Secure your API Gateway with Amazon Cognito User Pools | Step by Step AWS Tutorial
HTML-код
- Опубликовано: 3 июл 2024
- Amazon Cognito is a powerful AWS service that enables user logins and federated identities. Cognito can be leveraged as an authentication and authorization mechanism for your APIs built through AWS API Gateway. In this video, I show you how to create an Amazon Cognito User Pool and attach it as an authentication handler to your API Gateway REST api.
Looking to get hands on experience building on AWS with a REAL project? Check out my course - The AWS Learning Accelerator! courses.beabetterdev.com/cour...
Interested in authentication using Lambda instead? Check out • Secure your API Gatewa...
📚 MY RECOMMENDED READING LIST FOR SOFTWARE DEVELOPERS📚
Clean Code - amzn.to/37T7xdP
Clean Architecture - amzn.to/3sCEGCe
Head First Design Patterns - amzn.to/37WXAMy
Domain Driver Design - amzn.to/3aWSW2W
Code Complete - amzn.to/3ksQDrB
The Pragmatic Programmer - amzn.to/3uH4kaQ
Algorithms - amzn.to/3syvyP5
Working Effectively with Legacy Code - amzn.to/3kvMza7
Refactoring - amzn.to/3r6FQ8U
🎙 MY RECORDING EQUIPMENT 🎙
Shure SM58 Microphone - amzn.to/3r5Hrf9
Behringer UM2 Audio Interface - amzn.to/2MuEllM
XLR Cable - amzn.to/3uGyZFx
Acoustic Sound Absorbing Foam Panels - amzn.to/3ktIrY6
Desk Microphone Mount - amzn.to/3qXMVIO
Logitech C920s Webcam - amzn.to/303zGu9
Fujilm XS10 Camera - amzn.to/3uGa30E
Fujifilm XF 35mm F2 Lens - amzn.to/3rentPe
Neewer 2 Piece Studio Lights - amzn.to/3uyoa8p
💻 MY DESKTOP EQUIPMENT 💻
Dell 34 inch Ultrawide Monitor - amzn.to/2NJwph6
Autonomous ErgoChair 2 - bit.ly/2YzomEm
Autonomous SmartDesk 2 Standing Desk - bit.ly/2YzomEm
MX Master 3 Productivity Mouse - amzn.to/3aYwKVZ
Das Keyboard Prime 13 MX Brown Mechanical- amzn.to/3uH6VBF
Veikk A15 Drawing Tablet - amzn.to/3uBRWsN
🌎 Find me here:
Twitter - / beabetterdevv
Instagram - / beabetterdevv
Patreon - Donations help fund additional content - / beabetterdev
#AWS
#Cognito
love that you don’t scrub the mistakes out of your videos. thats how real life goes, and i feel it’s important for those new to the industry to see their seniors working through mistakes. great video.
Mistakes happen in real life! Its important to see the whole process :D
Great video!
At this point 23:45, to avoid having to manually change from "code" to "token" in the redirect, you just have to select "Implicit grant" only when setting the OAuth 2.0 Auth Flow at 7:20!
Thank you:)
Thank you so much
This video made me subscribe to your channel immediately. It's impressing how easy to understand from you, especially after spending hours on understanding nothing about the topic.
amazing video, just right speed and right contents for api security with AWS
This is a really great video, simple and straightforward. thanks a lot
This is amazing, this helps me a lot in building side projects user authentication!!
Mind blown... Was looking for exactly this. Fantastic.
Glad you enjoyed Rohit!
Dude, this video is gold. Thank you 🙏
This was a brilliant tutorial. I have watched many videos from various people on youtube, udemy and you name it, I have been on the sites. Yet you talked in such a, lets get this done and ill show you manner instead of lots of talking but spoke about a process when needed was just great. I learned alot from this, thank you. I subbed and liked this video.
Thank you so much for your kind words Daryl. I always try to present my content in a relatable way that synthesizes the complexity of a topic into an easy to understand presentation. I'm glad you found this useful - and thank you for the kind words!
Daniel
I want to thank you! This lesson was really helpful and straightforward. Congratulations!
You're very welcome Ricardo! Thanks for the kind words!
BeABetterDev: Thanks for putting this video together. I followed the API Gateway Lambda one and this version with Cognito. The option is Cognito is much richer and I will be exploring it with my app. It is good that the video is also an actual workthrough with details and it was easy and nice to follow and I was able to replicate the results.
Glad this was helpful!
Amazing job,man. THANK YOU SO MUCH
Thank you for the well explaination of the Cognito and the demo.. It worked smoothly for me following the steps you mentioned..
Excellent! Thanks so much!
Bhai aapne balle balle karwa di!
Actually practical thanks a lot. This has helped me a lot.
Awesome explanation
Was stuck with this for a couple of hours now. Didn't realize that you need to deploy the API after making changes. This video really helped me. Thanks!
You're very welcome!
Hello. Thank you so much. This step by step video is a gold mine !
You're very welcome Sebastien!
thank you very much, that's just what i needed
You're an absolute mad lad! saved me hours of reading docs lol
You're very welcome Cachuela!
This was great! awesome job Daniel!
Thanks Craig! Glad you enjoyed :)
Great work! I have learnt a lot from your video. Thank you and all the best :)
Nice explanation. Thank you
This video along with your RDS lambda integration video is pretty much all you need to get a robust web app going super quickly. Great content.
EDIT: In case you ever read this, do you have any insight how you might apply RBAC with this strategy?
Great video its really helps me to secure apigateway with cognito userpool
Thanks bro, nice video. Highly appreciate it.
Superb video, great stuff many thanks for posting
THANK YOU!!! I spent my entire day trying to figure out why I wasn't getting the id_token returned and it was because the URL i was using didn't have openid added to the URL!!!! I read every doc and stack overflow article I could find, thank you for making this video!! You got yourself another subscriber :D
Hi Jake,
Super glad I was able to help you out. Thanks so much for the kind words and welcome to the channel!
Daniel
Thanks bro you saved me!!!!!!!! great video
Exactly what I was looking for. Thanks! You just got yourself another sub
Thanks Tonislav and welcome to the channel!
Thanks for great practical explanation! Very useful video.
Glad it was helpful!
Very nice tutorial bro!
Awesome Man, Thanks for the hard way tip!! 😇😇
you're a king
Thanks for great explanation !
You are welcome!
Nicely explained
Thanks, this is just an excellent tutorial !!!
Thanks V! Glad you enjoyed :D
This was so helpful--thanks a ton!
You're very welcome!
Masterclass. Thank you 🙏🚀
You're very welcome Torey!
this just saved a ton of time. Forgot to deploy API and was using the test URL or some shit. Thanks bro
You're very welcome Scott! I've been bitten by that problem too many times.
Thank you for the lesson)
Thank you for your videos. They are amazing, the notification is enabled in order to receive news content 😀
Thanks Cas!
thank youuuu for this tutorial. Helped me a lot!!
You're very welcome!
Thanks for making the tutorial video. This video helps me a lot.
This is gold. Thanks man
You're very welcome Dek!
Nicely explained! Even I understand it. :) Thank You!
Thanks etseale! Glad you enjoyed :)
Cool! awesome demo and great explanation.
Thanks Erick! Glad you enjoyed.
Awesome video, thanks bud!
You're very welcome Tasleem!
Love this video! The only thing I've found different in my scenario is that passing the Authorization header won't work with the access token. It only works with the id token for some reason
love this video, more on serverless architecture pls
Thanks Dee, more coming soon!
Excellent video
Thank you very much Fahim!
Thank you very much, this video helped me a lot.
You're welcome!
You are the best bro, thanks.
Thanks Jasu!
Thanks a lot, you saved my day
Good demo
Thanks, awesome job!
You're very welcome Mohammad!
Thanks a lot! Great explanation.
You're very welcome Pakito!
Simple and super video...
Thank you!
Thanks for the great video! I'd gotten past the initial login step just fine but had no idea what to do with the tokens passed back. Got a bit of template work to do linking the Lambdas/Gateway/Cognito but it should be easy peasy thanks to your demo.
So nice & useful...
Thanks for this, just what I needed. Next, can you show how to provide access to user to a subset of lambda functions or APIs, instead of access to all?
Who were those with 5 downvotes?
Perhaps this was one of the best and easiest tutorials to understand the concepts.
Plot twist, you don't see the number of downvotes unless you downvoted yourself
thanks u! I get stuck until get your video!
Glad I was able to help Long!
Freaking amazing video!! Kudos for u! Learned a lot!
You're very welcome Rodrigo!
Excellent
Thanks!
genius, brilliant
helpful video, thanks.
You're welcome!
OMG...yes i need this useful video...
Thank you! Hope you enjoy :)
Thank you very much
You're very welcome!
very helpful. Thanks a lot
You're very welcome!
Thank you, sir
thank you
Thanks. I was waiting to see at the end the web page with the fields requesting for username and pw
thank you for this video
You're very welcome Zanele!
This was great! Thanks a lot.
Now I just need to figure out how to IaC this with Terraform!
You're very welcome! For IaC, check out CDK! It can compile down to Terraform!
Thanks.
Thank you so much
Very welcome
Muy agradecido! Gracias!
You're very welcome Moises!
I had clicked “like” even before watching this guy’s video.
Thank you so much for your support!
I thumbs up your comment before liking and watching the video. This comments is all I needed to know 😂
Could your make a Identity Pool video of how to set different users have different API permissions
Top man! Thank you for creating this - and including the fail! lol
You're very welcome! The fails just adds to the realism :P
Cheers
@@BeABetterDev Hi 👋 Do you have a video walking through adding a cognito user to a dynamodb?
thank you very much bro i want to like that video 100000000 time
You're very welcome!
you are a god.
thanks!
Awesome
¡Gracias!
Thanks a lot men, great video. If you know somehting about using cognito trigers to save users statistics with lambdas, you will be mi hero haha
perfect!!!
Thank you!
Thank you sir. Very helpful. You should ask for a raise. :)
Haha thanks megatron!
Hi I love the pace & no fluff! I have 2 questions: 1) Can you use user pool authorizers with federated ID integration (like with AzureAD)? User will be using SSO. and 2) does this remove the need/use-case for Lambda@Edge?
23:49 I guess you don't have to do that manually if you allow only the 'Implicit grant' when you check the 'Allowed OAuth Flows' section at 7:25 which would set the response_type to token automatically. But, this is not suggested unless you're using a Single Page App without any backend
Currently running into issues trying to adapt this to the "HTTP API" on API Gateway to use Cognito User Pools as an authorizer but stumbling on the step about JWT as a source. I'll fumble my way through it and I wanted to say that I am grateful your content getting me this far. Authorizing the new HTTP API Gateway could be another idea for content if that's something to add to your list of content ideas. Thanks for the high quality content though ^_^
Hey josh,
Have you tried taking a look at my video on HTTP APIs in API Gateway? I think you can possibly combine the content from this video and the one below.
ruclips.net/video/M91vXdjve7A/видео.html
Hope this helps.
Daniel
@@BeABetterDev thanks for the reply. I managed to fumble my way through it with this video ruclips.net/video/o7OHogUcRmI/видео.html
The one you just linked me, filled in some gaps for me about logging and cloud watch. 👏
Thanks again for all of your content. I’ve smashed the like 👍 button on all the videos that I have watched (to feed the algorithm).
Thanks so much Josh! I'm glad you were able to work through it and appreciate the support! Thanks again and stay safe :)
If I understand correctly what you did is basically by writing token into the URL you switched from "Authorization code" grant to "Implicit" grant type. If you're using a URL that's outside of AWS and travels through the web use code instead and use the Token endpoint of the identity provider (in this case Cognito), to get a token in the Body, and post it as a header in the HTTP Request, not as the part of the URL itself.
Great explanations!! One question, on authorizer test , you used Token id but calling the api path from Postman you put in header the access token instead. Whats the difference and why each one needed in the corresponding scenario?
Great video. I think there's a little change in the way the authorization token is validated in the api gateway, in order to send a request using postman make sure you send the token using the Authorization tab and selecting "Bearer " on the dropdownlist. Do not include the token on the URL as this will not be correctly authorized by api gateway.
Can you explain this a little more, please?
Any chance of a refresher video using the latest version of cognito and API gateway?
thanks for that.. Hard to find someone going through custom domain in cognito..
This video is amazing! Very generous of you to take time and publish this for public viewing. Just out of curiosity is it possible for a user to login via the HostedUI and then have access to api gateway via the browser? If you don't have tech savy customers they likely don't want to access the API via Postman but would prefer to just login and have access, any chance if you know this is possible ? Thanks so much again :)
Hi Jonathan,
Hm, I don't think this is possible using any out of the box tools unfortunately. Sorry to share the bad news. I think it wouldn't be too much work to create a simple React app with a couple input boxes / text areas to call the corresponding UI once logged in.
Thanks so much for the kind words!
Daniel
@@BeABetterDev i guess this answers my question.....
Fantastic video, I really appreciate it. In my case though, I’d like to use Cognito in kind of a stateless situation, I would prefer to enter the login and password in the header ( or base64 version of it with basic authentication) instead of logging in to get it token first. Reason being I’m connecting it from the output of other web services that do something and there isn’t really the mechanism to get a temporary token. Any ideas how to do that?
super