This course provides detail on the AWS Security, Identity, and compliance services relevant to the AWS Developer - Associate exam. These services are used to help secure and protect your resources and environment through access control mechanisms and encryption.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Learn what Identity Federation is
- Learn about the AWS services that can be used with it
- Understand how it's implemented
- Understand the benefits of AWS SSO and how it can be used to simplify user access at scale
- Create your own authentication mechanisms using Amazon Cognito
- Create your own customized UI for user sign in
- Create a secure user directory for all your applications and users
- Understand what is meant identity and access management and the difference between authentication, authorization, and access control
- Learn the components of IAM as well as its reporting features
- Understand the core principles of cross-account access using IAM
- How to implement and configure cross-account access
- Define how the Key encryption process works
- Explain the differences between the different key types
- Create and modify Key policies
- Understand how to rotate, delete and reinstate keys
- Define how to import your own Key material
Amazon Cognito answers another question that many web and mobile applications developers will need help with on some level - and that is the question of how to sync your application’s user data across various platforms.
That data might include profile information, application state, previously viewed content, location tracking, and all that kind goodness. It's these kinds of quality of life features that keep users happy. It allows the users to pick up where they left off when switching devices.
Amazon Cognito Sync can help take care of these data points for you, instead of you having to create your own backend that you would need to maintain and manage yourself.
The Sync feature also allows you to cache this data locally for when the device might not have access to the internet, and when the device comes back online, it can resync with the server.
All data points are saved within a dataset - which are saved and retrieved by a key-value pair system. Each dataset can have a maximum size of 1MB ( which is quite a lot of key-value pairs ) as long as you are not trying to save novels.
These datasets are in turn associated with a Cognito identity which can have a maximum of 20 datasets.
When syncing information back to Cognito - the smallest amount of data you can operate on is an entire dataset.
All generic read and write operations are performed locally, and when you decide to sync the information, the entire dataset is synchronized all at once.
In practice, the dataset functions just like a dictionary, A simple key-value system. Those keys can be read, added to, or modified just like a normal dictionary.
Here is a javascript example and the code for syncing is just as simple.
You do of course want to handle any callbacks from the service so your application can deal with errors and successes appropriately. Here is the same syncing function with some callback options.
Now a fair bit of warning for Cognito sync, is that AWS is currently trying to move this functionality over to AWS AppSync. It hosts all of the same features as the Cognito version, but has the additional functionality of letting multiple users access the same data. Giving them the power to synchronize and collaborate in real-time on that shared data. So make sure to take a look at both service options when you decide to build that out.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.