API Gateway Security Mechanisms | AWS_IAM Vs Cognito User Pool Vs Identity Pool Vs Lambda Authorizer
Вставка
- Опубліковано 4 жов 2024
- In this video, we will compare different AWS API Gateway Security Mechanisms - AWS_IAM, Cognito User Pool, Cognito Identity Pool, Lambda Authorizer. We will also go over for what use case you should use which mechanism along with pros cons.
*My Courses*
Discounted Link for My Serverless Course: www.udemy.com/...
Discounted Link for my CloudFormation, CDK with Devops, Interview Guide Course: www.udemy.com/...
*Connect with me*
Connect with me in LinkedIN: / rajdeep-sa-at-aws
Follow me on twitter: / cloudwithraj
Follow me on instagram: / raj_does_cloud
DEFINITELY DO NOT CLICK: / @cloudwithraj
Using the Scopes it is possible to get fine-grained access. Interesting is that the initial sign-in process with Cognito User Pool you get back a JWT with, identity, access and refresh tokens. Depending upon whether you pass in the identity or the access token, you get quite different approaches on how API Gateway Authorizer will apply it.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
@@cloudwithraj is there any videos on this concept? Or using the concept of user pool groups?
@@cloudwithraj on 11th minute you are explaining the IAM Role 3 with UserPool but lets say we use a single identity provider (facebook or Cognito Userpool) , can we have separate IAM Roles returned ? If yes then how ?
Most clear description of Cognito so far. and yes I have smashed that like button.
haha ty Tushar
Bravo! the best explanation I found around this topic. In AWS HTTP API gateway, I believe you have JWT authrorizer which does acts similarly as the Lambda authorizor. It checks the signature using the public key of the identity provider along with scopes and audiences
Thank you sir. Explaining with picture and flow is very clear to understand.
Good job Raj. Clear and concise with very good illustrations
Great explanation, sorted my queries related to different authentication and authorization methods with AWS. Thanks.
I got lost during the Cognito Identity Pool. You skipped explaining how the GIP knows which IAM role to assign to a user. Do users logging using Facebook only ever get IAM role 1, and those using User pool only ever get IAM role 3? Where and how is that logic configured.
If you want fine-grained authorisation using Cognito user pools, you can potentially use oauth scopes and not have to create more user pools.
You are correct, I will do a deep down video on Cognito. Thanks for the feedback and thanks for watching :)
best video on the topic on the youtube
Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
Very well described. Great . THANK YOU
Glad it was helpful!
Another great one, Raj. I am a fellow Amazonian too, and this playlist is a great learning tool!
Ty Anshika for your kind words (and the helpful pointer about ALB X-region using IP and VPC peering ). I love when fellow amazonians find my videos helpful 👊
Great video, now I understand the differences correctly! Thanks a lot!
Great explanation! I'm amazed by your videos, they are so clear. Thanks you so much.
Glad you like them!
Thanks for making this video. You explained the topic clearly.
Glad you liked it
Great Explanation
Pretty good explanation on the differences. Thank u. Keep posting such awesome videos.
Thanks Srikanth for watching. I am glad you found this video helpful.
Thank you for the nice video, I did not find your udemy course of Rocking AWS serverless, is the name changed?
video was relly helpful
Nice job Raj.
This is awesome..!
Such cool videos Raj 👍
Can we use row level security while accessing redshift for cognito user....Login via cognito user->API->Lambds->redshift data ApI with row levelsecurity for example Cognito user1 can only see US data and user2 can only see UK data
Another great video my friend. Very well explained. I always don't skip ads on your videos :)
Using the "VS" logo of Street Fighter enticed me to click this video. JK.
You rock Koya!
Amazing vid man
Appreciate it
Please upload more in-depth videos of aws services
Can we use roe level security whiile accessing redshift via cognito user->API->redshift data ApI
Excelent video!, thanks for sharing!
Thanks for watching!
very well explained....thanks much!
Glad it was helpful!
I'm trying to control access to individual methods of my API Gateway using Cognito Identity Pool like you say I can but cannot get it to work. Do you have a video which explains the setup in more depth with example?
Excellent explanation
Glad it was helpful!
Hi Raj, Excellent Video ! We can leverage Cognito User Pool Groups to define different IAM role/policies right ?
That's correct Pradeep!
@@cloudwithraj Now lets say we use SAML Federation with on-premises AD in Cognito UserPool . How will I have the user groups since the user is not created in Cognito.
The API key method is not well described
Can we use O355/OpenID authentication with API gateway
Ideally IAM should be applied to roles and not to users.
3:59 not sure what the word is, 'you are in trouble because they don't ____ it' ?
"rotate" , apologies for not spelling it super crisp, thanks for watching
@@cloudwithraj thank you!
Nice video as usual 👍 Btw how you did this lambda?
Thanks Denys :). Ya I bought nanoleaf panels and made it in lambda pattern
You should try speaking a little bit slower!
Excellent explanation! Thank you.
Glad it was helpful!