This course explores Amazon Cognito and how it can be used to manage authentication and authorization to your apps. We'll start with a general overview of Amazon Cognito and when to use it. Then we move on to user pools and identity pools. We round off the course by looking at how Amazon Cognito can be integrated with mobile and web apps and how to sync your app's user data across various platforms.
Learning Objectives
- Create your own authentication mechanisms using Amazon Cognito
- Create your own customized UI for user sign in
- Create a secure user directory for all your applications and users
Intended Audience
This course is intended for anyone who is trying to understand what mechanisms are available for user authentication within AWS and specifically, those who want to use third-party identity providers, such as Apple, Facebook, Google, and Amazon.
Prerequisites
- A decent understanding of cloud computing and cloud architectures, specifically with Amazon Web Services
- Familiarity with basic security terminology, IAM, user authentication, and federation
- It is helpful to know about Active Directory and other AD type services
Amazon Cognito, one of the most annoying parts of building and creating applications, either mobile or web, is dealing with user authentication. Being able to determine who is and who is not allowed to operate specific services or aspects in application is extremely important. However, it can be a tedious and time consuming operation to set up.
In the past, all of that important user information would have been stored in a garden variety user database. This database might've been hosted onsite or even in the cloud. Either way, it was probably a relational database holding tables of usernames with associated permissions.
When working in AWS land, this means the database would either be hosted on RDS, the Relational Database Service, or by running your own database on EC2 instances. The trouble with using either of these methods is it requires a lot of work to get everything set up and maintain the system. We also have the familiar scenario of people working in the corporate environment.
All of their information is already stored in a directory service like Microsoft Active Directory and we don't want them to have to create yet another login and password for our new custom application. We would prefer that they could sign in with their day-to-day corporate username and password. Well, all these pain points can be resolved by using Amazon Cognito, a fairly small service that can do quite a lot of heavy lifting.
William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.