Using AWS Cognito to authenticate users in my own api












0















I have an iOS app. Users are authenticated to access AWS resources like DynamoDB or S3. Now, I have built a node js server in order to add further logic to the app’s backend. My question is, can I use already authenticated users identity pool to allow those users to access my api (which hosted in EC2, by the way) or I need to create a whole new authentication system using passport.js or such.
If I can use Cognito, does it cost money?



Thanks!






node.js amazon-cognito







share|improve this question



























    0















    I have an iOS app. Users are authenticated to access AWS resources like DynamoDB or S3. Now, I have built a node js server in order to add further logic to the app’s backend. My question is, can I use already authenticated users identity pool to allow those users to access my api (which hosted in EC2, by the way) or I need to create a whole new authentication system using passport.js or such.
    If I can use Cognito, does it cost money?



    Thanks!






    node.js amazon-cognito







    share|improve this question

























      0












      0








      0


      1






      I have an iOS app. Users are authenticated to access AWS resources like DynamoDB or S3. Now, I have built a node js server in order to add further logic to the app’s backend. My question is, can I use already authenticated users identity pool to allow those users to access my api (which hosted in EC2, by the way) or I need to create a whole new authentication system using passport.js or such.
      If I can use Cognito, does it cost money?



      Thanks!






      node.js amazon-cognito







      share|improve this question














      I have an iOS app. Users are authenticated to access AWS resources like DynamoDB or S3. Now, I have built a node js server in order to add further logic to the app’s backend. My question is, can I use already authenticated users identity pool to allow those users to access my api (which hosted in EC2, by the way) or I need to create a whole new authentication system using passport.js or such.
      If I can use Cognito, does it cost money?



      Thanks!






      node.js amazon-cognito




      node.js amazon-cognito






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 2 at 16:48









      Gal ShaharGal Shahar

      296312




      296312
























          1 Answer
          1






          active

          oldest

          votes


















          2














          if you put your API behind API Gateway, you could use AWS IAM authentication for the API Gateway, an approach I find compelling because it means unauthenticated requests to API gateway don't trigger a backend request, and because I like to let AWS do the authentication for me ( AWS auth is "free" though Cognito identity pools are not) . I also like that api gateway can do a request limit so that malicious authenticated users can't take their cognito tokens and make a DoS attack on say a dynamo table.



          Otherwise I don't know a way to tie your application auth into AWS auth, so you're left bridging that gap with your own engineering effort.






          share|improve this answer
























          • I'll consider using API Gateway, although it costs extra money... Thanks!

            – Gal Shahar
            Jan 2 at 19:07






          • 1





            If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

            – Dan Farrell
            Jan 2 at 19:43






          • 1





            I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

            – Gal Shahar
            Jan 2 at 19:49








          • 1





            That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

            – Dan Farrell
            Jan 2 at 19:52











          • Yeah that's right... But I'm working solo so my time is free (:

            – Gal Shahar
            Jan 2 at 19:55











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54010124%2fusing-aws-cognito-to-authenticate-users-in-my-own-api%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          2














          if you put your API behind API Gateway, you could use AWS IAM authentication for the API Gateway, an approach I find compelling because it means unauthenticated requests to API gateway don't trigger a backend request, and because I like to let AWS do the authentication for me ( AWS auth is "free" though Cognito identity pools are not) . I also like that api gateway can do a request limit so that malicious authenticated users can't take their cognito tokens and make a DoS attack on say a dynamo table.



          Otherwise I don't know a way to tie your application auth into AWS auth, so you're left bridging that gap with your own engineering effort.






          share|improve this answer
























          • I'll consider using API Gateway, although it costs extra money... Thanks!

            – Gal Shahar
            Jan 2 at 19:07






          • 1





            If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

            – Dan Farrell
            Jan 2 at 19:43






          • 1





            I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

            – Gal Shahar
            Jan 2 at 19:49








          • 1





            That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

            – Dan Farrell
            Jan 2 at 19:52











          • Yeah that's right... But I'm working solo so my time is free (:

            – Gal Shahar
            Jan 2 at 19:55
















          2














          if you put your API behind API Gateway, you could use AWS IAM authentication for the API Gateway, an approach I find compelling because it means unauthenticated requests to API gateway don't trigger a backend request, and because I like to let AWS do the authentication for me ( AWS auth is "free" though Cognito identity pools are not) . I also like that api gateway can do a request limit so that malicious authenticated users can't take their cognito tokens and make a DoS attack on say a dynamo table.



          Otherwise I don't know a way to tie your application auth into AWS auth, so you're left bridging that gap with your own engineering effort.






          share|improve this answer
























          • I'll consider using API Gateway, although it costs extra money... Thanks!

            – Gal Shahar
            Jan 2 at 19:07






          • 1





            If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

            – Dan Farrell
            Jan 2 at 19:43






          • 1





            I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

            – Gal Shahar
            Jan 2 at 19:49








          • 1





            That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

            – Dan Farrell
            Jan 2 at 19:52











          • Yeah that's right... But I'm working solo so my time is free (:

            – Gal Shahar
            Jan 2 at 19:55














          2












          2








          2







          if you put your API behind API Gateway, you could use AWS IAM authentication for the API Gateway, an approach I find compelling because it means unauthenticated requests to API gateway don't trigger a backend request, and because I like to let AWS do the authentication for me ( AWS auth is "free" though Cognito identity pools are not) . I also like that api gateway can do a request limit so that malicious authenticated users can't take their cognito tokens and make a DoS attack on say a dynamo table.



          Otherwise I don't know a way to tie your application auth into AWS auth, so you're left bridging that gap with your own engineering effort.






          share|improve this answer













          if you put your API behind API Gateway, you could use AWS IAM authentication for the API Gateway, an approach I find compelling because it means unauthenticated requests to API gateway don't trigger a backend request, and because I like to let AWS do the authentication for me ( AWS auth is "free" though Cognito identity pools are not) . I also like that api gateway can do a request limit so that malicious authenticated users can't take their cognito tokens and make a DoS attack on say a dynamo table.



          Otherwise I don't know a way to tie your application auth into AWS auth, so you're left bridging that gap with your own engineering effort.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jan 2 at 17:29









          Dan FarrellDan Farrell

          6,14711417




          6,14711417













          • I'll consider using API Gateway, although it costs extra money... Thanks!

            – Gal Shahar
            Jan 2 at 19:07






          • 1





            If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

            – Dan Farrell
            Jan 2 at 19:43






          • 1





            I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

            – Gal Shahar
            Jan 2 at 19:49








          • 1





            That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

            – Dan Farrell
            Jan 2 at 19:52











          • Yeah that's right... But I'm working solo so my time is free (:

            – Gal Shahar
            Jan 2 at 19:55



















          • I'll consider using API Gateway, although it costs extra money... Thanks!

            – Gal Shahar
            Jan 2 at 19:07






          • 1





            If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

            – Dan Farrell
            Jan 2 at 19:43






          • 1





            I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

            – Gal Shahar
            Jan 2 at 19:49








          • 1





            That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

            – Dan Farrell
            Jan 2 at 19:52











          • Yeah that's right... But I'm working solo so my time is free (:

            – Gal Shahar
            Jan 2 at 19:55

















          I'll consider using API Gateway, although it costs extra money... Thanks!

          – Gal Shahar
          Jan 2 at 19:07





          I'll consider using API Gateway, although it costs extra money... Thanks!

          – Gal Shahar
          Jan 2 at 19:07




          1




          1





          If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

          – Dan Farrell
          Jan 2 at 19:43





          If you're writing javascript anyway you might want to look at how the Serverless approach combines lambdas with API gateway. Pretty sure at the cost of those services you can save quite a bit of money if you can get away from running servers. Of course that starts to be a lot of stuff to learn and implement at once, but might be worth looking into.

          – Dan Farrell
          Jan 2 at 19:43




          1




          1





          I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

          – Gal Shahar
          Jan 2 at 19:49







          I used lambda before and found it very useful and cheap, but only when using it for very specific not too demanding purposes. Building a few thousands users app with lambda will cost much more than building your own API. See here: trek10.com/blog/lambda-cost . And also, It's an opportunity to learn a lot about JS and ec2 and other production systems (Like Docker and Kubernetes). Thank you, again!

          – Gal Shahar
          Jan 2 at 19:49






          1




          1





          That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

          – Dan Farrell
          Jan 2 at 19:52





          That's an awesome link to include for future readers. I also wanted to point out, that link fails to account for a huge part of real cost, the human involvement in setting up and managing the EC2 instance! Still, valid point.

          – Dan Farrell
          Jan 2 at 19:52













          Yeah that's right... But I'm working solo so my time is free (:

          – Gal Shahar
          Jan 2 at 19:55





          Yeah that's right... But I'm working solo so my time is free (:

          – Gal Shahar
          Jan 2 at 19:55




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54010124%2fusing-aws-cognito-to-authenticate-users-in-my-own-api%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Mossoró

          Image
            Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
          Read more

          Error while reading .h5 file using the rhdf5 package in R

          Image
          0 I'm importing a .h5 file into R by using the rhdf5 package. But a warning message showed and I found the DATE_TIME column of my data is NA when I view the imported file. Warning message: In H5Dread(h5dataset = h5dataset, h5spaceFile = h5spaceFile, h5spaceMem = h5spaceMem, : h5read for type 'TIME' not yet implemented. Values replaced by NA's. It's all normal when I use Vitables (Python) to open the .h5 file. But the DATE_TIME column is NA with HDFViewer open it. My code is: library(rhdf5) test <- h5read("mytestdata.h5", "/results") View(mydatatest) I want to use R to open .h5 file. Please give me some help! Thanks in advance! r hdf5 rhdf5 ...
          Read more

          Pushsharp Apns notification error: 'InvalidToken'

          Image
          1 1 I am currently working on automatic updates for Passbook (wallet) tickets and am experiencing some trouble using the Pushsharp library by Redth. I am using a Push notification certificate from the apple developer portal. I have tried to export my certificate as .p12, .pem and tried to use only the private key as .12 or .pem but nothing works. This is my full certificate (information is blanked out for security reasons): https://cdn.pbrd.co/images/HUJtb7b.png I dont have enough reputation to post images so a link is all i can provide. var succeeded = 0; var failed = 0; var attempted = 0; var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox, ConfigManager.CertPath + "PushCertificateV2.p12", ConfigManager.lvppass, fa...
          Read more