Cognito Support?


#1

There is documentation stating that jets support Cognito User Pools, but there isnt examples on how to use it?

How would I use Jets for an existing Cognito User Pool?


#2

Currently don’t have detailed docs for this yet. It was a contributor PR that added support at the API Gateway routing layer: https://github.com/tongueroo/jets/pull/74/files So believe he’s using it.

When you set the config.api.authorization_type, it sets https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html#cfn-apigateway-method-authorizationtype Will need to play with it more to figure it out actually. If you figure it out, am interested.


#3

I’ll give it a shot and if I get it working, I’ll let you know


#4

I’m using cognito to restrict access to the resources created by Jets. As @tung mentions, from a Jets configuration it is as simple as setting config.api.authorization_type = ‘AWS_IAM’.

For this all to work you will need the following:

Cognito user pool

Cognito Identity Pool

  • Add you user pool as an authentication provider for this identity pool
  • Create a role/policy for unathenticated users and attach
  • Create a role/policy for authenticated users and attach. The policy on the role needs the following permission for your api "execute-api:Invoke"

So now once you have a user authenticate through your user pool, they will be assigned the Authenticated Role created above. If you are using AWS Amplify API it will automatically put the appropriate AWS Sig4 header values needed to make it past the API gateway.
Should be as simple as that at least for my use case of locking down the API to authenticated users. I’m not doing any more than that right now.