SlideShare a Scribd company logo

Fortify your API's

Amazon Web Services
Amazon Web Services

This document discusses using Amazon Cognito and API Gateway to securely authenticate and authorize users for APIs. It describes how Cognito Identity Pools can federate with Google for authentication, issue temporary security credentials, and use IAM roles and policies to authorize access to API Gateway resources and backend services like DynamoDB. The document advocates using this approach to add authentication and authorization to APIs in a scalable way.

1 of 19
Download to read offline
Fortify your API PRAVEEN BHAT, AWS SOLUTIONS ARCHITECT © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introduction • Identity is mission critical for your applications • Different clients with different levels of confidentiality Amazon CognitoAmazon API Gateway
Amazon Cognito User Pools You can easily and securely add sign-up and sign-in functionality to your mobile and web apps with a fully-managed service that scales to support 100s of millions of users. Identity Pools Your users can sign in with third-party identity providers, such as Facebook and SAML providers, or Cognito and you can control access to AWS resources from your app.
Use Case Demo World /google Cognito (Identity Pool)
Cognito Identity Pools (Federation with Google) Demo World
Cognito Identity Pools (Federation with Google) Demo World 1. Authenticate
Cognito Identity Pools (Federation with Google) Demo World 1. Authenticate 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 2. Custom token(s) sent to app 3. Token(s) forwarded to the associated identity pool
Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 3. Token(s) forwarded to the associated identity pool 4. Validate token with IdP 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP 6. Send temporary creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app IAM 5. Request AWS creds
Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 6. Send temporary creds IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) IAM 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) /google /cup /cip IAM 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) /google /cup /cip Lambda DynamoDB IAM 1. Authenticate 2. Custom token(s) sent to app 3. Token(s) forwarded to the associated identity pool 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds 5. Request AWS creds
Summary • Federate with Google to authenticate using Cognito Identity Pool • Leverage AWS IAM Roles & Policy to authorize your APIs
Call for action
Scan QR Code for More Information
Thank You

Recommended

(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon CognitoAmazon Web Services
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 

Recommended

(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon CognitoAmazon Web Services
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Web Services
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...
AWS Mobile Services: Amazon Cognito - Identity Broker and Synchronization Ser...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsDay 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsAmazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
AWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to BasicsAWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to BasicsAdam Book
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Cloud-powered Mobile Apps
Cloud-powered Mobile AppsCloud-powered Mobile Apps
Cloud-powered Mobile AppsDanilo Poccia
 
Building Event-driven Serverless Apps
Building Event-driven Serverless AppsBuilding Event-driven Serverless Apps
Building Event-driven Serverless AppsDanilo Poccia
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSAmazon Web Services
 
AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideRobert Senktas
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Amazon Web Services
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesAmazon Web Services
 
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017Amazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
 

More Related Content

What's hot

Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Amazon Web Services
 
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsDay 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsAmazon Web Services
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
AWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to BasicsAWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to BasicsAdam Book
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAmazon Web Services
 
Cloud-powered Mobile Apps
Cloud-powered Mobile AppsCloud-powered Mobile Apps
Cloud-powered Mobile AppsDanilo Poccia
 
Building Event-driven Serverless Apps
Building Event-driven Serverless AppsBuilding Event-driven Serverless Apps
Building Event-driven Serverless AppsDanilo Poccia
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSAmazon Web Services
 
AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideRobert Senktas
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Amazon Web Services
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesAmazon Web Services
 
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017Amazon Web Services
 

What's hot (20)

Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
 
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKsDay 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
Day 2 - Delivering Media Mobile Apps Using the AWS Mobile & Javascript SDKs
 
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
AWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to BasicsAWS Atlanta meetup cognit Back to Basics
AWS Atlanta meetup cognit Back to Basics
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon Cognito
 
Cloud-powered Mobile Apps
Cloud-powered Mobile AppsCloud-powered Mobile Apps
Cloud-powered Mobile Apps
 
Building Event-driven Serverless Apps
Building Event-driven Serverless AppsBuilding Event-driven Serverless Apps
Building Event-driven Serverless Apps
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWS
 
AWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical GuideAWS Cognito User Pool - Practical Guide
AWS Cognito User Pool - Practical Guide
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
 
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
Raleigh DevDay 2017: Driving User Engagement and App Success with AWS Pinpoin...
 
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Authentication across the Atlassian Ecosystem - AtlasCamp 2011
Authentication across the Atlassian Ecosystem - AtlasCamp 2011
 
Build Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile ServicesBuild Your Mobile App Faster with AWS Mobile Services
Build Your Mobile App Faster with AWS Mobile Services
 
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
Building Mobile Apps, APIs, and Chatbots on AWS - DevDay Los Angeles 2017
 

Similar to Fortify your API's

(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Amazon Web Services
 
Delivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile ServicesDelivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile ServicesAmazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...Riddhi Shree
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
 

Similar to Fortify your API's (20)

(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
 
Delivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile ServicesDelivering Mobile Apps Using AWS Mobile Services
Delivering Mobile Apps Using AWS Mobile Services
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
 
Mobile Application Development
Mobile Application DevelopmentMobile Application Development
Mobile Application Development
 
Mobile Application Development
Mobile Application DevelopmentMobile Application Development
Mobile Application Development
 
Mobile applicationdevelopment
Mobile applicationdevelopmentMobile applicationdevelopment
Mobile applicationdevelopment
 
Federation
FederationFederation
Federation
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Fortify your API's

  • 1. Fortify your API PRAVEEN BHAT, AWS SOLUTIONS ARCHITECT © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 2. Introduction • Identity is mission critical for your applications • Different clients with different levels of confidentiality Amazon CognitoAmazon API Gateway
  • 3. Amazon Cognito User Pools You can easily and securely add sign-up and sign-in functionality to your mobile and web apps with a fully-managed service that scales to support 100s of millions of users. Identity Pools Your users can sign in with third-party identity providers, such as Facebook and SAML providers, or Cognito and you can control access to AWS resources from your app.
  • 5. Cognito Identity Pools (Federation with Google) Demo World
  • 6. Cognito Identity Pools (Federation with Google) Demo World 1. Authenticate
  • 7. Cognito Identity Pools (Federation with Google) Demo World 1. Authenticate 2. Custom token(s) sent to app
  • 8. Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 2. Custom token(s) sent to app 3. Token(s) forwarded to the associated identity pool
  • 9. Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 3. Token(s) forwarded to the associated identity pool 4. Validate token with IdP 2. Custom token(s) sent to app
  • 10. Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
  • 11. Cognito Identity Pools (Federation with Google) Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP 6. Send temporary creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app IAM 5. Request AWS creds
  • 12. Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 6. Send temporary creds IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
  • 13. Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) IAM 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds IAM 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
  • 14. Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) /google /cup /cip IAM 1. Authenticate 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds 5. Request AWS creds 3. Token(s) forwarded to the associated identity pool 2. Custom token(s) sent to app
  • 15. Cognito Identity Pools (Federation with Google) API Gateway Demo World Cognito (Identity Pool) /google /cup /cip Lambda DynamoDB IAM 1. Authenticate 2. Custom token(s) sent to app 3. Token(s) forwarded to the associated identity pool 4. Validate token with IdP 7. Call API GW resource 8. Check IAM Policy 6. Send temporary creds 5. Request AWS creds
  • 16. Summary • Federate with Google to authenticate using Cognito Identity Pool • Leverage AWS IAM Roles & Policy to authorize your APIs
  • 18. Scan QR Code for More Information