpo<!~w`=u!2%9gOw?Lj7nM_(tKRDn!*n$I!K<Qgh~)Wpn+h*gp3M<6sB%6
zzWAedgkvCFGmqu@*f$}g0Am+Vq$$0MI>&B;t~FJ|WFw~5@9D1R`;O1ul()QxPp_ym
zJV^J1Lmyc9pq#y=>qSxSzFluYj!=z!FRGa5i_(Jv9!o#O6zT2RA-$_y6kehHm~H-J
z^c_L?)d#MRjqe-DESilkWE@ll`d1Wa$)=^C^3|c0x0Ac!yP^appVpbk3*G2J#y=W-
zsd`(X_@KVL-&_+63V(Mny^sQlu#%gtxQx~t84>=my}N+E)V+fbP?<Us_;cu|>xBoS
z-k37KL}EfA`K@+-X$O<WzM~>(W2*R$==h)eHCVUJF9L6-2Lzj=gRLogy*C<VVA*k(
zzl7(p?5li#WZ&`qXjf2YGan@^gvwZAC$AKAC%)MeYhe7Km<QEq{=}$_txRKomK!ZQ
zXoVP`TYAb~ieGIp5MFY5=*?4RcpMyUZ>QGyUV!qha{OM^w`(EHCRdGkBQA8&7WKyA
zE@%q8{-B!E{oxuPkDw=KB!bogJC&bq*?XfwCiQ&4NL)Y_({=NDZKK-_3w{wm#q%RT
zM`yq6t((f@#e9^O)QK-aG$0mI@TD~=Y#q+{(R@G;G&qc>m5-;*1oRS0o<NL5F(WJ1
zd<;Ai#~hkX3bZNaLx=6RJMbuobn@nJub9gwxH3*gaww+t?jAd?zrL91Cqa1n{pEJ1
zGFOhgx?bU?e(A4iW71<QX;L{~MGMjhq#3|2d9Lsr+P8P6<Pxrosq(%p$#sN#i@0Xw
z?u{FS>i|L>$}-MRk$q#P>0JwOGAFpO$E2M73fA0?)AX=oIJgNHB3Z9{P+Ko#H;k7*
zUjRNDE!B!U9DlY!Lu}i?(~0N1?)8Q~b)~Qc<3m+D%O9W~$M(glbj3DYxR}TVY|2si
zO5l{7J+lq{c?MzCR#m)u#EE@@!R7o9c#7$YY?Sx%h3YK5;iFuS(BIJ{xS<s?UqO5x
zgO{`N&SzvOEWlq?&!^PMyw}t?L65knaGbzc!6nOU$^AO_@`9odl*N2g-)s5!dW+F6
zoRd!k$V+lD(b-2RbPyOr9<Hh%i77SwWW=?Sc0>U%Z!2K|L0NANPt%=RKLL+d3a#9K
zH<day&NYIU*N+NSRed++bB2~)wbX|Rx%mlnBh!-O&<}6>Jq!95?^{{u9>m^N%&BlK
z75*M-qPW6IU{t<)9;!7NG|2E8HoGGf`z}NJEdn39sESCg;Xy&>S_xskTdpKf;XB=v
z7@U5LS=NGL-xaQYE#%3|qhqG0<+uU9%!^8cl3|P0Qj&55sR>GHZo5^uDQWcO-3Fe0
zN4$iH&_%ov=4Hb`g4D>x-Xt5$u`|Gr3wZM7`rVqk?n6$})mhA$KMgBr_P)P*t;8_Z
z>gY|?(<<Z)3!^$F|JQU+B5~XX#r8*RR?<pSb`;;}XoUdP$$Z2slNIB+tAZ6gXbtL!
zQCYphl(ek!s8tnq$XSBimLCFw(wzF7{#r=(GyII=mbvE@33*sc12xF=0EW;Hc$ZCU
zq|&(Y?Q(g;+%t1GQ+EuTul5h-ot>G_7&fy7b>+wJr1sb8r5VDF4^G7$yy9J)kMP?B
z@CfhfKG_uO-C{-YUKe&;GB)*=_dj+fzd@0lwVk$}L;oILAPl=YyDubL&O}k5HXzHZ
z75Dh26~!OYz&1zEk9pNB?!S9qft!$bx?x_uGh;0V$z5$cRjtTNC%W$tBw!cGfxf9S
zgdEzLoe>AQk%}A#X|3MGVANyPI{6FDdW>Zj&svRY^BeO~r$aUL(=1kd{1uKu)AEyC
zR1;;B*p0&1WK^UVCxyFYGes^^2?3Z>GVc8TyLS|hiVja_38mZT3&pB+y>(J}EdpE@
zNRev@y#}3_B6P3s@|7kL?`M;UZw`Pa+2C=}_0-_5u#w+BGuQ~wernBa)8%zhPCM#v
zh)lkdC6hM>0uZ-6NVyf&a!{x*fe#(*^M)^+^LrW48|J;`xABcJ#YV1_j5BNTkM1a1
zPRziA`3m(@w0yZP&0n5fTS%D_DiZd^<wV6@@5Ars<pv78bGU)n#`(S9?Vigt*n&)X
z02S1~4)1>7S9JIW51d?nd*Ng%!u%{J*z~-MZM1?kLCCnnVBh1>62lnRt~z3oD^&VN
zBfA97lZ-t_J~JM4Z$p@Ce2@_$Exlid5rn3`a>3|acHfD`9Za{Mx%wmo)UQyZy9h$c
z<TV{FX7_^#_Sm%5<DfVx`>ifnhc=@@M$@3U>$(B(WvS4Oc`1f(2SDWGbfT<e=-No9
zxI2Ay2R%`LQHh+9?D4hvjDG=O!MyUesQ?q65P+&(1{UAE5$uogH6f-;Af8wvs_-fI
zTM-Wf5xsXF&a+>QymqqX>g;eL_bK#;7r~zSKlT+?N4Z}cX;`#i$sVgt>L|nbmBJs&
z%o-lH2q74r6j(^YNwXXFeP!d%X8@(XSb=Q%ggRos#Y;CJ@uIP^cTSWf-}W^SaFDK(
zInKvLdB{ak`oZnQ5Gd?xYgixQ6NqkGZyBCy6rM0_q)$u*1s=Xx<Ric+e4tCf43*$*
zo39m0-(S^6wEueT)yr-EK%bl;<i*y>6z~`+?nIdH2&?0Kqswt0Z=J8Q#~m~`fT(Hg
zjVk$o|I>%rparH8Z9$b!&(UTrQ%=fV1;dM1KwLd6DGW(Ah(~w9)!&3&C#XWP>mZdG
zXPem(><3^W^+!Omz`~m<;El5GAZqRBJ!1+2c+V-SUn4ZruSh;{BmLnY0j|LJq>Q2F
zk{x>Y&*sCB9s<-T{Meb7kCizdz9c-d?0dp=Vo$S1I5YiSY7~B+*&-xrNr;AqT9VO_
z0lDt)N1pgna}SZ8Ac-_*PD8WtgauFIf-0-jq&CMKIL1f?lxl=Z&Ew#y&Ghavwe?3~
z1O(Ra-M7&|b*x(oZQ$u?>Hc}Beof>59^C!W3@r_m459IV3Z67EoD&;uK#xGVPkd+x
z4Fr;gRueo$4=QzRd<#en)TwQ&_R>HgY3QP$?+%dyvrYma+vpJ~G=%1xEHn^E(5C`Q
zbGlx84dkg;syh#^^iN-q7;b9ULqIO1uK%nxvh=}0fx$$X)FfyY(%9|~`i-xGGD9wK
zcKkc941zQ%-AH4T2%3Br4Hnh+y-++4@UYv=(sv2j2O4arG83H$AV!gOZd{rhHEqw-
zafE^l5MD6PLalbw)$6{-&Hd%B1MW~l&)jFe)2-Voct_mo&$$-Ucp-DVb#1u6XFa%7
z#|3{W$KGy`gSP`|P3%|ME>FJ}xy7p>4%yyl0g}?x8UY9jWkmADG}@qYM;K^~1@Yw}
z`^17rgCNCiO2j^&B2x08tkcReC4cJGu9N#JJTvDwDF+kQK~w`8QoWmGuw&O!Z_a9d
zj0;H!W;*HAhp8rkOd}%jCun!Q%kKJKbm8@0;qD77lh*R9-=m?HWH*q#?Avwn=EoAg
zIPB-GY6u-UU>~6V)S*Z`rtH&B_Z0Qy&oT2LTaT3U`Yy7AEsPBoUNixc=6Qlw3tmo_
zePIMmoKaAxn$!TcU1QN8H;|JODY)__LY`=4uUb^SzB&UnG#56(hWZ_SIt<jyE1(p9
zy=tp%if1O&v0MT|xjqnCg3R@aLeQ~{36vXGS!=XhyY9D2u|!`mE*hu?ZKoi}oOG{V
zNk*lzSa>`>v<&jg4z=v=Ny*qYO=>I#f}!z-o1pN5_g<WK8_$UEZP$}`1V<~FYnE+c
zl>h0>l0iX~O%fWR`pZJF{LfcT)vIn$KWo2vdC*XP+2=h_oOTh$#46MtRs(`ojEq%r
z>SN_#lXSJPNzmN=0`O3IWyMs9sfIlwK*4SI;b>fyt8PuNOts`|DE5V7{EBc;lY~vH
z`GSVig5VQgbzzy~5zU=Yi3D`0PZhQ6y257otwCrv&H8i-$6f}q?T#H;2Ggup?5ZsU
zKpf^iogfK%2m3%xqF+*Vl$59F*jG}V>bKUTI=8;uRXtfgno`JjDf8TT6=<%VCT1)b
zI}P-zj%G*C;--2#*C^F%jU!Eoqj`#2Eaun;6)8~qe$}+r`Q0(wvQ<0p9fCj}3Iq4D
z5Gj3p&yqf?NzD6+9(ac5Mz9m!a>MTF9w?T{2&&;W;!ZvXwJbyNU|u__o01-J!NvVP
z>&|u1Wt-$clJHr^nu3CYS&C!n0NLm43vX2H6{8!j7bhw~Apm@}k3?o*8D})-2@Yxk
zwK`1KH=NSgv^h^FuFHIMI%s~04O3|~<hzo~X1@$7Ovy=l7nTslak@!EYYU}rFSqR~
z`;-N`^}FTQm-Jxr85*llzpkv}{5q5Y0qObahIY+ts~0v+34u@5r05ax3Y>615Epy4
zNblGN0@1<)r_|0#YZnkl#zw9lc<%H8H&sr_tFX_L25Fd_Ln(Bbl!&i*%7Z)@$nifJ
zaA_3GJ0F`t(W-JaUzv|WcmPUNu;F%l6gEk@ZhHyEoN9-0KJ7TgF3#chuv@pc?GW-?
zZcpt$xq~sGA^MFZ!*3Hg`Msb#h{9AYW$x8KtT2`^4{ClD=hs(<)~9Gwpx*i&d!m*>
zac|s7<&ARJ2OX)NH-NLHyeFPNn*@E^uB}V<Ik|Dqn*;I6Qj4I-=D@nM>v*9|jP60z
zOp}j~qm|u#En;qh*(M+whKhpq0u-olsM(v?7<X~iwKwX?G@iM$1T!>9w)FFHf0pC;
zy}W8M=oJ(Aa)Uc8H+-fkj2(OvVVdrePtg=8Qw&r~vKCAeDMZ=NSB%X&FRcG`ZPzDF
z-v({9>h3&3a7s96qTY4FBdsE_8dNF=UW|DspFIt%$3uW^bWF|%X&!0KEMk2e2hQ<Z
z^AaTR3xGX{Y_>i^uQcPdh*IN8alG78JD5VuNa!#`?g4_*%KXW&hWPKym+idr9^zw-
z)19?gcXaUHaykR5e$#oD#PP1X$xqe*-CL$jJ~ISRSWm$zK`Kk!qjHP=?Xelw?N3aH
z<MAZI;Ve5wi+zPsH$l%<i!{%bWE#M9B@_jj10ATMt4dMr_tJGU>`XPqPD<ECvbEK-
zz$v;{+rCfV>3q~#A1l#u>fQt$yOhI2w&pe^CI(OKxN?FK0?!uE|1{dzy)YSkUu(XV
zeFhX&$0xF69S4^9XUQiSlr<MD-ry@NlQnuRT1i3gK$TP3{XS5o&h*z2phaO%J+WJw
z2adjLe91y)2J57qKwQwc4JyG|rn}P7;cGMXIyHSEX1K!D((2WwcM&INSQSFcCA4_p
z`Q;-CJ6h%o2y38V*e_Dd0vEW}dO0adZDDP7#;@XeG1Ndj-1?zherXgh2S-2ETe{)~
z3d&|~KF`>~025!&P$lk(th8D^J1>S{e^QKF%$7CLY|&0&A#?4kzrqt9bi1<7$UX32
zfy|8yaI}+&dzAX|8+X{WW_cK-1yJ-_w>$KU7xF7i9n;xp{1CaHoCg%_s`~qkShlP7
zg^+PBW9zITZTsV#4tgz2j_dBJH$An3IQ~KNF|SF~(DhKk{`x1Jn5j$3Us;v9ZpMZO
zgW4F~A>PxJ>!V4C)mr(rR&(w1)aw3jF=I0HU7FBau~2>tb}<)d!Vj#6G))w5<(-O3
zG%{zA=?Xwhh0%IFAo8GBb2+`M@sjvlHa|>)Ub;JxJf>z@GgSVdICB7N-g-Da#o3?@
zr=h$S@@_sEwl9Asavrm?bFpgQh`xICo1%}3t<U2nSe|+&KN7bkj$Lto$@<RV^4WVi
zmnQBs@}OfMcSeHJA(72!5PT`a-1hRbF8%n@TgvY338}66rMfi9ks;lZ7c;}p`rH37
zSN_f_6#oNvdl4i+J9UQ8^TZ<|9uG=_>X=p0yk@RfdP{X(ns%Xl&A8-2p48~5Mf=UN
zkw~nu9_WF4eIOE#3rD}mipR=*u!BE#%{vUIyfcM;O4#1TdN`Tl6{1ozWMby^dN)tm
z+|>j5Kw65fj}nd5*G0-$uG-x-{d{=<r^9~+ZEh-Y`x)E59pWZ2Ig|%Mm6FHvswM45
zRmsE>K3)ToWNog2c9Vb3i3D+Va&^hR2e_A>kTxk(y;`m;Gk7!V$TiK75GP5q+@}@h
zIE8_MBVNrWL(dECe>7;zP8CI0aDFHW!Oth_9vsM+CNv5;`QHtCdHCCetB-IG#YS=N
zJ?k0cs5>|@35V_vsx`e9uw5qiGi@u1e^U`?l02Ka>Y>~xQ-1h4nz5eE#tW3v2Nt0k
zZuA9EI;K}wAQ)Yq)H6Zlw&p2~CN;13*Yzg)86k3?i#HuWOXzL8osw$Q)>LG4T_AxR
zR+^a~gPm%_X?8K_R5QzVk-Y4ebwc5iT+dE_@(xAKmpd)&tv88Cz5u>z<8;ofmj9dm
z9zDgow;6L8jc=tT9yRwnyd?0s3w#qscu<xH8)o?1<F|H8;EN`&Yl_vDT{$WAz4|=i
ziyAT0D%zfh9vNXMx|jC8Dstw6@wvoz<38s&B>!A4jjC!FDF#@cya2xU<=!5-^6=^h
z&WSs}jbuo^c^Vp^dpb5JTHAe0M!L~+ui=NPr4!&=Tl$kp0)fHn%O8hy=c-MPXV$*_
ziIEm?ujbd*>`E-q>^g03jCGvrQhXJ3q-H!q9>q;O(l?=b?2z?pIStMBOz6K0fSHz=
ztRh4*!PP%Bq~LP|XFK-CO*`RO@SGwW&Ho(?pyg<r`)-|385c`FR>fAF$sO>WOSdNf
zLsz;`mkL~gp8f*7+jp`w!Aw;DydLt;htxWtCVLt>G2oHgR&ICxu@NjltyN2oDhyDw
z$p0+-ALRTG=loeZKnB(K%5zR?z^cGeLAS=j<8rO%(%a+L!2ipJMpIQ+B~R(v?f(yn
C9o@zN

literal 0
HcmV?d00001

diff --git a/typescript/api-gateway-lambda-cognito-authorizer/bin/apigw-lambda-cognito-authorizer.ts b/typescript/api-gateway-lambda-cognito-authorizer/bin/apigw-lambda-cognito-authorizer.ts
new file mode 100644
index 000000000..2e06ddcfd
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/bin/apigw-lambda-cognito-authorizer.ts
@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+import "source-map-support/register";
+import * as cdk from "aws-cdk-lib";
+import { ApigwLambdaCognitoAuthorizerStack } from "../lib/apigw-lambda-cognito-authorizer-stack";
+
+const app = new cdk.App();
+new ApigwLambdaCognitoAuthorizerStack(
+  app,
+  "ApigwLambdaCognitoAuthorizerStack",
+  {
+    cognitoUserPoolId: "XXXXXXXXXXXXXX",
+  }
+);
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/cdk.json b/typescript/api-gateway-lambda-cognito-authorizer/cdk.json
new file mode 100644
index 000000000..cebb0edf6
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/cdk.json
@@ -0,0 +1,64 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/apigw-lambda-cognito-authorizer.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
+    "@aws-cdk/core:checkSecretUsage": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ],
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
+    "@aws-cdk/aws-iam:minimizePolicies": true,
+    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
+    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
+    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
+    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
+    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
+    "@aws-cdk/core:enablePartitionLiterals": true,
+    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
+    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
+    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true,
+    "@aws-cdk/aws-iam:importedRoleStackSafeDefaultPolicyName": true,
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
+    "@aws-cdk/aws-route53-patters:useCertificate": true,
+    "@aws-cdk/customresources:installLatestAwsSdkDefault": false,
+    "@aws-cdk/aws-rds:databaseProxyUniqueResourceName": true,
+    "@aws-cdk/aws-codedeploy:removeAlarmsFromDeploymentGroup": true,
+    "@aws-cdk/aws-apigateway:authorizerChangeDeploymentLogicalId": true,
+    "@aws-cdk/aws-ec2:launchTemplateDefaultUserData": true,
+    "@aws-cdk/aws-secretsmanager:useAttachedSecretResourcePolicyForSecretTargetAttachments": true,
+    "@aws-cdk/aws-redshift:columnId": true,
+    "@aws-cdk/aws-stepfunctions-tasks:enableEmrServicePolicyV2": true,
+    "@aws-cdk/aws-ec2:restrictDefaultSecurityGroup": true,
+    "@aws-cdk/aws-apigateway:requestValidatorUniqueId": true,
+    "@aws-cdk/aws-kms:aliasNameRef": true,
+    "@aws-cdk/aws-autoscaling:generateLaunchTemplateInsteadOfLaunchConfig": true,
+    "@aws-cdk/core:includePrefixInUniqueNameGeneration": true,
+    "@aws-cdk/aws-efs:denyAnonymousAccess": true,
+    "@aws-cdk/aws-opensearchservice:enableOpensearchMultiAzWithStandby": true,
+    "@aws-cdk/aws-lambda-nodejs:useLatestRuntimeVersion": true,
+    "@aws-cdk/aws-efs:mountTargetOrderInsensitiveLogicalId": true,
+    "@aws-cdk/aws-rds:auroraClusterChangeScopeOfInstanceParameterGroupWithEachParameters": true,
+    "@aws-cdk/aws-appsync:useArnForSourceApiAssociationIdentifier": true,
+    "@aws-cdk/aws-rds:preventRenderingDeprecatedCredentials": true,
+    "@aws-cdk/aws-codepipeline-actions:useNewDefaultBranchForCodeCommitSource": true
+  }
+}
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/lib/apigw-lambda-cognito-authorizer-stack.ts b/typescript/api-gateway-lambda-cognito-authorizer/lib/apigw-lambda-cognito-authorizer-stack.ts
new file mode 100644
index 000000000..211d9481b
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/lib/apigw-lambda-cognito-authorizer-stack.ts
@@ -0,0 +1,72 @@
+import * as cdk from "aws-cdk-lib";
+import { Construct } from "constructs";
+import * as apigateway from "aws-cdk-lib/aws-apigateway";
+import * as logs from "aws-cdk-lib/aws-logs";
+import { Runtime } from "aws-cdk-lib/aws-lambda";
+import * as lambda from "aws-cdk-lib/aws-lambda";
+import * as cognito from "aws-cdk-lib/aws-cognito";
+
+type RestApiProps = {
+  cognitoUserPoolId: string;
+};
+
+export class ApigwLambdaCognitoAuthorizerStack extends cdk.Stack {
+  constructor(scope: Construct, id: string, props: RestApiProps) {
+    super(scope, id);
+
+    //Define Cloudwatch log group for the api
+    const logGroup = new logs.LogGroup(this, "ApiLogs");
+
+    //Define API gateway
+    const api = new apigateway.RestApi(this, "ExampleRestAPI", {
+      restApiName: "ExampleRestAPI",
+      description: "Example Rest API with Cognito Authorizer",
+      endpointTypes: [apigateway.EndpointType.REGIONAL],
+      defaultCorsPreflightOptions: {
+        allowOrigins: apigateway.Cors.ALL_ORIGINS,
+        allowMethods: apigateway.Cors.ALL_METHODS,
+      },
+      deployOptions: {
+        accessLogDestination: new apigateway.LogGroupLogDestination(logGroup),
+        accessLogFormat: apigateway.AccessLogFormat.jsonWithStandardFields(),
+      },
+    });
+
+    //Define the authorizer
+    const authorizer = new apigateway.CognitoUserPoolsAuthorizer(
+      this,
+      "Authorizer",
+      {
+        cognitoUserPools: [
+          cognito.UserPool.fromUserPoolId(
+            this,
+            "UserPool",
+            props.cognitoUserPoolId
+          ),
+        ],
+      }
+    );
+
+    // Define the lambda function
+    const lambdaFunction = new lambda.Function(this, "validator", {
+      runtime: lambda.Runtime.NODEJS_18_X,
+      handler: "index.handler",
+      code: lambda.Code.fromAsset("lambda"),
+    });
+
+    // Define the lambda integration
+    const validatorIntegration = new apigateway.LambdaIntegration(
+      lambdaFunction,
+      {
+        proxy: true,
+      }
+    );
+
+    // Define the resources and methods of the APi gateway
+    const newGenAIValidationResource = api.root.addResource("test");
+    newGenAIValidationResource.addMethod("GET", validatorIntegration, {
+      authorizer: authorizer,
+      authorizationType: apigateway.AuthorizationType.COGNITO,
+    });
+  }
+}
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/package.json b/typescript/api-gateway-lambda-cognito-authorizer/package.json
new file mode 100644
index 000000000..b2dee753d
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/package.json
@@ -0,0 +1,24 @@
+{
+  "name": "apigw-lambda-cognito-authorizer",
+  "version": "0.1.0",
+  "bin": {
+    "apigw-lambda-cognito-authorizer": "bin/apigw-lambda-cognito-authorizer.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "watch": "tsc -w",
+    "cdk": "cdk"
+  },
+  "devDependencies": {
+    "@types/jest": "^29.5.8",
+    "@types/node": "20.9.0",
+    "aws-cdk": "2.110.0",
+    "ts-node": "^10.9.1",
+    "typescript": "~5.2.2"
+  },
+  "dependencies": {
+    "aws-cdk-lib": "2.110.0",
+    "constructs": "^10.0.0",
+    "source-map-support": "^0.5.21"
+  }
+}
diff --git a/typescript/api-gateway-lambda-cognito-authorizer/tsconfig.json b/typescript/api-gateway-lambda-cognito-authorizer/tsconfig.json
new file mode 100644
index 000000000..aaa7dc510
--- /dev/null
+++ b/typescript/api-gateway-lambda-cognito-authorizer/tsconfig.json
@@ -0,0 +1,31 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "commonjs",
+    "lib": [
+      "es2020",
+      "dom"
+    ],
+    "declaration": true,
+    "strict": true,
+    "noImplicitAny": true,
+    "strictNullChecks": true,
+    "noImplicitThis": true,
+    "alwaysStrict": true,
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": false,
+    "inlineSourceMap": true,
+    "inlineSources": true,
+    "experimentalDecorators": true,
+    "strictPropertyInitialization": false,
+    "typeRoots": [
+      "./node_modules/@types"
+    ]
+  },
+  "exclude": [
+    "node_modules",
+    "cdk.out"
+  ]
+}