I just started using Auth0 last week. Can anyone provide details on how you setup an Auth0 client, that connects to a custom RDS MySQL database? I"m trying to authenticate users form a Drupal Install via a login form and I consistently receive a "401" error.
I think you need to configure both auth0 and AWS (IAM) for this, kindly go through documentation provided.
Call AWS APIs and Resources Securely with Tokens
Edit 1: Do Refer to commet , will update accordingly.
Related
aws sso login --profile //profile name// is usually open browser and ask for approval is there any other way we can do this without browser. I have a situation where I need to setup aws cli in my docker container and I can only use aws sso login and I don't want to use any selenium to handle browser approval since its looks complex so I want to do all in cli itself…
aws sso login takes a --no-browser flag which suppresses the browser launch
From there you can control the sso verification url via a browser automation library e.g. puppeteer.
You can also get the verification url via aws sso-oidc actions/commands.
An example in golang using go-rod is available on github here although this won't work with a non-mfa process flow, which is what you want here. The code at the link can be modded or updated to support that use-case with not a whole lot of effort.
Generally using aws sso isn't recommedended for this type of use-case. Instead, you're better off using IAM user credentials (while outside VPC for example) or if in a VPC - instance profiles if they're available.
I am trying to add an authentication method to AWS OpenSearch.
By default it comes with basic auth with internal db,
I would like to configure Security Plugin with a second authentication mechanism OpenId Connect
Documentation says to use Update Security Configuration , which doesn't seem to be allowed by AWS.
tried PUT _plugins/_security/api/securityconfig and PUT _plugins/_security/api/securityconfig/authc both seems to be failing with {"Message":"Your request: '/_plugins/_security/api/securityconfig/authc' is not allowed."}
Is there an alternative, all I want to do is , use JWT Token(from OpenID Connect Cognito) to run OpenSearch _search API, rather than using internal database basic auth or IAM Role from Federated Pool.
AWS Opensearch has blocked apis for updating security configuration which is why you see the error. The documentation you have linked is applicable when using opensearch security plugin for your self hosted opensearch service and not AWS hosted solution.
I am not sure if this will be helpful to you but this blog does talk about using OpenId Connect along with AWS Cognito for opensearch auth: https://aws.amazon.com/blogs/apn/use-amazon-opensearch-service-with-kibana-for-identity-federation-auth0/
i want to connect my simple REACTJS contact form to my AWS SES email to receive emails
I did some researches about this but did not find a useful tutorial or article to follow it
is there anyone who can help!?
THANKS
There is a tutorial to do just what you asked for: https://www.youtube.com/watch?v=HiHflLTqiwU
In short: You set up an AWS IAM user with limited permissions to AWS SES. The user has only programmatic access to the AWS console. You will use the secret key and key ID in your React app later on, so make sure to save it. Also, make sure you are familiar with the SES pricing
Then, go ahead and configure AWS SES to your needs.
Your React App will need to run with an ExpressJS backend. Add the JavaScript AWS SDK to your project. It is needed to connect to AWS and interact with SES. Here the link to the AWS SES SDK documentation
The tutorial is great. However, there are some things to look out for:
Make sure you don't check in your access key and secret to a VCS.
The AWS access key will never be renewed. This can be ok but should be avoided
Regularly rotating your IAM credentials helps prevent a compromised set of IAM access keys from accessing components in your AWS account. Rotating IAM credentials is also an important part of security best practices in IAM. (Source)
You send e-mails through a public, unauthenticated POST request to your express backend. Anybody with their browser's devtools open can see the POST request. including the headers, the request body, and repsonse. With Postman, or a similar tool, anybody can spam your contact endpoint. To avoid that you can setup rate limits, put an API Gateway, with quotas in the middle instead of calling SES directly, etc.
I have a web app which already uses AWS Cognito to authenticate my users. These users have been granted role-based access to the Kibana URL of my AWS ElasticSearch cluster. But when I provided an embedded kibana dashboard iframe into my user's session, it doesn't work. I think I need to pass the Cognito session information along with the iframe. Is there a way to pass the Cognito session information along with the iframe? The embedded dashboard starts working when I login to Kibana in a separate browser tab, which leads me to believe this is an authentication issue. Any pointers will be of great help! Thanks.
I am developing a react native mobile app and using server side API for managing user related data (backend). Currently I am using AWS cognito for supporting user signup/signin and all the user details are seems to be saved in AWS user pool.
I want to store auth token and user details on my server side, so that I can use this details to fetch user related data. So, I want the following approach to implement
Request:
Mobile App UI -> Server API (backend) -> AWS cognito
Response:
AWS cognito -> Server API (backend) -> Mobile App UI
Is this possible? If not what would be the best approach.
Quick Response
If you are running Springboot in an EC2 instance you can asign a role to that EC2 instance with enought permissions and get data directly from your server app as an Administrator, i mean, using the SDK you can call AWS API requests just with that role, so you can retrieve the user data for all your users.
Other options
I think AWs has some services that make it easy to have this approach.
You can use Amazon Cognito Identity Provider to get credentials for an user and directly in the app you can call for example dynamoDB queries (etc) or you can do AWS API Gateway requests that are executed if the requests have valid credentials, this way you can call Lambdas and make some proccesing. If you need more details you should send more info to know the target of your app and make a better recommendation. Regards,