Secure your API Gateway with Amazon Cognito User Pools | Step by Step AWS Tutorial
Вставка
- Опубліковано 14 лип 2024
- Amazon Cognito is a powerful AWS service that enables user logins and federated identities. Cognito can be leveraged as an authentication and authorization mechanism for your APIs built through AWS API Gateway. In this video, I show you how to create an Amazon Cognito User Pool and attach it as an authentication handler to your API Gateway REST api.
Looking to get hands on experience building on AWS with a REAL project? Check out my course - The AWS Learning Accelerator! courses.beabetterdev.com/cour...
Interested in authentication using Lambda instead? Check out • Secure your API Gatewa...
📚 MY RECOMMENDED READING LIST FOR SOFTWARE DEVELOPERS📚
Clean Code - amzn.to/37T7xdP
Clean Architecture - amzn.to/3sCEGCe
Head First Design Patterns - amzn.to/37WXAMy
Domain Driver Design - amzn.to/3aWSW2W
Code Complete - amzn.to/3ksQDrB
The Pragmatic Programmer - amzn.to/3uH4kaQ
Algorithms - amzn.to/3syvyP5
Working Effectively with Legacy Code - amzn.to/3kvMza7
Refactoring - amzn.to/3r6FQ8U
🎙 MY RECORDING EQUIPMENT 🎙
Shure SM58 Microphone - amzn.to/3r5Hrf9
Behringer UM2 Audio Interface - amzn.to/2MuEllM
XLR Cable - amzn.to/3uGyZFx
Acoustic Sound Absorbing Foam Panels - amzn.to/3ktIrY6
Desk Microphone Mount - amzn.to/3qXMVIO
Logitech C920s Webcam - amzn.to/303zGu9
Fujilm XS10 Camera - amzn.to/3uGa30E
Fujifilm XF 35mm F2 Lens - amzn.to/3rentPe
Neewer 2 Piece Studio Lights - amzn.to/3uyoa8p
💻 MY DESKTOP EQUIPMENT 💻
Dell 34 inch Ultrawide Monitor - amzn.to/2NJwph6
Autonomous ErgoChair 2 - bit.ly/2YzomEm
Autonomous SmartDesk 2 Standing Desk - bit.ly/2YzomEm
MX Master 3 Productivity Mouse - amzn.to/3aYwKVZ
Das Keyboard Prime 13 MX Brown Mechanical- amzn.to/3uH6VBF
Veikk A15 Drawing Tablet - amzn.to/3uBRWsN
🌎 Find me here:
Twitter - / beabetterdevv
Instagram - / beabetterdevv
Patreon - Donations help fund additional content - / beabetterdev
#AWS
#Cognito
Great video!
At this point 23:45, to avoid having to manually change from "code" to "token" in the redirect, you just have to select "Implicit grant" only when setting the OAuth 2.0 Auth Flow at 7:20!
Thank you:)
Thank you so much
love that you don’t scrub the mistakes out of your videos. thats how real life goes, and i feel it’s important for those new to the industry to see their seniors working through mistakes. great video.
Mistakes happen in real life! Its important to see the whole process :D
This was a brilliant tutorial. I have watched many videos from various people on youtube, udemy and you name it, I have been on the sites. Yet you talked in such a, lets get this done and ill show you manner instead of lots of talking but spoke about a process when needed was just great. I learned alot from this, thank you. I subbed and liked this video.
Thank you so much for your kind words Daryl. I always try to present my content in a relatable way that synthesizes the complexity of a topic into an easy to understand presentation. I'm glad you found this useful - and thank you for the kind words!
Daniel
Was stuck with this for a couple of hours now. Didn't realize that you need to deploy the API after making changes. This video really helped me. Thanks!
You're very welcome!
This video made me subscribe to your channel immediately. It's impressing how easy to understand from you, especially after spending hours on understanding nothing about the topic.
BeABetterDev: Thanks for putting this video together. I followed the API Gateway Lambda one and this version with Cognito. The option is Cognito is much richer and I will be exploring it with my app. It is good that the video is also an actual workthrough with details and it was easy and nice to follow and I was able to replicate the results.
Glad this was helpful!
This is a really great video, simple and straightforward. thanks a lot
I want to thank you! This lesson was really helpful and straightforward. Congratulations!
You're very welcome Ricardo! Thanks for the kind words!
THANK YOU!!! I spent my entire day trying to figure out why I wasn't getting the id_token returned and it was because the URL i was using didn't have openid added to the URL!!!! I read every doc and stack overflow article I could find, thank you for making this video!! You got yourself another subscriber :D
Hi Jake,
Super glad I was able to help you out. Thanks so much for the kind words and welcome to the channel!
Daniel
This is amazing, this helps me a lot in building side projects user authentication!!
Amazing job,man. THANK YOU SO MUCH
amazing video, just right speed and right contents for api security with AWS
Thank you for the well explaination of the Cognito and the demo.. It worked smoothly for me following the steps you mentioned..
Great work! I have learnt a lot from your video. Thank you and all the best :)
Mind blown... Was looking for exactly this. Fantastic.
Glad you enjoyed Rohit!
This video along with your RDS lambda integration video is pretty much all you need to get a robust web app going super quickly. Great content.
EDIT: In case you ever read this, do you have any insight how you might apply RBAC with this strategy?
Hello. Thank you so much. This step by step video is a gold mine !
You're very welcome Sebastien!
Who were those with 5 downvotes?
Perhaps this was one of the best and easiest tutorials to understand the concepts.
Plot twist, you don't see the number of downvotes unless you downvoted yourself
Dude, this video is gold. Thank you 🙏
Exactly what I was looking for. Thanks! You just got yourself another sub
Thanks Tonislav and welcome to the channel!
This was great! awesome job Daniel!
Thanks Craig! Glad you enjoyed :)
You're an absolute mad lad! saved me hours of reading docs lol
You're very welcome Cachuela!
Thanks for great practical explanation! Very useful video.
Glad it was helpful!
Thank you for your videos. They are amazing, the notification is enabled in order to receive news content 😀
Thanks Cas!
Actually practical thanks a lot. This has helped me a lot.
Excellent! Thanks so much!
Nicely explained! Even I understand it. :) Thank You!
Thanks etseale! Glad you enjoyed :)
thank you very much, that's just what i needed
this just saved a ton of time. Forgot to deploy API and was using the test URL or some shit. Thanks bro
You're very welcome Scott! I've been bitten by that problem too many times.
Thanks bro, nice video. Highly appreciate it.
Thanks, this is just an excellent tutorial !!!
Thanks V! Glad you enjoyed :D
Great video its really helps me to secure apigateway with cognito userpool
This was so helpful--thanks a ton!
You're very welcome!
thank youuuu for this tutorial. Helped me a lot!!
You're very welcome!
Thank you very much, this video helped me a lot.
You're welcome!
Bhai aapne balle balle karwa di!
Cool! awesome demo and great explanation.
Thanks Erick! Glad you enjoyed.
Thanks for this, just what I needed. Next, can you show how to provide access to user to a subset of lambda functions or APIs, instead of access to all?
I had clicked “like” even before watching this guy’s video.
Thank you so much for your support!
I thumbs up your comment before liking and watching the video. This comments is all I needed to know 😂
Superb video, great stuff many thanks for posting
Thanks for the great video! I'd gotten past the initial login step just fine but had no idea what to do with the tokens passed back. Got a bit of template work to do linking the Lambdas/Gateway/Cognito but it should be easy peasy thanks to your demo.
Masterclass. Thank you 🙏🚀
You're very welcome Torey!
Awesome Man, Thanks for the hard way tip!! 😇😇
love this video, more on serverless architecture pls
Thanks Dee, more coming soon!
Thanks for great explanation !
You are welcome!
Awesome explanation
Nice explanation. Thank you
This is gold. Thanks man
You're very welcome Dek!
Freaking amazing video!! Kudos for u! Learned a lot!
You're very welcome Rodrigo!
Awesome video, thanks bud!
You're very welcome Tasleem!
This was great! Thanks a lot.
Now I just need to figure out how to IaC this with Terraform!
You're very welcome! For IaC, check out CDK! It can compile down to Terraform!
Very nice tutorial bro!
Thanks bro you saved me!!!!!!!! great video
Thanks for making the tutorial video. This video helps me a lot.
Thanks. I was waiting to see at the end the web page with the fields requesting for username and pw
Thanks a lot! Great explanation.
You're very welcome Pakito!
Love this video! The only thing I've found different in my scenario is that passing the Authorization header won't work with the access token. It only works with the id token for some reason
Nicely explained
you're a king
Thank you for the lesson)
Thanks a lot, you saved my day
thanks u! I get stuck until get your video!
Glad I was able to help Long!
You are the best bro, thanks.
Thanks Jasu!
Thanks, awesome job!
You're very welcome Mohammad!
Excellent video
Thank you very much Fahim!
So nice & useful...
Simple and super video...
Thank you!
Thank you very much
You're very welcome!
Currently running into issues trying to adapt this to the "HTTP API" on API Gateway to use Cognito User Pools as an authorizer but stumbling on the step about JWT as a source. I'll fumble my way through it and I wanted to say that I am grateful your content getting me this far. Authorizing the new HTTP API Gateway could be another idea for content if that's something to add to your list of content ideas. Thanks for the high quality content though ^_^
Hey josh,
Have you tried taking a look at my video on HTTP APIs in API Gateway? I think you can possibly combine the content from this video and the one below.
ua-cam.com/video/M91vXdjve7A/v-deo.html
Hope this helps.
Daniel
@@BeABetterDev thanks for the reply. I managed to fumble my way through it with this video ua-cam.com/video/o7OHogUcRmI/v-deo.html
The one you just linked me, filled in some gaps for me about logging and cloud watch. 👏
Thanks again for all of your content. I’ve smashed the like 👍 button on all the videos that I have watched (to feed the algorithm).
Thanks so much Josh! I'm glad you were able to work through it and appreciate the support! Thanks again and stay safe :)
helpful video, thanks.
You're welcome!
Good demo
Muy agradecido! Gracias!
You're very welcome Moises!
Excellent
very helpful. Thanks a lot
You're very welcome!
Thanks!
Top man! Thank you for creating this - and including the fail! lol
You're very welcome! The fails just adds to the realism :P
Cheers
@@BeABetterDev Hi 👋 Do you have a video walking through adding a cognito user to a dynamodb?
Thank you so much
Very welcome
Great video. I think there's a little change in the way the authorization token is validated in the api gateway, in order to send a request using postman make sure you send the token using the Authorization tab and selecting "Bearer " on the dropdownlist. Do not include the token on the URL as this will not be correctly authorized by api gateway.
Can you explain this a little more, please?
Hi I love the pace & no fluff! I have 2 questions: 1) Can you use user pool authorizers with federated ID integration (like with AzureAD)? User will be using SSO. and 2) does this remove the need/use-case for Lambda@Edge?
OMG...yes i need this useful video...
Thank you! Hope you enjoy :)
thank you for this video
You're very welcome Zanele!
thank you
Thank you, sir
thank you very much bro i want to like that video 100000000 time
You're very welcome!
Thanks.
¡Gracias!
Thanks a lot men, great video. If you know somehting about using cognito trigers to save users statistics with lambdas, you will be mi hero haha
genius, brilliant
Thank you sir. Very helpful. You should ask for a raise. :)
Haha thanks megatron!
This video is amazing! Very generous of you to take time and publish this for public viewing. Just out of curiosity is it possible for a user to login via the HostedUI and then have access to api gateway via the browser? If you don't have tech savy customers they likely don't want to access the API via Postman but would prefer to just login and have access, any chance if you know this is possible ? Thanks so much again :)
Hi Jonathan,
Hm, I don't think this is possible using any out of the box tools unfortunately. Sorry to share the bad news. I think it wouldn't be too much work to create a simple React app with a couple input boxes / text areas to call the corresponding UI once logged in.
Thanks so much for the kind words!
Daniel
@@BeABetterDev i guess this answers my question.....
If I understand correctly what you did is basically by writing token into the URL you switched from "Authorization code" grant to "Implicit" grant type. If you're using a URL that's outside of AWS and travels through the web use code instead and use the Token endpoint of the identity provider (in this case Cognito), to get a token in the Body, and post it as a header in the HTTP Request, not as the part of the URL itself.
perfect!!!
Thank you!
Could your make a Identity Pool video of how to set different users have different API permissions
Awesome
23:49 I guess you don't have to do that manually if you allow only the 'Implicit grant' when you check the 'Allowed OAuth Flows' section at 7:25 which would set the response_type to token automatically. But, this is not suggested unless you're using a Single Page App without any backend
Great explanations!! One question, on authorizer test , you used Token id but calling the api path from Postman you put in header the access token instead. Whats the difference and why each one needed in the corresponding scenario?
thanks for that.. Hard to find someone going through custom domain in cognito..
you are a god.
thanks!
Great. Please do how to secure API Gateway with Firebase Auth. Much thanks.
Fantastic video, I really appreciate it. In my case though, I’d like to use Cognito in kind of a stateless situation, I would prefer to enter the login and password in the header ( or base64 version of it with basic authentication) instead of logging in to get it token first. Reason being I’m connecting it from the output of other web services that do something and there isn’t really the mechanism to get a temporary token. Any ideas how to do that?
Great job. Please do you offer mentorship program. I need to lean more on AWS infrastructure projects