Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. Finding the right identity solution can often be challenging. In this session, we will look at how Cognito can support a wide range of authentication scenarios including customers, employees and systems to help you make the right choices.
Speaker: Stephen Liedig. Solutions Architect. Amazon Web Services
Level: 300
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
- Understand user identity and federation principles and practices
- Learn how Amazon Cognito works with federated identity providers
- See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
- Understand user identity and federation principles and practices
- Learn how Amazon Cognito works with federated identity providers
- See how to use Amazon Cognito to add the forms for user Sign-up and Sign-in to an application
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Getting Started with your User Pools in Amazon Cognito - AWS June 2016 Webina...Amazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives: • Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily • Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
1. Understand Cognito’s comprehensive feature set and benefits
2. Learn how to use Cognito to address different needs for user management and authorization
3. See how to get started and learn more
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
In this talk, we’ll take well known architectural patterns such as 3-tier web application, stream processing, scheduled jobs and show how they can be realized without needing to manage servers.
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
Streamline your mobile app sign-up experience with Amazon Cognito. In this session, we demonstrate how to use Cognito to build secure mobile apps without storing keys in them. Learn how to apply policies to existing Facebook, Google, or Amazon identities to secure access to AWS resources, such as personnel files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Scaling your Mobile App Development in the Cloud - DevNexusTara Walker
The presentation done for DevNexus about Mobile Cloud Services. Presentation explores and demos services that help you scale your Mobile development to new heights by including Cloud as an integrated part of mobile development.
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
By leveraging "serverless architectures", startups and enterprises are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. You learn the real-world design patterns that AWS customers use to implement authentication and authorization. By combining Amazon Cognito identity pools and user pools with API Gateway, AWS Lambda, and AWS IAM, you can add security without adding servers.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
AWS Mobile Week at the San Francisco Loft
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...Amazon Web Services
Learn how to build a powerful Android app that leverages a variety of AWS services. In this three-hour, demo-heavy workshop, we show how you can build a modern native client app using the AWS Mobile SDK that uses a number of cross-platform mobile cloud services directly with minimal code on the client. We share best practices for building a highly scalable backend so you can add your own functionality. This is a step-by-step journey where you configure and add components to your architecture, then modify and test your components inside a mobile location-based messaging application. In the end, you will have a mobile application with your own backend consisting of different AWS services including: Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Push Notification, Amazon S3, Amazon CloudFront, Amazon CloudSearch, Amazon DynamoDB, Amazon SQS, and AWS Elastic Beanstalk.
Integrating an App with Amazon Web Services SimpleDB - A Matter of ChoicesMark Maslyn
There are many ways to integrate an Android app with an Amazon Web Services database. This presentation explores some of those possibilities and the choices I made for my app using the AWS SimpleDB NoSQL cloud database.
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Amazon Web Services
Build powerful mobile applications using AWS Mobile Services. For the first time, we will discuss how mobile developers can leverage the new cross-platform AWS Mobile Services that we announced today. How they can authenticate and authorize their users using Amazon Cognito, user identity and data synchronization service. We will discuss how Amazon Mobile Analytics service collects, visualizes and understand your mobile app usage at scale, All this is available as a single unified and mobile-optimized easy-to-use SDK so developers can access these new services (and other services like S3, DynamoDB) with just a few lines of code on the client and without the need of owning backend servers. - http://aws.amazon.com/mobile
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014Amazon Web Services
Learn how to build a powerful iOS app that leverages a variety of AWS services. In this three-hour, demo-heavy workshop, we show how you can build a modern native client app using Apple Swift and the AWS Mobile SDK that uses a number of cross-platform mobile cloud services directly with minimal code on the client. We share best practices for building a highly scalable backend so you can add your own functionality. This is a step-by-step journey where you configure and add components to your architecture, then modify and test your components inside a mobile location-based messaging app. In the end, you will have a mobile app with your own backend consisting of different AWS services including: Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Push Notification, Amazon S3, Amazon CloudFront, Amazon CloudSearch, Amazon DynamoDB, Amazon SQS, and AWS Elastic Beanstalk.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Cloud-powered Cross-platform Mobile Apps on AWSDanilo Poccia
We’ll see with a real application how to use AWS Mobile Services & SDK to focus the development your mobile app on the unique features of your implementation, using high level services such as Amazon Cognito (for identity and data synchronization across devices), Amazon SNS (for Mobile Push notifications), Amazon Mobile Analytics (to understand your users), Amazon S3 (for object storage), Amazon DynamoDB (for low-latency NoSQL database), or Amazon Kinesis (for data streaming) directly from the device, optimizing performance and costs of the solution.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Businesses around the world are running the infrastructure that supports their websites and mobile applications in the cloud to lower costs, improve time-to-market, and enable rapid scalability. Join this webinar to learn how the AWS Mobile Services and Javascript SDKs make it easy to leverage the power of AWS to provide consistent user state across devices and platforms, authenticate users via public and private login providers, and to grant controlled access to AWS services and features right from your mobile or web application. Using a simple media application we will demonstrate how you can upload, store, repurpose and deliver content with Amazon S3, Amazon CloudFront and Amazon Elastic Transcoder, make efficient use of Amazon DynamoDB, take advantage of Amazon SQS to decouple your application workflow and to send push notifications to mobile devices via Amazon SNS.
Reasons to attend:
Learn how you can deliver websites and applications that share state across platforms and devices, using Amazon Elastic Beanstalk and Amazon Cognito.
Learn how to leverage the content repurposing, storage and delivery capabilities of Amazon Elastic Transcoder, Amazon S3 and Amazon CloudFront.
Learn how to use the AWS Mobile and Javascript SDKs to create applications that manage media.
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
Secure user sign-up and sign-in is critical for many mobile and web applications. Amazon Cognito is the easiest way to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, integrations with existing corporate directories, and many other features. In addition, we will cover key use cases and discuss the associated benefits.
by Dennis Hills, Developer Advocate, AWS
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksAmazon Web Services
Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
1. Understand Cognito’s comprehensive feature set and benefits
2. Learn how to use Cognito to address different needs for user management and authorization
3. See how to get started and learn more
Serverless Patterns: “No server is easier to manage than no server” - AWS Sec...Amazon Web Services
In this talk, we’ll take well known architectural patterns such as 3-tier web application, stream processing, scheduled jobs and show how they can be realized without needing to manage servers.
(MBL401) Social Logins for Mobile Apps with Amazon Cognito | AWS re:Invent 2014Amazon Web Services
Streamline your mobile app sign-up experience with Amazon Cognito. In this session, we demonstrate how to use Cognito to build secure mobile apps without storing keys in them. Learn how to apply policies to existing Facebook, Google, or Amazon identities to secure access to AWS resources, such as personnel files stored in Amazon S3. Finally, we show how to handle anonymous access to AWS from mobile apps when there is no user logged in.
Scaling your Mobile App Development in the Cloud - DevNexusTara Walker
The presentation done for DevNexus about Mobile Cloud Services. Presentation explores and demos services that help you scale your Mobile development to new heights by including Cloud as an integrated part of mobile development.
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
By leveraging "serverless architectures", startups and enterprises are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers (such as Google and Facebook) and existing corporate directories. You learn the real-world design patterns that AWS customers use to implement authentication and authorization. By combining Amazon Cognito identity pools and user pools with API Gateway, AWS Lambda, and AWS IAM, you can add security without adding servers.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
AWS Mobile Week at the San Francisco Loft
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
(MBL311) Workshop: Build an Android App Using AWS Mobile Services | AWS re:In...Amazon Web Services
Learn how to build a powerful Android app that leverages a variety of AWS services. In this three-hour, demo-heavy workshop, we show how you can build a modern native client app using the AWS Mobile SDK that uses a number of cross-platform mobile cloud services directly with minimal code on the client. We share best practices for building a highly scalable backend so you can add your own functionality. This is a step-by-step journey where you configure and add components to your architecture, then modify and test your components inside a mobile location-based messaging application. In the end, you will have a mobile application with your own backend consisting of different AWS services including: Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Push Notification, Amazon S3, Amazon CloudFront, Amazon CloudSearch, Amazon DynamoDB, Amazon SQS, and AWS Elastic Beanstalk.
Integrating an App with Amazon Web Services SimpleDB - A Matter of ChoicesMark Maslyn
There are many ways to integrate an Android app with an Amazon Web Services database. This presentation explores some of those possibilities and the choices I made for my app using the AWS SimpleDB NoSQL cloud database.
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Amazon Web Services
Build powerful mobile applications using AWS Mobile Services. For the first time, we will discuss how mobile developers can leverage the new cross-platform AWS Mobile Services that we announced today. How they can authenticate and authorize their users using Amazon Cognito, user identity and data synchronization service. We will discuss how Amazon Mobile Analytics service collects, visualizes and understand your mobile app usage at scale, All this is available as a single unified and mobile-optimized easy-to-use SDK so developers can access these new services (and other services like S3, DynamoDB) with just a few lines of code on the client and without the need of owning backend servers. - http://aws.amazon.com/mobile
(MBL310) Workshop: Build iOS Apps Using AWS Mobile Services | AWS re:Invent 2014Amazon Web Services
Learn how to build a powerful iOS app that leverages a variety of AWS services. In this three-hour, demo-heavy workshop, we show how you can build a modern native client app using Apple Swift and the AWS Mobile SDK that uses a number of cross-platform mobile cloud services directly with minimal code on the client. We share best practices for building a highly scalable backend so you can add your own functionality. This is a step-by-step journey where you configure and add components to your architecture, then modify and test your components inside a mobile location-based messaging app. In the end, you will have a mobile app with your own backend consisting of different AWS services including: Amazon Cognito, Amazon Mobile Analytics, Amazon SNS Push Notification, Amazon S3, Amazon CloudFront, Amazon CloudSearch, Amazon DynamoDB, Amazon SQS, and AWS Elastic Beanstalk.
Getting Started with Cognito User Pools - September Webinar SeriesAmazon Web Services
You can now use Amazon Cognito to easily add user sign-up and sign-in to your mobile and web apps instead of worrying about user management, authentication, and sync across platforms and devices. With the User Pools feature, you can create your own user directory that can scale to hundreds of millions of users, and is fully managed so you don’t have to worry about building, securing, and scaling authentication to your apps. In this webinar, we will walk your through adding the process of adding user sign-up and sign-in to your mobile and web apps.
Learning Objectives:
*Learn to add user sign-up and sign-in to your mobile and web apps quickly and easily
*Authenticate users through social identity providers such as Facebook, Twitter, or Amazon and provide secure access to AWS resources
Cloud-powered Cross-platform Mobile Apps on AWSDanilo Poccia
We’ll see with a real application how to use AWS Mobile Services & SDK to focus the development your mobile app on the unique features of your implementation, using high level services such as Amazon Cognito (for identity and data synchronization across devices), Amazon SNS (for Mobile Push notifications), Amazon Mobile Analytics (to understand your users), Amazon S3 (for object storage), Amazon DynamoDB (for low-latency NoSQL database), or Amazon Kinesis (for data streaming) directly from the device, optimizing performance and costs of the solution.
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
Businesses around the world are running the infrastructure that supports their websites and mobile applications in the cloud to lower costs, improve time-to-market, and enable rapid scalability. Join this webinar to learn how the AWS Mobile Services and Javascript SDKs make it easy to leverage the power of AWS to provide consistent user state across devices and platforms, authenticate users via public and private login providers, and to grant controlled access to AWS services and features right from your mobile or web application. Using a simple media application we will demonstrate how you can upload, store, repurpose and deliver content with Amazon S3, Amazon CloudFront and Amazon Elastic Transcoder, make efficient use of Amazon DynamoDB, take advantage of Amazon SQS to decouple your application workflow and to send push notifications to mobile devices via Amazon SNS.
Reasons to attend:
Learn how you can deliver websites and applications that share state across platforms and devices, using Amazon Elastic Beanstalk and Amazon Cognito.
Learn how to leverage the content repurposing, storage and delivery capabilities of Amazon Elastic Transcoder, Amazon S3 and Amazon CloudFront.
Learn how to use the AWS Mobile and Javascript SDKs to create applications that manage media.
AWS re:Invent 2016: Add User Sign-In, User Management, and Security to your M...Amazon Web Services
Secure user sign-up and sign-in is critical for many mobile and web applications. Amazon Cognito is the easiest way to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, integrations with existing corporate directories, and many other features. In addition, we will cover key use cases and discuss the associated benefits.
by Dennis Hills, Developer Advocate, AWS
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
This session will cover sign-up and sign-in with multi-factor authentication using AWS Cognito. We will configure the backend and integrate authentication into the example Android app we have been using today.
by Quint Van Deman, Sr. Business Development Manager, AWS
Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in.
Implement User Onboarding, Sign-Up, and Sign-In for Mobile and Web Applicatio...Amazon Web Services
Learn how to use Amazon Cognito to build the user identity management workflows, including user on-boarding, sign-up, and sign-on for mobile and web applications. Learn how to customize the look and feel of the UI and UX of the screens and pages, integrate with third-party social identity providers such as Facebook, Google, and Twitter, and use SAML to federate with enterprise directory services.
Add User Sign in and Management to your Apps with Amazon CognitoAmazon Web Services
Secure user sign up and sign in is an important starting point for many mobile and web applications. Amazon Cognito enables you to secure your mobile and web applications by providing a comprehensive identity solution for end user management, registration, sign-in, and security. In this product deep dive, we will walk through Cognito’s feature set, which includes serverless flows for user management and sign-in, a fully managed user directory, and control for user permissions. In addition, we will cover key use cases and discuss the associated benefits.
Learning Objectives:
• What is Cognito’s comprehensive feature set
• What are the benefits associated with using Cognito
• How to integrate Cognito into your applications
• Which use cases are best suited for Cognito
Who Should Attend?
• Developers
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Web Services
Learning Objectives:
-Understand user identity and federation principles and practices
-Learn how Amazon Cognito supports SAML and 3rd party IdP integration
-Demonstrate how to use Amazon Cognito’s built-in UI for user identity management.
App developers need a system to manage the identities of their users for sign-up, sign-in, and access control. Amazon Cognito now provides a public beta of built-in UI for developers to add user sign-up and sign-in pages to their application and customize the looks and feel of those pages simply through the Amazon Cognito console. Also in the public beta, Amazon Cognito now provides support for SAML based federation of user identities for integration with enterprise based directory systems and simplified support for 3rd party Identity Providers (IdP) such as Facebook and Google. This tech talk will provide a brief overview of Amazon Cognito and then discuss the details of the new features and capabilities of the public beta.
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
Learn how to set up an end-user directory, secure sign-up and sign-in, manage user profiles, authenticate and authorize your APIs, federate from enterprise and social identity providers, and use OAuth to integrate with your app—all without any server setup or code. With clear blueprints, we show you how to leverage Amazon Cognito to administer and secure your end users and enable identity for the applied patterns of mobile, web, and enterprise apps.
Authentication & Authorization for Connected Mobile & Web Applications using ...Amazon Web Services
Authentication and Authorization for Connected Mobile & Web Applications using Amazon Cognito and AWS AppSync
One of the key challenges for mobile applications is managing users and their identities in order to support monetization strategies, provide differentiated services, and manage fine grained access and data controls. In this session, you’ll learn how Amazon Cognito provides user sign-up and sign-in as part of your onboarding workflow and advanced capabilities for data access/feature management and security.
Level: Intermediate
Speaker: Brice Pelle - Enterprise Support Lead, AWS
Amazon Cognito now makes it easy to sign up and sign in users to your mobile and web apps. Previously, with Amazon Cognito you can use social identity providers like Facebook, Google, Twitter, and Amazon for user sign-in and federate these identities to allow secure access to AWS resources. Now with User Identity Pools in Amazon Cognito, you get a secure, low-cost, and fully managed user directory that can scale to 100s of millions of users. Join us for an overview of Amazon Cognito and how to get started with User Identity Pools.
AWS makes development of cross-platform mobile applications easy. With highly-scalable cloud services such as Amazon S3, Amazon DynamoDB and Amazon SNS, mobile developers can build powerful cloud-backed mobile apps with just a few lines of code. In this session, you will learn how to connect directly to these services and how to build a powerful back end for your Android and iOS applications. We will also share some best practices from other successful apps such as Flipboard and Supercell so you can focus on differentiating your app functionality whilst leaving the 'table stakes' with no differentiated value to the cloud.
AWS makes development of cross-platform mobile applications easy. With highly-scalable cloud services such as Amazon S3, Amazon DynamoDB and Amazon SNS, mobile developers can build powerful cloud-backed mobile apps with just a few lines of code. In this session, you will learn how to connect directly to these services and how to build a powerful back end for your Android and iOS applications. We will also share some best practices from other successful apps such as Flipboard and Supercell so you can focus on differentiating your app functionality whilst leaving the 'table stakes' with no differentiated value to the cloud.
Create mobile apps quickly and easily. We manage the back end, so you don’t have to provision, scale, or monitor servers – just upload code and you’re done. Onboard new users and synchronize their data, such as app preferences, across multiple devices. Engage users by sending push notifications, track usage patterns and optimize your business with in-app analytics. Deliver high quality apps by testing them against a large collection of real phones and tablets. Start simple and add more services at any time.
By leveraging serverless architectures, organisations are building and running modern applications and services with increased agility and simplified scalability—all without managing a single server. Many applications need to manage user identities and support sign-in/sign-up. In this session, we dive deep on how to support millions of user identities, as well as how to integrate with social identity providers and existing corporate directories. We will show the real-world design patterns that AWS customers use to implement authentication and authorisation.
Speaker: Myles Hosford, Security Solutions Architect, Amazon Web Services
AWS Webinar Series - Build web-based and native mobile applications on AWS Amazon Web Services
Building mobile apps on iOS or Android with React Native? The open-source AWS Amplify tool helps developers quickly add authentication, API’s, storage, cacheing, and analytics to apps using a declarative programming style. In this session we will cover how to build a mobile app for iOS and Android using AWS MobileHub, AWS Amplify, and React Native. You'll also see some framework specific techniques such as leveraging Higher Order Components (HOCs) in a React or React Native application as well as best practices and utilities from AWS MobileHub
From the Amazon Web Services Singapore & Malaysia Summits 2015 Track 1 Breakout, 'Build Your Mobile App Faster with AWS Mobile Services' - Presented by Dhruv Parpia – Principal Solutions Architect, Amazon Web Services
Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework
Introducing new AWS Mobile services - Amazon Cognito, Amazon Mobile Analytics, new features in Amazon SNS Mobile Push, the new AWS Mobile SDK, as well as Mobile Optimized Connectors for services such as Kinesis and S3.
Similar to Managing Identity and Securing Your Mobile and Web Applications with Amazon Cognito - AWS PS Summit Canberra 2017 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. Identity is mission critical for applications
Security
Revenue
Generation
Application
Backbone
Know your users
Monitor engagement
with your application
Store and manage
user data
Personalize your
users’ experiences
Protect sensitive data
Secure business-
critical processes
User Identity
3. Identity is mission critical for applications
Authentication User ManagementAuthorization
Manage user lifecycles
Store and manage
user profile data
Monitor engagement
Protect data and
operations
Provide fine-grained
access control
Sign in users
Enable federation with
enterprise identities
Enable federation with
social identities
User Identity
4. Developing Auth Infrastructure is Difficult
Source: images.huffingtonpost.com/2015-06-18-1434640796-8854716-frustration.jpg
5. Developing Auth Infrastructure is Difficult
• Need to develop a reliable user directory to manage identities
• Handling user data and passwords and protecting privacy
• Prioritizing scalability of your infrastructure upfront
• Implementing token-based authentication
• Support for multiple social identity providers
• Federation with corporate directories for B2E applications
1
2
3
5
6
4
6. Amazon Cognito Identity
Your User Pools
You can easily and securely add sign-up
and sign-in functionality to your mobile and
web apps with a fully-managed service that
scales to support 100s of millions of users.
Federated Identities
Your users can sign in with third-party
identity providers, such as Facebook and
SAML providers, and you can control
access to AWS resources from your app.
Sign in
Username
Password
Submit
Facebook
Corporate
OIDC
Sign in with
SAML
8. Amazon Cognito: Identity Management Scenarios
Business to Consumer
IoT Scenarios
Business to Employee
SAML
Federation
Enterprise
Directory
Partner A
Partner B
Business to Business
AWS IoT
API Gateway with Lambda
Deny
Allow
Custom
Authorizer
Access control for AWS
Resources
AWS IAM
9. Lets dive a little
deeper…
Source: https://freerangestock.com/photos/44722/photo-details.html
10. I want to authenticate
• consumers
• employees
• systems
…on
• Amazon EC2 / Amazon ECS
• AWS Lambda
• Browser
• Mobile
• other
…against
• IAM
• A managed IdP
• SAML
• Google
• Twitter
• Facebook
• OpenID
• Custom
…to access
• AWS APIs and SDKs
• Amazon API Gateway
• custom applications
11. I want to authenticate
people
…on
browser or mobile
Let’s imagine a user table
Username Email Password
beverly123 beverly123@example.com Password$123
pilotjane pilotjane@example.com a##eroplan3
sudhir1977 sudhir197@example.com mmd414997a
12. I want to authenticate
people
…on
browser or mobile
Let’s imagine a user table
Username Email Password
beverly123 beverly123@example.com Password$123
pilotjane pilotjane@example.com a##eroplan3
sudhir1977 sudhir197@example.com mmd414997a
• Never store passwords in plaintext!
• Vulnerable to rogue employees
• A hacked DB results in
all passwords being compromised
13. I want to authenticate
people
…on
browser or mobile
Let’s try again…
Username Email Hashed Password
beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f
pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883
sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d
14. I want to authenticate
people
…on
browser or mobile
Doh!!!
Username Email Hashed Password
beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f
pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883
sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d
• MD5/SHA1 collisions
• Rainbow Tables
• Dictionary attacks, brute-force (GPUs can compute
billions of hashes/sec)
15. I want to authenticate
people
…on
browser or mobile
Secure Remote Password Protocol
Username Email SRP Verifier function
beverly123 beverly123@example.com <password-specific verifier>
pilotjane pilotjane@example.com <password-specific verifier>
sudhir1977 sudhir197@example.com <password-specific verifier>
Secure Remote Password (SRP) Protocol
• Verifier-based protocol
• Passwords never travel over the wire
• Resistant to several attack vectors
• Perfect Forward Secrecy
16. I want to authenticate
people
…on
browser or mobile
But wait…
Best practices
☐ Secure password handling
17. I want to authenticate
people
…on
browser or mobile
But wait…
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
18. I want to authenticate
people
…on
browser or mobile
But wait…
User flows
☐ Registration
☐ Verify email/phone
☐ Secure sign-in
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
☐ Forgot password
☐ Change password
☐ Sign-out
19. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
Amazon Cognito User Pools
Best practices
☐ Secure password handling
☐ Encrypt all data server-side
☐ Enforce password policies (min length, valid characters)
☐ Token-based Authentication
☐ MFA - via SMS for sign-in and forgot password flows
☐ Support CAPTCHAs and other custom authentication flows
☐ Scalable to 100s of millions of users
User flows
☐ Registration
☐ Verify email/phone
☐ Secure sign-in
☐ Forgot password
☐ Change password
☐ Sign-out
20. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
User APIs
Email or Phone Number
Verification
Require users to verify their email address or phone number prior to
activating their account with a one-time password challenge
Forgot Password
Provide users the ability to change their password when they forget
it with a one-time password challenge
User Sign-Up and Sign-In
Allow users to sign up and sign in using an email, phone number, or
username (and password) for your application.
User Profile Data
Enable users to view and update their profile data – including
custom attributes
SMS Multifactor
Authentication
Require users to complete a second factor of authentication by
inputting a security code received via SMS as part of the sign-in flow
Customize these User Flows Using Lambda
Token Based
Authentication
Use JSON Web Tokens (JWTs) based on OpenID Connect (OIDC)
and OAuth 2.0 standards for user authentication in your backend
21. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
Administrator APIs
Define Custom Attributes
Set per-App Permissions
Set up Password Policies
Create and manage
User Pools
Define custom attributes for your user profiles
Set read and write permissions for each user attribute on a
per-app basis
Enforce password policies like minimum length and
requirement of certain types of characters
Create, configure, and delete multiple user pools across AWS
regions
Require Submission of
Attribute Data
Select which attributes must be provided by the user prior to
completion of the sign-up process
Search Users Search users based on a full match or a prefix match of their
attributes through the console or Admin API
Manage Users Conduct admin actions, such as reset user password, confirm
user, enable MFA, delete user, and global sign-out
22. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
Customize with Lambda triggers
Category Lambda Hook Example Scenarios
Custom
Authentication
Flow
Define Auth Challenge Determines the next challenge in a custom auth flow
Create Auth Challenge Creates a challenge in a custom auth flow
Verify Auth Challenge
Response
Determines if a response is correct in a custom auth flow
Authentication
Events
Pre Authentication Custom validation to accept or deny the sign-in request
Post Authentication Event logging for custom analytics
Sign-Up
Pre Sign-up Custom validation to accept or deny the sign-up request
Post Confirmation
Custom welcome messages or event logging for custom
analytics
Messages Custom Message Advanced customization and localization of messages
23. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
App Integration with User Pools
Use the Amazon Cognito SDK
(JavaScript / Android / iOS), use the
APIs directly.
User Pools now provides a hosted UI
for sign up, sign in, forgot password,
etc.
Developers can customize the UI to
match their style and branding
through custom logo and CSS
NEW!
24. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
UI Customizations
Customize UI for each application
Customize logo
CSS customizations
25. How do I use Amazon Cognito
User Pools to authenticate
against Amazon API Gateway?
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
26. Amazon Cognito User Pool
Authorizer
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Supports authentication, but not authorization.
API Gateway has an easy integration with Amazon Cognito User
Pools.
27. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
For fine grained authorization to API Gateway, you’ll need to use
an API Gateway Custom Authorizer.
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
… let’s dive a bit deeper…
28. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 1: User signs up for an
account with our Amazon
Cognito User Pool, providing
their email, telephone number &
password (+ any custom
attributes).
Amazon Cognito can
automatically verify the user’s
email address and/or phone
number if required.
29. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 2: At some point in the
future, the user wants to sign in.
We can now authenticate the
user.
30. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Optional: If MFA is enabled
(either for this user, or all users),
Amazon Cognito will SMS a one
time authentication code to the
user.
31. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 3: After a successful
authentication, Amazon Cognito
responds with a signed JSON
Web Token (JWT) containing the
user’s details.
JWT Token
32. Wait… what’s a JWT?
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
https://jwt.io
Cryptographically
verifiableclaims
33. Restricting JWT claims
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
You can select which Amazon Cognito User Pool attributes are included in
the generated JWT token by using scopes.
34. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 3: After a successful
authentication, Amazon Cognito
responds with a signed JSON
Web Token (JWT) containing the
user’s details.
JWT Token
35. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 4: You are now ready to call
your backend API’s from your
mobile application.
The JWT is passed in via the
Authorization HTTP header.
GET /pets HTTP/1.1
Host: ...
Authorization:eyJraWQi…
36. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 5: API Gateway calls your
custom authorizer function which
validates the JWT token and
creates an IAM policy that
defines which API resources the
user can access (based on their
user attributes in the JWT
claims).
GET /pets HTTP/1.1
Host: ...
Authorization:eyJraWQi…
37. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 6: Additionally, the custom
authorizer function will need to
check that the JWT hasn’t been
tampered with.
To do this, it needs the signing
public key (JWK) from Amazon
Cognito.
GET /pets HTTP/1.1
Host: ...
Authorization:eyJraWQi…
38. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
var samplePolicy = new AuthPolicy(”userIdentifier", "XXXXXXXXXXXX", apiOptions);
samplePolicy.allowMethod(AuthPolicy.HttpVerb.POST, "/windfarms/");
samplePolicy.allowMethod(AuthPolicy.HttpVerb.GET, "/windfarms/123/*");
samplePolicy.allowMethod(AuthPolicy.HttpVerb.GET, "/windfarms/234/*");
samplePolicy.allowMethod(AuthPolicy.HttpVerb.ALL, "/users/" + user.id);
callback(null, samplePolicy.getPolicy());
A custom authorizer function should return a policy that defines which API
resources the user should get access to.
This is then cached and used for any requests with the same authentication
token (default: 300 seconds).
Make sure your policy includes all actions the user can perform, not just a
single request.
39. Custom Authorizers
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon Cognito
User Pools
Amazon API Gateway
Custom Authorizer
Lambda Function
/pets
/n…
Amazon
DynamoDB
Throttling
Cache
Logging
Monitoring
Auth
Step 7: If authentication was
successful, the API call will be
passed through to the backend
Lambda functions where your
logic sits.
Authentication is cached for each
token (up to 1 hour).
GET /pets HTTP/1.1
Host: ...
Authorization:eyJraWQi…
40. API Gateway summary
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
Amazon API Gateway
Amazon
Cognito
User Pool
Authenticate
2
CUP
Token1
Backend
resources
Access backend
resources
CUP
Token
API GW
4
Amazon Cognito User Pools can
be used as standalone IdPs
Amazon Cognito User Pools and
API Gateway integrate really
nicely.
Use the built in User Pool
Authorizer if you don’t need
authorization.
Use Custom Authorizers instead
if you do.
41. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
AWS APIs and SDKs
How do I use Amazon Cognito
User Pools to authenticate /
authorize access to AWS APIs and
SDKs?
42. AWS APIs and SDKs
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
AWS APIs and SDKs
Amazon Cognito User Pools cannot generate AWS credentials. You need to use
Amazon Cognito Federated Identity in-front of Amazon Cognito User Pools.
43. AWS APIs and SDKs
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
AWS APIs and SDKs
You can then configure the AWS SDK to fetch API credentials from Amazon
Cognito like so:
var Amazon CognitoUser = userPool.getCurrentUser();
if (Amazon CognitoUser != null) {
Amazon CognitoUser.getSession(function(err, result) {
if (result) {
console.log('You are now logged in.');
// Add the User's Id Token to the Amazon Cognito credentials login map.
AWS.config.credentials = new AWS.Amazon CognitoIdentityCredentials({
IdentityPoolId: 'YOUR_IDENTITY_POOL_ID',
Logins: {
'Amazon Cognito-idp.{region}.amazonaws.com/{user-pool-id}':
result.getIdToken().getJwtToken()
}
});
}
});
}
44. RBAC (Role based access control)
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
AWS APIs and SDKs
Amazon Cognito User Pool groups
can be configured with an IAM role
You can then configure Amazon
Cognito Federated Identity to
use the role within the JWT
token when issuing AWS
credentials
45. RBAC (Role based access control)
I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
…to access
AWS APIs and SDKs
Alternatively, you can also map roles based on other attributes in the
JWT token
46. I want to authenticate
people
…on
browser or mobile
…against
Amazon Cognito User
Pools
What about federation to Active
Directory, SAML and/or social
media accounts?
47. I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
and/or social media
accounts
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications
SAML / Active Directory Federation
NEW!
48. I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
and/or social media
accounts
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications
Social Media Federation
49. Mapping Federated Attributes
I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
and/or social media
accounts
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications
50. Business to Consumer Use Case
I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications Get AWS credentials
Cognito
Identity Pool
DynamoDB
S3
API GW
Access backend
resources
Cognito
User Pool
Authenticate
3
CUP
Token1
IdP
Token
2
Redirect /
Post back
CUP
Token
4
5
User Pools authenticate users
and returns OpenID Connect and
OAuth2.0 standard tokens
Identity Pools provide AWS
credentials to access backend
resources
51. Business to Business/Employee
with SAML
I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications
User Pools authenticate users
and returns OpenID Connect and
OAuth2.0 standard tokens
Identity Pools provide AWS
credentials to access backend
resources
Get AWS credentials
Cognito
Identity Pool
DynamoDB
S3
API GW
Access backend
resources
SAML IdP
(e.g., ADFS)
Cognito
User Pool
Authenticate
3
CUP
Token1
SAML
2
Redirect /
Post back
CUP
Token
4
5
52. Business to Business/Employee
with SAML v2
I want to authenticate
people
…on
browser or mobile
…against
SAML (Active Directory)
…to access
AWS APIs and SDKs,
Amazon API Gateway or
custom applications
Amazon Cognito User Pools
authenticate users and returns
OpenID Connect and OAuth2.0
standard tokens
Amazon Cognito User Pool
tokens can be used for
authorizing access to your APIs /
backend
SAML IdP
(e.g., ADFS)
Cognito
User Pool
Authenticate
3
CUP
Token1
SAML
2
Redirect /
Post back
Backend
resources
Access backend
resources
CUP
Token
API GW
4
53. I want to authenticate
systems
Ok, we’ve covered
authenticating people, but what
about authenticating systems?
For example, Application A communicating with Application B.
54. want to authenticate
systems
…on
Amazon EC2
…against
IAM
…to access
AWS APIs and SDKs
Amazon EC2 Instance Roles
Instance roles allow you to grant access from systems on EC2 (AWS
CLI or SDKs) to access AWS Services without needing to bake in
credentials. The CLI and SDKs are preconfigured to detect and use
instance roles if one is attached.
55. want to authenticate
systems
…on
Amazon EC2
…against
IAM
…to access
Amazon API Gateway
EC2 Instance Roles
EC2 Instance Roles are also a great option for granting access to APIs
hosted with Amazon API Gateway.
API Gateway should be configured for IAM authentication:
56. want to authenticate
systems
…on
Amazon EC2
…against
IAM
…to access
Amazon API Gateway
EC2 Instance Roles
…and the IAM role should have a policy attached that allows access
to the API required:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": ”Allow",
"Resource": "arn:aws:execute-api:*:*:ff5h9tpwfh/*"
},
{
"Action": "execute-api:Invoke",
"Effect": "Deny",
"Resource": "arn:aws:execute-api:*:*:ff5h9tpwfh/*/POST/windfarms"
}
]
}
57. want to authenticate
systems
…on
Amazon EC2 Container
Service (ECS)
…against
IAM
…to access
AWS APIs and SDKs or
Amazon API Gateway
EC2 Container Service (ECS)
ECS supports IAM Roles too. This makes it easy to secure an AWS Service
or API hosted with Amazon API Gateway to a specific container (or group of
containers).
58. want to authenticate
systems
…on
AWS Lambda
…against
IAM
…to access
AWS APIs and SDKs or
Amazon API Gateway
AWS Lambda
Use AWS Lambda’s execution role to secure an AWS service or API hosted
with Amazon API Gateway to a specific AWS Lambda function.
59. Summary
It can support a wide range of scenarios including customers, employees,
systems
1
2
3
5
6
4
It includes a fully managed identity provider (Amazon Cognito User Pools), with
a great free tier
Amazon Cognito offers huge flexibility for AuthN / AuthZ
Hosted authentication pages makes integrating really easy
Don’t be scared of Amazon Cognito Reach out to your local SA if you need
help
New SAML and social federation in Amazon Cognito User Pools!
60. No more of this…
Source: images.huffingtonpost.com/2015-06-18-1434640796-8854716-frustration.jpg