Secure your API Gateway with Amazon Cognito User Pools | Step by Step AWS Tutorial
Amazon Cognito is a powerful AWS service that enables user logins and federated identities. Cognito can be leveraged as an authentication and authorization mechanism for your APIs built through AWS API Gateway. In this video, I show you how to create an Amazon Cognito User Pool and attach it as an authentication handler to your API Gateway REST api.
Looking to get hands on experience building on AWS with a REAL project? Check out my course - The AWS Learning Accelerator! courses.beabetterdev.com/cour...
Interested in authentication using Lambda instead? Check out • Secure your API Gatewa...
📚 MY RECOMMENDED READING LIST FOR SOFTWARE DEVELOPERS📚
Clean Code - amzn.to/37T7xdP
Clean Architecture - amzn.to/3sCEGCe
Head First Design Patterns - amzn.to/37WXAMy
Domain Driver Design - amzn.to/3aWSW2W
Code Complete - amzn.to/3ksQDrB
The Pragmatic Programmer - amzn.to/3uH4kaQ
Algorithms - amzn.to/3syvyP5
Working Effectively with Legacy Code - amzn.to/3kvMza7
Refactoring - amzn.to/3r6FQ8U
🎙 MY RECORDING EQUIPMENT 🎙
Shure SM58 Microphone - amzn.to/3r5Hrf9
Behringer UM2 Audio Interface - amzn.to/2MuEllM
XLR Cable - amzn.to/3uGyZFx
Acoustic Sound Absorbing Foam Panels - amzn.to/3ktIrY6
Desk Microphone Mount - amzn.to/3qXMVIO
Logitech C920s Webcam - amzn.to/303zGu9
Fujilm XS10 Camera - amzn.to/3uGa30E
Fujifilm XF 35mm F2 Lens - amzn.to/3rentPe
Neewer 2 Piece Studio Lights - amzn.to/3uyoa8p
💻 MY DESKTOP EQUIPMENT 💻
Dell 34 inch Ultrawide Monitor - amzn.to/2NJwph6
Autonomous ErgoChair 2 - bit.ly/2YzomEm
Autonomous SmartDesk 2 Standing Desk - bit.ly/2YzomEm
MX Master 3 Productivity Mouse - amzn.to/3aYwKVZ
Das Keyboard Prime 13 MX Brown Mechanical- amzn.to/3uH6VBF
Veikk A15 Drawing Tablet - amzn.to/3uBRWsN
🌎 Find me here:
Twitter - / beabetterdevv
Instagram - / beabetterdevv
Patreon - Donations help fund additional content - / beabetterdev
#AWS
#Cognito
Пікірлер: 260
love that you don’t scrub the mistakes out of your videos. thats how real life goes, and i feel it’s important for those new to the industry to see their seniors working through mistakes. great video.
@BeABetterDev
Жыл бұрын
Mistakes happen in real life! Its important to see the whole process :D
Great video! At this point 23:45 , to avoid having to manually change from "code" to "token" in the redirect, you just have to select "Implicit grant" only when setting the OAuth 2.0 Auth Flow at 7:20 !
@shishamo-san
7 ай бұрын
Thank you:)
@manavkhandurie3591
4 ай бұрын
Thank you so much
This was a brilliant tutorial. I have watched many videos from various people on youtube, udemy and you name it, I have been on the sites. Yet you talked in such a, lets get this done and ill show you manner instead of lots of talking but spoke about a process when needed was just great. I learned alot from this, thank you. I subbed and liked this video.
@BeABetterDev
3 жыл бұрын
Thank you so much for your kind words Daryl. I always try to present my content in a relatable way that synthesizes the complexity of a topic into an easy to understand presentation. I'm glad you found this useful - and thank you for the kind words! Daniel
This video made me subscribe to your channel immediately. It's impressing how easy to understand from you, especially after spending hours on understanding nothing about the topic.
I want to thank you! This lesson was really helpful and straightforward. Congratulations!
@BeABetterDev
2 жыл бұрын
You're very welcome Ricardo! Thanks for the kind words!
BeABetterDev: Thanks for putting this video together. I followed the API Gateway Lambda one and this version with Cognito. The option is Cognito is much richer and I will be exploring it with my app. It is good that the video is also an actual workthrough with details and it was easy and nice to follow and I was able to replicate the results.
@BeABetterDev
2 жыл бұрын
Glad this was helpful!
Was stuck with this for a couple of hours now. Didn't realize that you need to deploy the API after making changes. This video really helped me. Thanks!
@BeABetterDev
3 жыл бұрын
You're very welcome!
This is a really great video, simple and straightforward. thanks a lot
This video along with your RDS lambda integration video is pretty much all you need to get a robust web app going super quickly. Great content. EDIT: In case you ever read this, do you have any insight how you might apply RBAC with this strategy?
This is amazing, this helps me a lot in building side projects user authentication!!
THANK YOU!!! I spent my entire day trying to figure out why I wasn't getting the id_token returned and it was because the URL i was using didn't have openid added to the URL!!!! I read every doc and stack overflow article I could find, thank you for making this video!! You got yourself another subscriber :D
@BeABetterDev
2 жыл бұрын
Hi Jake, Super glad I was able to help you out. Thanks so much for the kind words and welcome to the channel! Daniel
Thank you for the well explaination of the Cognito and the demo.. It worked smoothly for me following the steps you mentioned..
amazing video, just right speed and right contents for api security with AWS
Mind blown... Was looking for exactly this. Fantastic.
@BeABetterDev
2 жыл бұрын
Glad you enjoyed Rohit!
Great work! I have learnt a lot from your video. Thank you and all the best :)
Amazing job,man. THANK YOU SO MUCH
Hello. Thank you so much. This step by step video is a gold mine !
@BeABetterDev
2 жыл бұрын
You're very welcome Sebastien!
Dude, this video is gold. Thank you 🙏
Exactly what I was looking for. Thanks! You just got yourself another sub
@BeABetterDev
2 жыл бұрын
Thanks Tonislav and welcome to the channel!
Actually practical thanks a lot. This has helped me a lot.
This was great! awesome job Daniel!
@BeABetterDev
3 жыл бұрын
Thanks Craig! Glad you enjoyed :)
Excellent! Thanks so much!
You're an absolute mad lad! saved me hours of reading docs lol
@BeABetterDev
2 жыл бұрын
You're very welcome Cachuela!
this just saved a ton of time. Forgot to deploy API and was using the test URL or some shit. Thanks bro
@BeABetterDev
Жыл бұрын
You're very welcome Scott! I've been bitten by that problem too many times.
Thanks for great practical explanation! Very useful video.
@BeABetterDev
2 жыл бұрын
Glad it was helpful!
Thank you for your videos. They are amazing, the notification is enabled in order to receive news content 😀
@BeABetterDev
2 жыл бұрын
Thanks Cas!
thank you very much, that's just what i needed
Thanks for the great video! I'd gotten past the initial login step just fine but had no idea what to do with the tokens passed back. Got a bit of template work to do linking the Lambdas/Gateway/Cognito but it should be easy peasy thanks to your demo.
Great video its really helps me to secure apigateway with cognito userpool
Thanks for this, just what I needed. Next, can you show how to provide access to user to a subset of lambda functions or APIs, instead of access to all?
Nicely explained! Even I understand it. :) Thank You!
@BeABetterDev
3 жыл бұрын
Thanks etseale! Glad you enjoyed :)
Thanks bro, nice video. Highly appreciate it.
Thanks, this is just an excellent tutorial !!!
@BeABetterDev
2 жыл бұрын
Thanks V! Glad you enjoyed :D
Bhai aapne balle balle karwa di!
thank youuuu for this tutorial. Helped me a lot!!
@BeABetterDev
2 жыл бұрын
You're very welcome!
Superb video, great stuff many thanks for posting
Awesome explanation
This was so helpful--thanks a ton!
@BeABetterDev
2 жыл бұрын
You're very welcome!
Thank you very much, this video helped me a lot.
@BeABetterDev
3 жыл бұрын
You're welcome!
Awesome Man, Thanks for the hard way tip!! 😇😇
Cool! awesome demo and great explanation.
@BeABetterDev
2 жыл бұрын
Thanks Erick! Glad you enjoyed.
Thanks for making the tutorial video. This video helps me a lot.
Nice explanation. Thank you
love this video, more on serverless architecture pls
@BeABetterDev
3 жыл бұрын
Thanks Dee, more coming soon!
Thanks for great explanation !
@BeABetterDev
3 жыл бұрын
You are welcome!
Masterclass. Thank you 🙏🚀
@BeABetterDev
2 жыл бұрын
You're very welcome Torey!
Very nice tutorial bro!
Who were those with 5 downvotes? Perhaps this was one of the best and easiest tutorials to understand the concepts.
@jasoncampbell1464
4 ай бұрын
Plot twist, you don't see the number of downvotes unless you downvoted yourself
Thanks bro you saved me!!!!!!!! great video
Love this video! The only thing I've found different in my scenario is that passing the Authorization header won't work with the access token. It only works with the id token for some reason
Nicely explained
Great explanations!! One question, on authorizer test , you used Token id but calling the api path from Postman you put in header the access token instead. Whats the difference and why each one needed in the corresponding scenario?
So nice & useful...
Awesome video, thanks bud!
@BeABetterDev
2 жыл бұрын
You're very welcome Tasleem!
Fantastic video, I really appreciate it. In my case though, I’d like to use Cognito in kind of a stateless situation, I would prefer to enter the login and password in the header ( or base64 version of it with basic authentication) instead of logging in to get it token first. Reason being I’m connecting it from the output of other web services that do something and there isn’t really the mechanism to get a temporary token. Any ideas how to do that?
This was great! Thanks a lot. Now I just need to figure out how to IaC this with Terraform!
@BeABetterDev
3 жыл бұрын
You're very welcome! For IaC, check out CDK! It can compile down to Terraform!
Thank you for the lesson)
Freaking amazing video!! Kudos for u! Learned a lot!
@BeABetterDev
2 жыл бұрын
You're very welcome Rodrigo!
Good demo
This is gold. Thanks man
@BeABetterDev
3 жыл бұрын
You're very welcome Dek!
You are the best bro, thanks.
@BeABetterDev
2 жыл бұрын
Thanks Jasu!
Thanks a lot! Great explanation.
@BeABetterDev
2 жыл бұрын
You're very welcome Pakito!
Great video! Just a question - how come when you point to the URL for the API it does not redirect to the login page? or would you need to create that in your client side code in something like an "IF" statement?
Thanks, awesome job!
@BeABetterDev
2 жыл бұрын
You're very welcome Mohammad!
Excellent video
@BeABetterDev
2 жыл бұрын
Thank you very much Fahim!
23:49 I guess you don't have to do that manually if you allow only the 'Implicit grant' when you check the 'Allowed OAuth Flows' section at 7:25 which would set the response_type to token automatically. But, this is not suggested unless you're using a Single Page App without any backend
Simple and super video...
@BeABetterDev
Жыл бұрын
Thank you!
Thanks a lot, you saved my day
you're a king
Excellent
thanks u! I get stuck until get your video!
@BeABetterDev
2 жыл бұрын
Glad I was able to help Long!
helpful video, thanks.
@BeABetterDev
Жыл бұрын
You're welcome!
Thanks. I was waiting to see at the end the web page with the fields requesting for username and pw
Thanks!
very helpful. Thanks a lot
@BeABetterDev
2 жыл бұрын
You're very welcome!
Thank you very much
@BeABetterDev
2 жыл бұрын
You're very welcome!
OMG...yes i need this useful video...
@BeABetterDev
3 жыл бұрын
Thank you! Hope you enjoy :)
Can you use as callback the API url? It should be possible to configure the authorizer I believe to read the token of callback. Thank you for the helpful video
This video is amazing! Very generous of you to take time and publish this for public viewing. Just out of curiosity is it possible for a user to login via the HostedUI and then have access to api gateway via the browser? If you don't have tech savy customers they likely don't want to access the API via Postman but would prefer to just login and have access, any chance if you know this is possible ? Thanks so much again :)
@BeABetterDev
2 жыл бұрын
Hi Jonathan, Hm, I don't think this is possible using any out of the box tools unfortunately. Sorry to share the bad news. I think it wouldn't be too much work to create a simple React app with a couple input boxes / text areas to call the corresponding UI once logged in. Thanks so much for the kind words! Daniel
@SilviasBrainery
Жыл бұрын
@@BeABetterDev i guess this answers my question.....
thank you for this video
@BeABetterDev
3 жыл бұрын
You're very welcome Zanele!
Is there a way to make the cognito-authorizer only allow certain usergroups from Cognito to invoke the lambda or do I need to make own lambda authorizer?
Great video. I think there's a little change in the way the authorization token is validated in the api gateway, in order to send a request using postman make sure you send the token using the Authorization tab and selecting "Bearer " on the dropdownlist. Do not include the token on the URL as this will not be correctly authorized by api gateway.
@SilviasBrainery
Жыл бұрын
Can you explain this a little more, please?
thank you
genius, brilliant
i am trying to use this method with amplify base vue app. got some pointers going to explore
thank you very much bro i want to like that video 100000000 time
@BeABetterDev
2 жыл бұрын
You're very welcome!
Thank you so much
@BeABetterDev
2 жыл бұрын
Very welcome
Awesome
Thanks.
Thank you, sir
I liked the tutorial, very clear and precise. how do you accomplish machine to machine authentication ie. using a client id and secret (from my shallow understanding). as I understand I would either send the client id and secret to the endpoint, and the api gateway will take care of it, which is a better option in my opinion. the other other would be to request an access token (using the id and secret) and then using that to authenticate. what is the "right" way?
So nice video, I love it, can I ask to get the token, you ammend the URL from code to token, however if my user wants to get this value programmatically, how they would do that?
Thanks for this video. Question. Why does AWS not require "Bearer" in the Authorization header like seems to be standard everywhere else?
Muy agradecido! Gracias!
@BeABetterDev
2 жыл бұрын
You're very welcome Moises!
If I understand correctly what you did is basically by writing token into the URL you switched from "Authorization code" grant to "Implicit" grant type. If you're using a URL that's outside of AWS and travels through the web use code instead and use the Token endpoint of the identity provider (in this case Cognito), to get a token in the Body, and post it as a header in the HTTP Request, not as the part of the URL itself.
How can we give access to a specific API to a user using the cognito authorizer?
Top man! Thank you for creating this - and including the fail! lol
@BeABetterDev
2 жыл бұрын
You're very welcome! The fails just adds to the realism :P Cheers
@inacomic
2 жыл бұрын
@@BeABetterDev Hi 👋 Do you have a video walking through adding a cognito user to a dynamodb?
Currently running into issues trying to adapt this to the "HTTP API" on API Gateway to use Cognito User Pools as an authorizer but stumbling on the step about JWT as a source. I'll fumble my way through it and I wanted to say that I am grateful your content getting me this far. Authorizing the new HTTP API Gateway could be another idea for content if that's something to add to your list of content ideas. Thanks for the high quality content though ^_^
@BeABetterDev
3 жыл бұрын
Hey josh, Have you tried taking a look at my video on HTTP APIs in API Gateway? I think you can possibly combine the content from this video and the one below. kzread.info/dash/bejne/f21l2LqdmtnLZ6Q.html Hope this helps. Daniel
@JoshPeak
3 жыл бұрын
@@BeABetterDev thanks for the reply. I managed to fumble my way through it with this video kzread.info/dash/bejne/oWuDqtGghca4naw.html The one you just linked me, filled in some gaps for me about logging and cloud watch. 👏 Thanks again for all of your content. I’ve smashed the like 👍 button on all the videos that I have watched (to feed the algorithm).
@BeABetterDev
3 жыл бұрын
Thanks so much Josh! I'm glad you were able to work through it and appreciate the support! Thanks again and stay safe :)
Thanks for a great tutorial. Can you also share on how I can get the apigateway endpoint to be open (no auth) but being able to retrieve cognito user information if user is logged in? I've been looking for way to retrieve cognitoAuthenticationProvider. If user is not logged in, it'll be either empty or unauthorized. If logged in, user id will be there.
This was awesome, but could you show how I could get from curl/Postman how to get the access token?