( This is going to be placeholder, as I learn more about how to build modern apps on AWS using various amazon webservices, such as : Amazon Cognito, Lambda, Stepfunctions, S3 for storage, Cloudwatch for monitoring, Raytracing for distributed tracing etc , updated almost daily, until I complete the course)
When we want to build modern Java apps on AWS, what do we mean by that ?
Modern Java app on AWS - workflow
- Firstly, we are going to have an end 2 end project running on AWS.
- By end 2 end, in the sense, there's going to be user authentication/ authorization using Amazon Cognito
- Amazon S3 will be used to store some data
- Amazon API Gateway will be used to design APIs and perform traffic monitoring, providing security to the APIs.
- Amazon Lambda will be used to retrieve data from S3, when a GET API is invoked. And for adding data to S3, a POST API will be used. But for posting data, there will be a validation performed and then data will be posted to S3. Since we have stepwise approach to add data, we would leverage Amazon Step Functions to do that.
- Amazon CloudWatch will be used for monitoring. Amazon RayTracing will be used for distributed tracing purposes.
Overall that's the end2end project for building modern Java apps on AWS.
So, we will be leveraging the serverless capabilities of Amazon Lambda, along with the authentication services of Amazon Cognito.
Amazon Cognito
User Authentication & Authorization workflow with Amazon Cognito & API Gateway
- Within Amazon Cognito, there is a user pool maintained. For example, you could maintain data like: useremail and password.
- And then use this capability to authenticate the users.
- The next thing is Amazon Cognito can be integrated with 3rd party identity providers for authentication purposes. For example, OpenIDConnect, Social Sign-in providers. This is based on OAuth2 technology.
- For example, once user signs in with Facebook, a token will be generated and sent to the user. The user will exchange this token with Amazon Cognito and Amazon Cognito will validate that token with the identity provider. Once validated, Amazon Cognito will provide a JWT token to the user/client.
- Client can then provide this JWT token to API Gateway, in order to access an API.
- API Gateway will then, validate this JWT token with Cognito, against this user/client. And once validated, will allow the user/client to access the backend API, which is proxied by APIGateway.
The above flow is called Federation with Cognito user pools, wherein the identity is authenticated via identity providers.
Federated Identities
Apart from this , Cognito also has another feature called Federated identities. And with this, basically, once identity is authenticated with identity provider, that is used to assign IAM role, with which AWS services can be accessed, including API Gateway.
Unauthenticated Identities
There's another small feature within Amazon Cognito, which is unauthenticated identities, which is used, where users don't want to share their identities, but still are allowed to access AWS services, but the scope would be limited.
HostedUI
Amazon Cognito also has a nice functionality called: hostedUI - using which you can signup and signin users, if you are not going for 3rd party identity providers.
So, you can define the redirect URI, once the user is signed in.
For example, you can have a webpage within your website, which can be treated as your callback html file.
Amazon Lambda
Amazon Lambda is powered by a virtualization technology called Firecracker. Using this, microvm's are created, which is used for execution of code within lambda.
Learning continues....
Top comments (0)