Using the Scopes it is possible to get fine-grained access. Interesting is that the initial sign-in process with Cognito User Pool you get back a JWT with, identity, access and refresh tokens. Depending upon whether you pass in the identity or the access token, you get quite different approaches on how API Gateway Authorizer will apply it.
@@cloudwithraj on 11th minute you are explaining the IAM Role 3 with UserPool but lets say we use a single identity provider (facebook or Cognito Userpool) , can we have separate IAM Roles returned ? If yes then how ?
Bravo! the best explanation I found around this topic. In AWS HTTP API gateway, I believe you have JWT authrorizer which does acts similarly as the Lambda authorizor. It checks the signature using the public key of the identity provider along with scopes and audiences
I got lost during the Cognito Identity Pool. You skipped explaining how the GIP knows which IAM role to assign to a user. Do users logging using Facebook only ever get IAM role 1, and those using User pool only ever get IAM role 3? Where and how is that logic configured.
Amazing Video ! Please make a separate vdo on below topic coz there is no resource in internet related to this topic. I want to know how to do the Sign Up, Login & other MFA in React-Native App, if I already have a existing backend in AWS Cognito . And have the below details of the existing backend :- aws_cognito_identity_pool_id: aws_cognito_region: aws_user_pools_id: aws_user_pools_web_client_id:
I'm trying to control access to individual methods of my API Gateway using Cognito Identity Pool like you say I can but cannot get it to work. Do you have a video which explains the setup in more depth with example?
Ty Anshika for your kind words (and the helpful pointer about ALB X-region using IP and VPC peering ). I love when fellow amazonians find my videos helpful 👊
Can we use row level security while accessing redshift for cognito user....Login via cognito user->API->Lambds->redshift data ApI with row levelsecurity for example Cognito user1 can only see US data and user2 can only see UK data
Another great video my friend. Very well explained. I always don't skip ads on your videos :) Using the "VS" logo of Street Fighter enticed me to click this video. JK.
@@cloudwithraj Now lets say we use SAML Federation with on-premises AD in Cognito UserPool . How will I have the user groups since the user is not created in Cognito.
Using the Scopes it is possible to get fine-grained access. Interesting is that the initial sign-in process with Cognito User Pool you get back a JWT with, identity, access and refresh tokens. Depending upon whether you pass in the identity or the access token, you get quite different approaches on how API Gateway Authorizer will apply it.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
@@cloudwithraj is there any videos on this concept? Or using the concept of user pool groups?
@@cloudwithraj on 11th minute you are explaining the IAM Role 3 with UserPool but lets say we use a single identity provider (facebook or Cognito Userpool) , can we have separate IAM Roles returned ? If yes then how ?
Most clear description of Cognito so far. and yes I have smashed that like button.
haha ty Tushar
Thank you sir. Explaining with picture and flow is very clear to understand.
Good job Raj. Clear and concise with very good illustrations
Bravo! the best explanation I found around this topic. In AWS HTTP API gateway, I believe you have JWT authrorizer which does acts similarly as the Lambda authorizor. It checks the signature using the public key of the identity provider along with scopes and audiences
best video on the topic on the youtube
Great explanation, sorted my queries related to different authentication and authorization methods with AWS. Thanks.
If you want fine-grained authorisation using Cognito user pools, you can potentially use oauth scopes and not have to create more user pools.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
I got lost during the Cognito Identity Pool. You skipped explaining how the GIP knows which IAM role to assign to a user. Do users logging using Facebook only ever get IAM role 1, and those using User pool only ever get IAM role 3? Where and how is that logic configured.
Thank you for the nice video, I did not find your udemy course of Rocking AWS serverless, is the name changed?
Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
video was relly helpful
Great Explanation
Nice job Raj.
This is awesome..!
Great video, now I understand the differences correctly! Thanks a lot!
I'm trying to control access to individual methods of my API Gateway using Cognito Identity Pool like you say I can but cannot get it to work. Do you have a video which explains the setup in more depth with example?
3:59 not sure what the word is, 'you are in trouble because they don't ____ it' ?
"rotate" , apologies for not spelling it super crisp, thanks for watching
@@cloudwithraj thank you!
Such cool videos Raj 👍
Thanks for making this video. You explained the topic clearly.
Glad you liked it
Can we use roe level security whiile accessing redshift via cognito user->API->redshift data ApI
Another great one, Raj. I am a fellow Amazonian too, and this playlist is a great learning tool!
Ty Anshika for your kind words (and the helpful pointer about ALB X-region using IP and VPC peering ). I love when fellow amazonians find my videos helpful 👊
Pretty good explanation on the differences. Thank u. Keep posting such awesome videos.
Thanks Srikanth for watching. I am glad you found this video helpful.
Excelent video!, thanks for sharing!
Thanks for watching!
Can we use O355/OpenID authentication with API gateway
Amazing vid man
Appreciate it
Great explanation! I'm amazed by your videos, they are so clear. Thanks you so much.
Glad you like them!
Can we use row level security while accessing redshift for cognito user....Login via cognito user->API->Lambds->redshift data ApI with row levelsecurity for example Cognito user1 can only see US data and user2 can only see UK data
Excellent explanation! Thank you.
Glad it was helpful!
very well explained....thanks much!
Glad it was helpful!
The API key method is not well described
Another great video my friend. Very well explained. I always don't skip ads on your videos :)
Using the "VS" logo of Street Fighter enticed me to click this video. JK.
You rock Koya!
Please upload more in-depth videos of aws services
Excellent explanation
Glad it was helpful!
Hi Raj, Excellent Video ! We can leverage Cognito User Pool Groups to define different IAM role/policies right ?
That's correct Pradeep!
@@cloudwithraj Now lets say we use SAML Federation with on-premises AD in Cognito UserPool . How will I have the user groups since the user is not created in Cognito.
Ideally IAM should be applied to roles and not to users.
Nice video as usual 👍 Btw how you did this lambda?
Thanks Denys :). Ya I bought nanoleaf panels and made it in lambda pattern
You should try speaking a little bit slower!
Very well described. Great . THANK YOU
Glad it was helpful!