使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Share Cognito user pool between VPCS? Same IAC for more than one VPC?

0

Hi!

I have the main stack of my app deployed in one VPC. I'm using AWS Python CDK for my IAC and in this IAC I'm creating my Cognito user pool. Now I need to create another VPC with a new service that will use the same Cognito user pool. Can I share this resource between VPCs? Also should I create another IAC for this VPC? or can I use the same IAC I have?

Thank you!

主題
網路與內容交付管理與治理安全性、身分識別與合規AWS 雲端開發套件 (CDK)
標籤
Amazon VPCAWS CloudFormationAmazon CognitoAWS 雲端開發套件 (CDK)
語言
English
cao95
已提問 4 個月前檢視次數 186 次
2 個答案
1
已接受的答案

Hello.

Since Cognito is a regional resource, I think that applications in the same region can use the same user pool even if the applications are in separate VPCs.
Also, Cognito is not a service that runs within a VPC, so it can be used regardless of whether the VPC is separate or not.
https://docs.aws.amazon.com/cognito/latest/developerguide/application-client-based-multi-tenancy.html

Also should I create another IAC for this VPC? or can I use the same IAC I have?

If it's a completely different application, I think it's okay to split the stack.
https://docs.aws.amazon.com/cdk/v2/guide/stack_how_to_create_multiple_stacks.html

profile picture
專家
Riku_Kobayashi
已回答 4 個月前
profile picture
專家
Giovanni Lauria
已審閱 1 個月前
  • cao95
    4 個月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have? Is going to be a part of the main application but a diferent service. Should still be separated?

  • Riku_Kobayashi 專家
    4 個月前

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have?

    It is possible to define new AWS resources without splitting the stack. If the VPC configuration or AWS services used to host the application are different, I think it would be better to separate the CDK stack to improve the readability of the code.

    Is going to be a part of the main application but a diferent service. Should still be separated?

    Personally, I split my CDK stack by application. Since the same Cognito user pool will be used, I think that dividing only the stack without dividing the CDK project will improve the readability of the code and make it easier to manage. https://docs.aws.amazon.com/cdk/v2/guide/resources.html#resource_stack

1

Hi,

Sharing a Cognito user pool between VPCs is definitely possible, as the user pool is not tied to a specific VPC configuration and can be utilized across multiple VPCs or AWS accounts.

You can use the same CDK app to provision resources for multiple VPCs.
But, in case you want to create a separate CDK app for the second VPC since you are deploying it for a totally different service, then you can import the previously created Cognito User pool into your CDK code. [1]

References:
[1] https://repost.aws/questions/QU6sXRXAzXQze9wWNJz1TUAw/reference-resources-between-cdk-stacks

Thanks,
Atul

profile picture
IBAtulAnand
已回答 4 個月前
  • cao95
    4 個月前

    Thanks man! Really appreciate the help

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容