This article, part of our Serverless architecture consulting series, is a technical guide to using AWS Cognito for User Management in a Serverless application.
The most common component of web applications is a user management system that facilitates sign up, sign in, creation of a user profile and assigning permissions so the user can securely access appropriate application features and functionalities.
Regardless of the Serverless Cloud vendor they are native to, all Serverless user management components are similar and include the following features:
* secure authentication and authorisation of the user (sign up, sign in, forgot-change password flow, multi-factor authorization)
* out-of-the-box customizable hosted UI or SDK
* identity provider federation (single sign on with existing accounts from Amazon, Google, Facebook, Twitter)
* user migration
* flexible app integration with customized authentication flow if needed
* Cloud resources secured by configuration only
* any other integrated server resources secured via token verification (a short code)
* scalable to millions of users without having to change anything
* single sign on across multiple Apps (register once, one User profile, use for all apps)
Let’s see the integration of a User Management component in action with AWS Cognito the example. You’ll see just how easy it can be to configure.
1) Login to your AWS account and select Services from the navigation. You’ll find Cognito under the Security, Identity & Compliance category.
2) Select the AWS regions in which you want to instantiate the User Management component. You want geographically proximity to as many of your customers as possible.
3) Click on ‘Create a User Pool’ and type in name (like TestAppUserPool)
4) Click on the Review defaults and Create Pool button in an opened window.
Now your User Pool is created.
5) Configure a Client application which will use this user management component (it can be shared between different applications). Be careful and uncheck the Generate client secret checkbox.
6) Configure Client application settings to integrate created App client with User pool. Choose callback URL’s for sign in / sign out requests (http://localhost:4200 on screenshot)
7) Configure a domain name for your User pool UI, by selecting App integration->Domain name and typing domain prefix, check availability and save changes.
That’s it. You have created and configured your first User management Serverless component which you can use now in your web application. You can use it to secure your web/mobile application resources with AWS SDK, AWS Amplify and Serverless Framework.
Now check it your browser is going to address:
DOMAIN_NAME - from step 7
AWS_REGION - from step 7
APP_CLIENT_ID - from step 5
REDIRECT_URL - from step 6
You should see an AWS User Management login form which can be easily customized to your needs in the UI Customization settings of your AWS Cognito User Pool.
Try to sign up to your application and after passing through the registration process, which by default is protected with an email verification code (put a real email during registration to see it), sign in and you’ll be redirected to the URL you have chosen at step 6.
You can find your newly registered user in General settings->Users and groups of your User Pool.
There are a lot of configurations available on your user pool, from required fields and password strength policies to multi-factor authorization and single sign on with different Identity providers (Twitter, Facebook).
There are many alternatives to AWS Cognito as a User Management Serverless component. Other Cloud providers and 3rd party vendors all offer components with almost identical core features and functionalities. Some examples are: Auth0, Google IAM and the Azure Active Directory.
All of them share similar features and can be considered if your infrastructure means another choice than AWS Cognito is more appropriate (eg. If using Windows Servers – consider the Azure user management component).
You can read more about the different qualities of the major Serverless providers in our article Serverless Architecture for Modern Apps: Stacks Providers & Caveats.
We hope this step-by-step guide to the features and configuration of the AWS Cognito User Management component help demonstrate just how powerful and convenient contemporary Serverless components have become
Munich-based Krusche & Company have established themselves as one of Germany and Europe's most trusted serverless development outsourcing agencies. With over 20 years of experience working with partners that range from blue chip brands to SMEs and exciting start-ups, our German management and nearshored developer talent offers a perfect blend of communication, quality and price point.
We specialise is Cloud-based, DevOps web development, architecture and consultancy. We'd be delighted to hear from you regarding any Serverless development projects or broader Serverless transition strategy your organisation may need experienced help with.