使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Share Cognito user pool between VPCS? Same IAC for more than one VPC?

0

Hi!

I have the main stack of my app deployed in one VPC. I'm using AWS Python CDK for my IAC and in this IAC I'm creating my Cognito user pool. Now I need to create another VPC with a new service that will use the same Cognito user pool. Can I share this resource between VPCs? Also should I create another IAC for this VPC? or can I use the same IAC I have?

Thank you!

主题
网络和内容交付管理与治理安全、身份和合规性AWS 云开发工具包 (CDK)
标签
亚马逊 VPCAWS CloudFormationAmazon CognitoAWS 云开发工具包 (CDK)
语言
English
cao95
已提问 4 个月前186 查看次数
2 回答
1
已接受的回答

Hello.

Since Cognito is a regional resource, I think that applications in the same region can use the same user pool even if the applications are in separate VPCs.
Also, Cognito is not a service that runs within a VPC, so it can be used regardless of whether the VPC is separate or not.
https://docs.aws.amazon.com/cognito/latest/developerguide/application-client-based-multi-tenancy.html

Also should I create another IAC for this VPC? or can I use the same IAC I have?

If it's a completely different application, I think it's okay to split the stack.
https://docs.aws.amazon.com/cdk/v2/guide/stack_how_to_create_multiple_stacks.html

profile picture
专家
Riku_Kobayashi
已回答 4 个月前
profile picture
专家
Giovanni Lauria
已审核 1 个月前
  • cao95
    4 个月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have? Is going to be a part of the main application but a diferent service. Should still be separated?

  • Riku_Kobayashi 专家
    4 个月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have?

    It is possible to define new AWS resources without splitting the stack. If the VPC configuration or AWS services used to host the application are different, I think it would be better to separate the CDK stack to improve the readability of the code.

    Is going to be a part of the main application but a diferent service. Should still be separated?

    Personally, I split my CDK stack by application. Since the same Cognito user pool will be used, I think that dividing only the stack without dividing the CDK project will improve the readability of the code and make it easier to manage. https://docs.aws.amazon.com/cdk/v2/guide/resources.html#resource_stack

1

Hi,

Sharing a Cognito user pool between VPCs is definitely possible, as the user pool is not tied to a specific VPC configuration and can be utilized across multiple VPCs or AWS accounts.

You can use the same CDK app to provision resources for multiple VPCs.
But, in case you want to create a separate CDK app for the second VPC since you are deploying it for a totally different service, then you can import the previously created Cognito User pool into your CDK code. [1]

References:
[1] https://repost.aws/questions/QU6sXRXAzXQze9wWNJz1TUAw/reference-resources-between-cdk-stacks

Thanks,
Atul

profile picture
IBAtulAnand
已回答 4 个月前
  • cao95
    4 个月前

    Thanks man! Really appreciate the help

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容