To change what this FHIR server supports, both in terms of operations and in resource types, please check out the config.ts file.
For deployment, use deployment/config.ts. For smart-deployment, use smart-deployment/config.ts.
We split the resource types into two buckets 'genericResource' and 'resources'.
genericResource are resources that should all be treated the same, in terms of how the resource type is operated on. For example, this implementation says all genericResources
should use the dynamoDbDataService
persistence component and the esSearch
for typeSearching. In genericResource you can modify the component you would like to use AND what operations you want to support.
Ways of customization:
profile.genericResource
genericResource.operations
is the list of valid operations this FHIR server will support in relation to ALL generic resource types.genericResource.excluded<Version>Resources
removes these resources from being supported for the specified <Version>.genericResource.fhirVersions
is the FHIR versions that this genericResource definition supports.genericResource.persistence
is the persistence component you want to use with these generic resources.genericResource.typeHistory
is the history component you want to use with these generic resources.genericResource.typeSearch
is the search component you want to use with these generic resources.
resources are the 'special' resources that should be treated differently than the generic ones. For example, this implementation has Binary
as a 'special' resource, meaning it will be using the s3DataService
persistence component and no search component. Much like in genericResource in these resources you can modify the component you would like to use AND what operations you want to support.
Ways of customization:
profile.resources.<Type>
<Type>.operations
is the list of valid operations this FHIR server will support for this specific resource type.<Type>.fhirVersions
is the FHIR versions that this resource type supports.<Type>.persistence
is the persistence component you want to use with this resource type.<Type>.typeHistory
is the history component you want to use with this resource type.<Type>.typeSearch
is the search component you want to use with this resource type.
This FHIR Works on AWS supports FHIR R4 out of the box. To change the version of support you must change the profile.fhirVersion
, the profile.genericResource.fhirVersions
and the 'special' profile.resources.<Type>.fhirVersions
This FHIR Works on AWS deployment supports role based access control (RBAC) for authorization. To modify the rules please see RBACRules.ts file. This file is structured by Cognito User Groups. For example the practitioner
User Group can do ['create', 'read', 'update', 'delete', 'vread', 'search-type', 'transaction'] operations on all R4 resource types.
To assign users to specific user groups please log into the AWS console and navigate to the Cognito service. Once there select on your FHIR User Pool and find the user you want to modify. From there add that user to the desired user group.
This FHIR Works on AWS deployment supports attribute based access control (ABAC) for authorization. To modify the rules please see authZRules.ts file. This rule found in the file relate to the SMART clinical scopes. For example the patient/*.write
scope can do ['create', 'transaction'] operations on all resource types.
You will also need to specify how the access_tokens your authorization server mints looks, so that FHIR Works on AWS can decode and use the token.
The FHIR Works on AWS deployment can be customized to provide CORS support for browser-based applications. The following configuration steps are required:
- Supply a CorsOptions configuration when building the serverless router(smart-deployment, deployment). For example
Please see the available configuration options.
const corsOptions: CorsOptions = {...}; ... generateServerlessRouter(fhirConfig, genericResources, corsOptions)
- For pre-flight request support, add an OPTIONS method to the API Gateway
{proxy+}
route. The request should be handled by the Lambda handler. The method should not use authorization. - If using a custom authorizer, then rejected requests also need to provide CORS headers, otherwise it is tricky to interpret the unauthorized response in the browser. The following blog describes how a
GatewayResponse
resource may be added to the Serverless template to provide these headers. This can be adapted to the CDK template by following the GatewayResponse construct documentation.
FHIR has this concept of profiling. FHIR Works on AWS does not explicitly support it, but it does not explicitly restrict users from adapting the FHIR Works router to fit their needs.
To add support for profiles you will need to modify the router's json validation schema found here. Inside of the schema you can add/remove resource types and modify the expected parameters for each type.
If you are adding/removing a new resource type you will most likely want to adjust what resource types are defined as 'generic'. This can be done in the constants.ts file.