AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Share Cognito user pool between VPCS? Same IAC for more than one VPC?

0

Hi!

I have the main stack of my app deployed in one VPC. I'm using AWS Python CDK for my IAC and in this IAC I'm creating my Cognito user pool. Now I need to create another VPC with a new service that will use the same Cognito user pool. Can I share this resource between VPCs? Also should I create another IAC for this VPC? or can I use the same IAC I have?

Thank you!

トピック
ネットワークとコンテンツ配信管理とガバナンスセキュリティ、アイデンティティ、コンプライアンスAWS クラウド開発キット (CDK)
タグ
Amazon VPCAWS CloudFormationAmazon CognitoAWS クラウド開発キット (CDK)
言語
English
cao95
質問済み 4ヶ月前186ビュー
2回答
1
承認された回答

Hello.

Since Cognito is a regional resource, I think that applications in the same region can use the same user pool even if the applications are in separate VPCs.
Also, Cognito is not a service that runs within a VPC, so it can be used regardless of whether the VPC is separate or not.
https://docs.aws.amazon.com/cognito/latest/developerguide/application-client-based-multi-tenancy.html

Also should I create another IAC for this VPC? or can I use the same IAC I have?

If it's a completely different application, I think it's okay to split the stack.
https://docs.aws.amazon.com/cdk/v2/guide/stack_how_to_create_multiple_stacks.html

profile picture
エキスパート
Riku_Kobayashi
回答済み 4ヶ月前
profile picture
エキスパート
Giovanni Lauria
レビュー済み 1ヶ月前
  • cao95
    4ヶ月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have? Is going to be a part of the main application but a diferent service. Should still be separated?

  • Riku_Kobayashi エキスパート
    4ヶ月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have?

    It is possible to define new AWS resources without splitting the stack. If the VPC configuration or AWS services used to host the application are different, I think it would be better to separate the CDK stack to improve the readability of the code.

    Is going to be a part of the main application but a diferent service. Should still be separated?

    Personally, I split my CDK stack by application. Since the same Cognito user pool will be used, I think that dividing only the stack without dividing the CDK project will improve the readability of the code and make it easier to manage. https://docs.aws.amazon.com/cdk/v2/guide/resources.html#resource_stack

1

Hi,

Sharing a Cognito user pool between VPCs is definitely possible, as the user pool is not tied to a specific VPC configuration and can be utilized across multiple VPCs or AWS accounts.

You can use the same CDK app to provision resources for multiple VPCs.
But, in case you want to create a separate CDK app for the second VPC since you are deploying it for a totally different service, then you can import the previously created Cognito User pool into your CDK code. [1]

References:
[1] https://repost.aws/questions/QU6sXRXAzXQze9wWNJz1TUAw/reference-resources-between-cdk-stacks

Thanks,
Atul

profile picture
IBAtulAnand
回答済み 4ヶ月前
  • cao95
    4ヶ月前

    Thanks man! Really appreciate the help

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ