API Gateway Security Mechanisms | AWS_IAM Vs Cognito User Pool Vs Identity Pool Vs Lambda Authorizer
HTML-код
- Опубликовано: 8 фев 2025
- In this video, we will compare different AWS API Gateway Security Mechanisms - AWS_IAM, Cognito User Pool, Cognito Identity Pool, Lambda Authorizer. We will also go over for what use case you should use which mechanism along with pros cons.
*My Courses*
Discounted Link for My Serverless Course: www.udemy.com/...
Discounted Link for my CloudFormation, CDK with Devops, Interview Guide Course: www.udemy.com/...
*Connect with me*
Connect with me in LinkedIN: / rajdeep-sa-at-aws
Follow me on twitter: / cloudwithraj
Follow me on instagram: / raj_does_cloud
DEFINITELY DO NOT CLICK: / @cloudwithraj
Using the Scopes it is possible to get fine-grained access. Interesting is that the initial sign-in process with Cognito User Pool you get back a JWT with, identity, access and refresh tokens. Depending upon whether you pass in the identity or the access token, you get quite different approaches on how API Gateway Authorizer will apply it.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
@@cloudwithraj is there any videos on this concept? Or using the concept of user pool groups?
@@cloudwithraj on 11th minute you are explaining the IAM Role 3 with UserPool but lets say we use a single identity provider (facebook or Cognito Userpool) , can we have separate IAM Roles returned ? If yes then how ?
Most clear description of Cognito so far. and yes I have smashed that like button.
haha ty Tushar
Thank you sir. Explaining with picture and flow is very clear to understand.
Great explanation, sorted my queries related to different authentication and authorization methods with AWS. Thanks.
Bravo! the best explanation I found around this topic. In AWS HTTP API gateway, I believe you have JWT authrorizer which does acts similarly as the Lambda authorizor. It checks the signature using the public key of the identity provider along with scopes and audiences
Good job Raj. Clear and concise with very good illustrations
best video on the topic on the youtube
Great video, now I understand the differences correctly! Thanks a lot!
If you want fine-grained authorisation using Cognito user pools, you can potentially use oauth scopes and not have to create more user pools.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
Thanks for making this video. You explained the topic clearly.
Glad you liked it
Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
video was relly helpful
Great explanation! I'm amazed by your videos, they are so clear. Thanks you so much.
Glad you like them!
Great Explanation
Pretty good explanation on the differences. Thank u. Keep posting such awesome videos.
Thanks Srikanth for watching. I am glad you found this video helpful.
Another great one, Raj. I am a fellow Amazonian too, and this playlist is a great learning tool!
Ty Anshika for your kind words (and the helpful pointer about ALB X-region using IP and VPC peering ). I love when fellow amazonians find my videos helpful 👊
This is awesome..!
Such cool videos Raj 👍
I got lost during the Cognito Identity Pool. You skipped explaining how the GIP knows which IAM role to assign to a user. Do users logging using Facebook only ever get IAM role 1, and those using User pool only ever get IAM role 3? Where and how is that logic configured.
Excelent video!, thanks for sharing!
Thanks for watching!
Nice job Raj.
Excellent explanation! Thank you.
Glad it was helpful!
very well explained....thanks much!
Glad it was helpful!
Another great video my friend. Very well explained. I always don't skip ads on your videos :)
Using the "VS" logo of Street Fighter enticed me to click this video. JK.
You rock Koya!
Amazing vid man
Appreciate it
Can we use roe level security whiile accessing redshift via cognito user->API->redshift data ApI
Excellent explanation
Glad it was helpful!
I'm trying to control access to individual methods of my API Gateway using Cognito Identity Pool like you say I can but cannot get it to work. Do you have a video which explains the setup in more depth with example?
The API key method is not well described
Thank you for the nice video, I did not find your udemy course of Rocking AWS serverless, is the name changed?
Can we use row level security while accessing redshift for cognito user....Login via cognito user->API->Lambds->redshift data ApI with row levelsecurity for example Cognito user1 can only see US data and user2 can only see UK data
Can we use O355/OpenID authentication with API gateway
Hi Raj, Excellent Video ! We can leverage Cognito User Pool Groups to define different IAM role/policies right ?
That's correct Pradeep!
@@cloudwithraj Now lets say we use SAML Federation with on-premises AD in Cognito UserPool . How will I have the user groups since the user is not created in Cognito.
Please upload more in-depth videos of aws services
3:59 not sure what the word is, 'you are in trouble because they don't ____ it' ?
"rotate" , apologies for not spelling it super crisp, thanks for watching
@@cloudwithraj thank you!
Nice video as usual 👍 Btw how you did this lambda?
Thanks Denys :). Ya I bought nanoleaf panels and made it in lambda pattern
Ideally IAM should be applied to roles and not to users.
You should try speaking a little bit slower!
Very well described. Great . THANK YOU
Glad it was helpful!