AWS Cognito with non-AWS Resources - amazon-web-services

My question is about AWS Cognito Security Services- can AWS Cognito be used for any resources outside AWS Cloud e.g an API developed published on Apigeea API Gateway?
I searched through AWS Documents and on Google
I want to create SSO with AWS Cognito like SAML-based SSO federation where Resources/ Services can be anywhere.

Yes, You can. Kindly see the App Clinet option in Cognito.
However, Apigee also needs to have the capability to integrate.

Related

Can we authenticate application user with on-premise directory services with AWS Lambda?

Am looking for authentication methods with our on-premise directory other than AWS Cognito user pool. I saw Lambda can be integrated with Azure AD. Our directory is SAML integrated. Can i achieve this with AWS Lambda function.? And how can i get access tokens to authorize API Gateway after authentication. If Possible, Please let me know how to achieve. Thanks in Advance.

Alternatives to Cognito in AWS GovCloud

My team has built a Serverless Web Application in AWS using Cognito User Pools for allowing users to register on the site and authenticate to it. We are now needing to move this application into a GovCloud (US) region, which does not support the Cognito Service.
1) Is it possible to host Cognito in another region and still use it to authenticate access to the API gateway inside a GovCloud region?
2) If no on #1, what is a good alternative that IS available in GovCloud regions for user sign-up and auth?
Just yesterday, May 13 2020 Amazon announced Cognito availability in GovCloud
https://aws.amazon.com/about-aws/whats-new/2020/05/amazon-cognito-is-now-available-in-the-aws-govcloud-us-west-region/
Not all the features of Cognito are available, like for example Authorizers for API Gateway, so YMMV.

Can I use Cognito for users authentication in an app hosted in DigitalOcean?

I have an app hosted in a DigitalOcean server that is only used by me. Now I would like to give access to some friends, so I need users authentication management.
I have read AWS Cognito is a good option however it is not clear to me if it is possible to implement only AWS Cognito to work in joint cooperation with other services or if I need to migrate all to AWS to be able to use Cognito. I’ve been looking for tutorials but all talk about using Cognito in addition to other AWS services.
The point is that I’m using a Postgres DB and looking at AWS prices it is expensive to me to migrate to AWS. In case it is to do what I would like, I really appreciate recommended lectures.
Thanks in advance.
I need users authentication management.
I have read AWS Cognito is a good option
Indeed the AWS Cognito is a good option for user authentication and authorization. If you have a web app, you may as well check out the AWS amplify framework for easier onboarding.
if it is possible to implement only AWS Cognito
You don't need to use any other AWS services or migrate your infrastructure. Your application can use Cognito indepently.
You can use Cognito even as a pure OAuth 2.0 based authentication and authorization service if you want to keep really independent.
all talk about using Cognito in addition to other AWS services
Cognito can provide its users session (temporary) aws credentials to use AWS services. You don't have to use the feature if you don't need to.

execute-api with Cognito federated identities from Cognito user pools

I want to execute APIs hosted on AWS API gateway using identity I created from Cognito federated identities with Cognito user pool as provider. Basically option 2 in this blog here Secure API Access with Amazon Cognito Federated Identities, Amazon Cognito User Pools, and Amazon API Gateway
Now I have the federated identity credentials but stuck on how to actually execute the API. There does not seem to be such an API in the AWS JS SDK for API gateway. Does that mean the only way to do this is to create the SigV4 myself & call it like any other HTTP API?
Any suggestions/easier solution?
Thanks.
Finally, did this use AWS sign web library from https://github.com/danieljoos/aws-sign-web. It does the job.

AWS API Gateway Authentication using AWS Directory Services (Active Directory)

I'm using AWS API gateway for an API I'm setting up, and I want to be able to use an existing AWS Directory Services Directory (Microsoft AD Enterprise) for authentication.
I'm not sure where to start.
Would I need to use a custom lambda function for authentication, and then write my own ldap authentication code?
I can't find any references to this scenario, of authenticating an API against AWS AD.
Any pointers would be greatly appreciated.
perhaps worth checking how configure AWS Directory Service as Federated Identity Provider in IAM, then how to retrieve access tokens from STS and ultimately configure API Gateway to use Authorization Method: AWS_IAM
for authentication - perhaps worth studying how configure federated identity in cognito
have a look at these slides https://www.slideshare.net/AmazonWebServices/aws-may-webinar-series-48671841