Authenticate React Native App using AWS Cognito or AWS Amplify - amazon-web-services

I want to authenticate a react native app using AWS Cognito rather than using AWS Amplify due to the cost factor. Cognito provides all the user authentication providers and it is very cost-friendly to the developer. And Amplify is very good, but it provides many unnecessary things which I don't require. Please provides me preferred procedures to config AWS Cognito in many react native app or provide me a way where I will you only the required things for my react native app like authentication, datastore, manage user and storage in AWS Amplify.
And Also can anybody explain to me the pricing of AWS Amplify, please tell me what that underline statement means
please provide me a proper way to configure AWS Cognito or AWS Amplify (Using only some specific platform), and please me to understand the pricing of AWS Amplify

Related

Suggestion: Integrating Amazon Cognito with AWS DynamoDB

I've built an application which is connected with Amazon Cognito to take the sign in and sign-ups of users. Currently, application support three different subscriptions (Free, Basic, Premium). If the user signs in for basic Subscriptions, I want to give them least access to DynamoDB for download the parts of applications which is required to run the application service.
How to connect DynamoDB with Cognito directly
I am not sure, what's the best approach to follow this scenario?
(Please note- this is not a mobile-based application, so do not give suggestion to use AWS Amplify or relatable services)
When I was first learning about Cognito, I had made the same set of assumptions you are currently making. I knew that User Pools could act as my application's user directory, and Identity Pools would magically unlock all my authorization needs. I was mistaken :)
At the risk of oversimplifying, AWS Cognito exists to answer two questions:
Who are you? (authentication)
What can you do? (authorization)
Cognito addresses these concerns with two distinct offerings: User Pools (authentication) and Identity Pools (authorization).
At a high level, User Pools let you handle user registration, authentication, account recovery, and supports authentication with third-party identity providers like Facebook, Google, etc. Sounds like you might have this part figured out.
Cognito Identity Pools, on the other hand, provides a way to authorize users to use various AWS services. You can think of it as a vending machine for handing out AWS credentials. For example, if you needed to give your users access to upload a file to an S3 bucket or to invoke an endpoint in API Gateway, you could do so with an Identity Pool. You can even allow item-level access to DynamoDB based on an Amazon Cognito ID. However, this might not work the way you expect since your application users are probably not directly connecting to DynamoDB.
In most web/mobile applications, users are not connecting directly to DynamoDB. Instead, they are interacting with a web/mobile app that communicates to the back-end of your application via an API. That API would then communicate with DynamoDB. If your stack is in AWS, the path may look something like this:
Client (web/mobile app) <-> API Gateway <-> Lambda <-> DynamoDB
In this architecture, your users would authenticate via Cognito. Cognito would then authorize the user to make calls to API Gateway. API Gateway would execute your lambda, which would then interact with DynamoDB. The "user" of DynamoDB in this example is your Lambda, not the user of your application.
That last bit is important, so I'll repeat it: Unless your users are directly connecting to DynamoDB (not recommended), they are not the "user" operating on DynamoDb. Therefore, restricting DynamoDB access based on a user's Cognito ID is not going to be an option for you.
So, what can you do? Your application needs to provide the business logic around what effect your users can have on DynamoDB. Perhaps free users have read-only access to a specific partition, while premium users can modify the same partition. That logic has to be handled directly by you.
I know you said you weren't looking for Amplify suggestions since your application is not mobile-based. However, Amplify offers SDKs that aren't specific to mobile development. The folks at Serverless have made a fantastic tutorial on building a full-stack serverless web app, which includes a very readable chapter on serverless auth with Cognito. They use Amplify in a web app to integrate with Cognito, S3, and API Gateway. If that's something you are trying to do, I'd recommend checking it out.

Can I use Cognito for users authentication in an app hosted in DigitalOcean?

I have an app hosted in a DigitalOcean server that is only used by me. Now I would like to give access to some friends, so I need users authentication management.
I have read AWS Cognito is a good option however it is not clear to me if it is possible to implement only AWS Cognito to work in joint cooperation with other services or if I need to migrate all to AWS to be able to use Cognito. I’ve been looking for tutorials but all talk about using Cognito in addition to other AWS services.
The point is that I’m using a Postgres DB and looking at AWS prices it is expensive to me to migrate to AWS. In case it is to do what I would like, I really appreciate recommended lectures.
Thanks in advance.
I need users authentication management.
I have read AWS Cognito is a good option
Indeed the AWS Cognito is a good option for user authentication and authorization. If you have a web app, you may as well check out the AWS amplify framework for easier onboarding.
if it is possible to implement only AWS Cognito
You don't need to use any other AWS services or migrate your infrastructure. Your application can use Cognito indepently.
You can use Cognito even as a pure OAuth 2.0 based authentication and authorization service if you want to keep really independent.
all talk about using Cognito in addition to other AWS services
Cognito can provide its users session (temporary) aws credentials to use AWS services. You don't have to use the feature if you don't need to.

How to authenticate users with Aws Cognito and Aws Amplify

We are building an application with mobile authentication and we decided to use Aws. I searched a little and decided to use Aws Cognito. I read the documentation and while reading I noticed that, for the application side I need to use Aws Amplify. I tried some examples but I am not sure I understand the concept right.
Can you give me some insight about this model.
Amazon Cognito is a managed Identity Provider in the cloud, it provides you with a user repository, federation, GUI for signin, signup, lost password and other user flows, it supports OTP, email address verification etc ...
It can be integrated into your app through the provided UI or through its API if you want to control the look and feel of theusre interfaces.
Amplify is a command line tool and client library to make it easy to provision and to use cloud services, including Cognito, from your web or mobile application.
The Amplify CLI will help you to provision Cognito in the cloud, without requiring you to click through all the options in the console. The Amplify client side library will provide high level programming constructs to make it easy to access cloud based services, such as Cognito, from your apps.
You can watch this 45 minute talk that shows Amplify in action : https://www.youtube.com/watch?v=QxOcvOMnAuQ and this github repo with a sample application : https://github.com/sebsto/amplify-react-workshop

AWS Cognito with non-AWS Resources

My question is about AWS Cognito Security Services- can AWS Cognito be used for any resources outside AWS Cloud e.g an API developed published on Apigeea API Gateway?
I searched through AWS Documents and on Google
I want to create SSO with AWS Cognito like SAML-based SSO federation where Resources/ Services can be anywhere.
Yes, You can. Kindly see the App Clinet option in Cognito.
However, Apigee also needs to have the capability to integrate.

AWS SDK for JS in Browser with a CognitoUser instead of IAM credentials?

I have a browser app that interacts with S3. Since it was mostly an in-house tool, after handling authenticating to an API, it directly received the ID and secret for a very restricted IAM user which was then used to setup the AWS SDK in the browser.
I am now trying to change that app to use Cognito for authentication, so it can be accessed by external users without compromising our security.
I wound up using AWS Amplify just to handle the authentication part, and now I'm trying to figure out if there's a way of using the credentials I get from Cognito to setup the AWS JavaScript SDK and replicate the same functionality from that point on. (The way Amplify currently handles interaction with S3 does not cover all of the app's needs)
Is there a way of doing this? I find the SDK documentation extremely confusing, and have been unable to determine if what I'm trying to do can be done at all.
Additionally, if there's a way to use the JS SDK only (without Amplify) to login a user via Cognito, that would also be preferable to me, but that's a secondary concern.
Yes, you can easily do this with Amplify, and I recommend this approach.
Here's an example from the docs using the Route53 module from the AWS JS SDK, but you can use any of the AWS modules of course.
Via https://aws-amplify.github.io/docs/js/authentication#working-with-aws-service-objects
import Route53 from 'aws-sdk/clients/route53';
Auth.currentCredentials()
.then(credentials => {
const route53 = new Route53({
apiVersion: '2013-04-01',
credentials: Auth.essentialCredentials(credentials)
});
// more code working with route53 object
// route53.changeResourceRecordSets();
})