navigation

Authentication and Authorization with Cognito Workshop

cognito-service-icon

Overview

Amazon Cognito is a fully-managed AWS service that allows us to identify and manage user access. It sounds similar to IAM, but these are actually two different services. With Amazon IAM, we can manage users who directly use AWS services, such as Solution Architect, Cloud Engineer, Backend Developer, DevOps Engineer, etc. Meanwhile, Amazon Cognito helps us manage “external” users, who do not directly use AWS services or use them indirectly.

Imagine you have an application and want to manage user permissions. The first step is to identify whether they are your users. Next, you create a “proof” for them to hold, so when they request something, they can present this “proof” and say, “I am a user of this application.” Then the server decides whether the user can access the resource or not. Instead of building a separate server for this, we can use Cognito to identify users in your application.

Content

In this workshop, we will first learn about Cognito to ensure a basic understanding of the service. Then, we will apply this knowledge to practice. Before practicing with Cognito, we need to build a sample application with basic functionality for demonstration purposes. We will build this application in two different languages (explained in section 4, Building Sample Projects), including Javascript and Python, allowing you to choose your preferred language for practice.

After building the small application, we will test the results after integrating with Cognito. Finally, after testing, we will extend the source code to implement this module on the server side using Lambda and integrate it with API Gateway.

To give you an overview of this workshop, see the project architecture below:

architecture

We will have two users belonging to different teams, Marketing and Sales. For each request sent by these users, the system will check identity and function permissions for the two user groups based on the rules we define.

So what will you learn from this workshop?

  • How to set up a project with Typescript or Python and integrate AWS SDK.
  • How to use AWS CLI.
  • How to deploy a function with AWS Lambda.
  • How to integrate an API server with API Gateway and Lambda Function.

After this workshop, you should understand how Authentication and Authorization are implemented in an application and be able to apply it to your own projects.

Table of Contents

In this workshop, we will go through the following sections:

  1. Preparation Steps
  2. Set up Cognito User Pool
  3. Set up DynamoDB Table
  4. Build Express NodeTS Application
  5. Build FastAPI Python Application
  6. Deploy Sample Applications
  7. Test Results
  8. Set up Cognito Extension
  9. Test Results
  10. Clean Up Resources