In this post, we’ll talk about how AWS can simplify authorization and using Amazon Cognito for secure login to a web app.
Picture this: you’ve just landed a great new job. You waltz in bright and early on your first day, the very image of a morning person. (You aren’t, but they don’t know that yet.) You step into your first team stand-up meeting and carefully take notes on an upcoming project. You quickly realize that you’ve got your work cut out for you.
Your team has been chosen to build in secure and easy authorization for users accessing a web application the company just completed.
Right away you know Amazon Cognito is your go-to service, but where do you start? What else is involved? Luckily, you know me, Jess Alvarez, and I’ve got your back.
What is Amazon Cognito?
Authorization is not as daunting as it sounds. In fact, you can utilize six AWS services to accomplish this. The first of these services is Amazon Cognito.
Amazon Cognito handles authentication, authorization, and user management for your web and mobile apps.
Cognito uses user pools and identity pools to grant access to users using direct sign-in or social sign-in as per your specifications. This means users can log in with a username and password or through a third party like Amazon, Facebook, Google, or Apple.
How to use Amazon Cognito for secure login
1. First, you’ll need to create a user pool and add an application client under that user pool in order to utilize a specific domain. You’ll also use Route53 AWS’s DNS service, AWS Certificate Manager (ACM) to create a certificate, S3 for file storage, an EC2 instance or however you want to host your application, and CloudFront (AWS’s CDN service).
2. Once you have your user pool created, you’ll need to configure records in Route53. This is crucial to ensuring that whichever domain you choose — either Amazon-given or a custom domain — is where your records are pointing. You’ll need to make sure that you have your A (alias) records set up correctly.
Creating an SSL certificate in ACM is very simple and pretty quick.
Use CloudFront to make use of its Edge Locations and attach your SSL certificate for a secure site. You’ll need an A record for that distribution as well. Use S3 for any static content and make sure you have an A record set up for that as well.
3. Configuring an EC2 instance that hosts the web application is the last piece of that puzzle and can be tricky if you are not familiar with System Administration. That is, of course, assuming you decide to use an EC2 instance to host your application.
You’ll need to configure and deploy your application onto the instance in order to utilize all the helpful things you set up in Amazon Cognito successfully.
4. Lastly, you’ll want to test that you have set up everything correctly and navigate to the website using your domain.
Hopefully, you’ll see the page with a sign-in button and from there, you can sign up and sign in. Once you have successfully signed in, you can high five your buddies and bask in your glory!
Lock down your security skills
Get started with ACG and transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
Learn more about Amazon Cognito
Looking to learn more about how to use Amazon Cognito? Check out my new Introduction to Amazon Cognito course that includes a hands-on lab that accomplishes precisely this task.
Want to learn more about AWS security for free? This month’s free ACG courses offer a security-focused smorgasbord of cloud learning, including AWS Identity and Access Management (IAM) Concepts, AWS Security Essentials, and How to Properly Secure an S3 Bucket. Just create a free account and dive in. No credit card required!
You can also dig into the following resources to read up on AWS security:
- 5 Hands-on labs for learning AWS security essentials
- Ransomware and AWS: 6 ways to reduce your blast radius
- Fixing 5 Common AWS IAM Errors
- How to audit and secure an AWS account
- 12 AWS Config rules that every account should have
Deep breaths. Baby steps. You’ve got this! And if you want to learn more, you know where to find me!
Subscribe to A Cloud Guru on YouTube for weekly updates and assorted awesomeness. You can also like us on Facebook, follow us on Twitter, or join the conversation on Discord! Keep being awesome, cloud gurus!
Watch: What Leaders Need To Know About Cloud Security
Is your business safe in the cloud? The answer is largely up to you. Watch this free on-demand webinar with Mark Nunnikhoven as he tackles the keys to cloud security that sticks.