- Más nuevo
- Más votos
- Más comentarios
The built-in Cognito authentication for ALB primarily focuses on browser-based session authentication using cookies. If you're relying on JWT tokens provided in headers, especially for API-like behavior, the ALB built-in feature may not be the best fit for this scenario.
Hello. If you're using Amazon Cognito along with an Application Load Balancer (ALB) and want to perform authentication and authorization based on JWT tokens from Cognito, you can indeed leverage ALB's built-in authentication actions with Cognito.
Here's a basic outline on how you can achieve this:
Setting up Cognito:
- Set up an Amazon Cognito user pool.
- Integrate your external identity provider (IDP) with Cognito.
- Note the domain name and the ARN of the user pool client.
Configuring the ALB:
- In the Amazon EC2 console, select your ALB.
- Choose the "Listeners" tab and then "View/edit rules" for the listener.
- Choose the "+" to add a rule.
- Choose "Insert Rule", and then select "add condition" for the source IP addresses.
- Choose the check mark to save the action, and then choose the check mark to save the rule.
- In the "Advanced" condition, select "Authenticate" and then "Cognito".
- For "Authenticate using Cognito", choose the user pool, client ID, and domain that you configured in the Cognito console.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html
Regards, Andrii
Hello Andrii, Sorry, but I omitted some info (my mistake). I need to accept requests with a valid auth token header and Cognito is blocking it if I don't have a valid cookie session. Thanks again.
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años