SlideShare a Scribd company logo

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Security Day

Amazon Web Services
Amazon Web Services

In Part II, we will take a look at Cognito User Pools and Custom Authorization for API Gateway using AWS Lambda.

Technology
1 of 27
Download to read offline
Securing Serverless Workloads with Cognito and API Gateway Part II Drew Dennis Solution Architect drewdenn@amazon.com
API Gateway Custom auth via Lambda • Support for bearer token auth (OAuth, SAML) API GatewayClient Auth server 1. Login 2. GetToken AWS Lambda 3. Authorized
API Gateway Custom auth via Lambda Client Lambda Auth function API Gateway OAuth token OAuth provider Policy is evaluated Policy is cached Endpoints on Amazon EC2 Any other publicly accessible endpoint AWS Lambda functions 403
Option 2 – The policy { "principalId": ”meyjames", "policyName": "*", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*" } ] } } The Lambda function returns a policy that specify the resources that the given token is allowed to invoke in the API In this case all resources (*) in the API with id z8fxjufsyf
Option 2 – The policy { "principalId": ”meyjames", "policyName": "ReadOnly", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*/GET/*" } ] } } We could limit the permission to only GET methods.
Option 2 – The policy { "principalId": ”meyjames", "policyName": "ReadOnly", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": ”Deny", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*/*/users/*" }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf /*/*/users/myUserId" } ] } } We could get clever with JWT tokens Given the content of the token, only allow the user to access their own data (user id is part of the token)
Option 2 – The policy var testPolicy = new AuthPolicy(”meyjames", "XXXXXXXXXXXX", apiOptions); testPolicy.denyAllMethods(); testPolicy.allowMethod(AuthPolicy.HttpVerb.GET, "/users/username"); testPolicy.allowMethod(AuthPolicy.HttpVerb.POST, "/users/username"); testPolicy.allowMethodWithConditions(AuthPolicy.HttpVerb.GET, "/pets/123123", { "StringEquals": { "s3:x-amz-acl": [ "public-read" ] } }); context.succeed(testPolicy.getPolicy()); Generating a policy is not as hard as it looks…
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO
Amazon Cognito Identity Federated Identities and Secure Access to AWS Service for Apps Authenticate via 3rd party Identity Providers Developers Don’t Want to Build Their Own User Directory Guest Access Authenticate via Developer Provided Authentication Sign in with Facebook Or Username Password Sign In Or Start as a guest Developers do not want to take on the undifferentiated heavy lifting to: • Build and maintain a directory • Get security right • Support workflows like forgot password • Scale as their user base grows
A Fully Managed User Directory in Cognito Add sign-up and sign-in easily to your mobile and web apps Easy User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory
Comprehensive User Scenarios Email or phone number Verification Forgot Password User sign-up and sign- in Users verify their email address or phone number prior to activating an account Users can change their password if they forget it Users sign-up using email, phone number or user name and password. Users can then sign-in. User Profile Retrieve and update user profiles, including custom attributes SMS-based MFA If enabled, users complete Multi-Factor Authentication (MFA) with a confirmation code via SMS as part of sign-in and forgot password flows
Comprehensive Administrator Scenarios Manage users in a User Pool Select Email and Phone Verification Customize with Lambda Triggers Setup Password Policies Create and manage User Pools List, search and perform actions on specific user(s) in the User Pool Configure verifications of users’ email addresses and phone numbers (via SMS) Create functions in AWS Lambda to customize workflows Control password requirements like minimum length, uppercase, and inclusion of special characters Create, configure and delete multiple User Pools in their AWS account Define Attributes Select required attributes and Define custom user attributes
Secure Sign-in Made Easy Token-based Authentication Secure Remote Password Protocol SMS-based Multi-factor Authentication Uses tokens based on OpenID Connect (OIDC) and OAuth 2.0 standards Uses Secure Remote Password (SRP) for secure password handling end to end Enables your end users to user the text messaging functionality of a mobile phone as an extra layer of security
Cognito User Pool Tokens • User Token • JWT • OpenID Connect • One Hour • Access Token • JWT • OAuth2 • One Hour • Refresh Token • Long-lived • Sent to Cognito Identity when Token has expired
Customization using Lambda hooks Lambda Hook Example Scenarios Pre user sign-up Custom validation to accept or deny the sign- up request Custom message Advanced customization and localization of verification messages Pre user sign-in Custom validation to accept or deny the sign- in request Post user sign-in Event logging for custom analytics Post user confirmation Custom welcome messages or event logging for custom analytics
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Lets walk through this step by step…
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 1: User signs up for an account with our Amazon Cognito User Pool, providing their email, telephone number & password (+ any custom attributes). Amazon Cognito can automatically verify the user’s email address and/or phone number if required.
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 2: At some point in the future, the user wants to sign in. We can now authenticate the user.
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Optional: If MFA is enabled (either for this user, or all users), Amazon Cognito will SMS or email a one time authentication code to the user.
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 3: After a successful authentication, Amazon Cognito responds with a signed JSON Web Token (JWT) containing the user’s details.
Wait… What is a JSON Web Token (JWT)? * https://jwt.io Cryptographically verifiable claims
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 4: You are now ready to call your backend API’s from your mobile application. The JWT is passed in via the Authorization HTTP header. GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 5: API Gateway calls your custom authorizer function which validates the JWT token and creates an IAM policy that defines which API resources the user can access (based on their user attributes in the JWT claims). GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
Condition example "Condition" : { "DateGreaterThan" : {"aws:CurrentTime" : "2015-10-08T12:00:00Z"}, "DateLessThan": {"aws:CurrentTime" : "2015-10-08T15:00:00Z"}, "IpAddress" : {"aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"]} } • Allows a user to access a resource under the following conditions: • The time is after 12:00 P.M. on 10/8/2015 AND • The time is before 3:00 P.M. on 10/8/2015 AND • The request comes from an IP address in the 192.0.2.0 /24 OR 203.0.113.0 /24 range • MFA Present, MFA Age, Secure Transport All of these conditions must be met in order for the statement to evaluate to TRUE. AND OR What if you wanted to restrict access to a time frame and IP address range?
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 6: Additionally, the custom authorizer function will need to check that the JWT hasn’t been tampered with. To do this, it needs the signing public key (JWK) from Amazon Cognito. GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 7: If authentication was successful, the API call will be passed through to the backend Lambda functions where your logic sits. Authentication is cached for each token (up to 1 hour). GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
DEMO

Recommended

Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Amazon Web Services
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 

Recommended

Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Secur...
Amazon Web Services
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
Amazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
Amazon Web Services
 
Aws IAM
Aws IAMAws IAM
Aws IAM
Chamali Liyanage
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Mark Bate
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
Amazon Web Services Korea
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
Building APIs with Amazon API Gateway
Building APIs with Amazon API GatewayBuilding APIs with Amazon API Gateway
Building APIs with Amazon API Gateway
Amazon Web Services
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
Jason Poley
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
Amazon Web Services Korea
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
Amazon Web Services
 
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
Amazon Web Services
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
Amazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
Amazon Web Services
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 
モバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Servicesモバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Services
Keisuke Nishitani
 
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API GatewayAWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
Amazon Web Services Japan
 

More Related Content

What's hot

Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
CloudVillage
 
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
Amazon Web Services Korea
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...Amazon Web Services
 
Building APIs with Amazon API Gateway
Building APIs with Amazon API GatewayBuilding APIs with Amazon API Gateway
Building APIs with Amazon API Gateway
Amazon Web Services
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
Jason Poley
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
Amazon Web Services Korea
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
Abhishek Koserwal
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
Amazon Web Services
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
Amazon Web Services
 
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
Amazon Web Services
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
Amazon Web Services
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
LunchBadger
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
Amazon Web Services
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
Amazon Web Services
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 

What's hot (20)

Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_faridExploiting IAM in the google cloud platform - dani_goland_mohsan_farid
Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid
 
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
대용량 트래픽을 처리하는 최적의 서버리스 애플리케이션 - 안효빈, 구성완 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
AWS CodeDeploy, AWS CodePipeline, and AWS CodeCommit: Transforming Software D...
 
Building APIs with Amazon API Gateway
Building APIs with Amazon API GatewayBuilding APIs with Amazon API Gateway
Building APIs with Amazon API Gateway
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
AWS KMS 에서 제공하는 봉투암호화 방식의 암호화 및 사이닝 기능에 대한 소개와 실습 - 신은수, AWS 솔루션즈 아키텍트 :: AWS...
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
Best Practices for SecOps on AWS
Best Practices for SecOps on AWSBest Practices for SecOps on AWS
Best Practices for SecOps on AWS
 
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
게임서비스를 위한 ElastiCache 활용 전략 :: 구승모 솔루션즈 아키텍트 :: Gaming on AWS 2016
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
Add User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon CognitoAdd User Sign in and Management to your Apps with Amazon Cognito
Add User Sign in and Management to your Apps with Amazon Cognito
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
 

Viewers also liked

モバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Servicesモバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Services
Keisuke Nishitani
 
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API GatewayAWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
Amazon Web Services Japan
 
20170210 jawsug横浜(AWSタグ)
20170210 jawsug横浜(AWSタグ)20170210 jawsug横浜(AWSタグ)
20170210 jawsug横浜(AWSタグ)
Toshihiro Setojima
 
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化するAWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
mizugokoro
 
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
真吾 吉田
 
サーバーレスの今とこれから
サーバーレスの今とこれからサーバーレスの今とこれから
サーバーレスの今とこれから
真吾 吉田
 
AWS SAMで始めるサーバーレスアプリケーション開発
AWS SAMで始めるサーバーレスアプリケーション開発AWS SAMで始めるサーバーレスアプリケーション開発
AWS SAMで始めるサーバーレスアプリケーション開発
真吾 吉田
 
サーバーレスアーキテクチャのすすめ(公開版)
サーバーレスアーキテクチャのすすめ(公開版)サーバーレスアーキテクチャのすすめ(公開版)
サーバーレスアーキテクチャのすすめ(公開版)
Keisuke Kadoyama
 
Amazon EC2におけるサーバーの運用・管理方法
Amazon EC2におけるサーバーの運用・管理方法Amazon EC2におけるサーバーの運用・管理方法
Amazon EC2におけるサーバーの運用・管理方法
Serverworks Co.,Ltd.
 
Single-page application
Single-page applicationSingle-page application
Single-page applicationFumio SAGAWA
 
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
Amazon Web Services
 
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
SORACOM,INC
 
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
Masahiro NAKAYAMA
 
AWS Systems manager 入門
AWS Systems manager 入門AWS Systems manager 入門
AWS Systems manager 入門
Serverworks Co.,Ltd.
 
Top 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applicationsTop 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applications
hadooparchbook
 
AWS Black Belt Online Seminar 2017 Amazon Aurora
AWS Black Belt Online Seminar 2017 Amazon AuroraAWS Black Belt Online Seminar 2017 Amazon Aurora
AWS Black Belt Online Seminar 2017 Amazon Aurora
Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 AWS X-Ray
AWS Black Belt Online Seminar 2017 AWS X-RayAWS Black Belt Online Seminar 2017 AWS X-Ray
AWS Black Belt Online Seminar 2017 AWS X-Ray
Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 Amazon GameLift
AWS Black Belt Online Seminar 2017 Amazon GameLiftAWS Black Belt Online Seminar 2017 Amazon GameLift
AWS Black Belt Online Seminar 2017 Amazon GameLift
Amazon Web Services Japan
 
AWS BlackBelt AWS上でのDDoS対策
AWS BlackBelt AWS上でのDDoS対策AWS BlackBelt AWS上でのDDoS対策
AWS BlackBelt AWS上でのDDoS対策
Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2017 Amazon EMR
AWS Black Belt Online Seminar 2017 Amazon EMR AWS Black Belt Online Seminar 2017 Amazon EMR
AWS Black Belt Online Seminar 2017 Amazon EMR
Amazon Web Services Japan
 

Viewers also liked (20)

モバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Servicesモバイル開発を支えるAWS Mobile Services
モバイル開発を支えるAWS Mobile Services
 
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API GatewayAWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
AWS Black Belt Tech シリーズ 2015 - Amazon API Gateway
 
20170210 jawsug横浜(AWSタグ)
20170210 jawsug横浜(AWSタグ)20170210 jawsug横浜(AWSタグ)
20170210 jawsug横浜(AWSタグ)
 
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化するAWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
AWS Step FunctionとLambdaでディープラーニングの訓練を全自動化する
 
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
サーバーレスのアーキテクチャパターンとそれぞれの実装・テストの勘所
 
サーバーレスの今とこれから
サーバーレスの今とこれからサーバーレスの今とこれから
サーバーレスの今とこれから
 
AWS SAMで始めるサーバーレスアプリケーション開発
AWS SAMで始めるサーバーレスアプリケーション開発AWS SAMで始めるサーバーレスアプリケーション開発
AWS SAMで始めるサーバーレスアプリケーション開発
 
サーバーレスアーキテクチャのすすめ(公開版)
サーバーレスアーキテクチャのすすめ(公開版)サーバーレスアーキテクチャのすすめ(公開版)
サーバーレスアーキテクチャのすすめ(公開版)
 
Amazon EC2におけるサーバーの運用・管理方法
Amazon EC2におけるサーバーの運用・管理方法Amazon EC2におけるサーバーの運用・管理方法
Amazon EC2におけるサーバーの運用・管理方法
 
Single-page application
Single-page applicationSingle-page application
Single-page application
 
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
AWS re:Invent 2016: From VUI to QA: Building a Voice-Based Adventure Game for...
 
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
【Connected.T2】システム構築・運用負荷を軽減!SORACOM Beam が実現する、ヒトとモノにやさしいIoT
 
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
20分でおさらいするサーバレスアーキテクチャ 「サーバレスの薄い本ダイジェスト」 #serverlesstokyo
 
AWS Systems manager 入門
AWS Systems manager 入門AWS Systems manager 入門
AWS Systems manager 入門
 
Top 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applicationsTop 5 mistakes when writing Spark applications
Top 5 mistakes when writing Spark applications
 
AWS Black Belt Online Seminar 2017 Amazon Aurora
AWS Black Belt Online Seminar 2017 Amazon AuroraAWS Black Belt Online Seminar 2017 Amazon Aurora
AWS Black Belt Online Seminar 2017 Amazon Aurora
 
AWS Black Belt Online Seminar 2017 AWS X-Ray
AWS Black Belt Online Seminar 2017 AWS X-RayAWS Black Belt Online Seminar 2017 AWS X-Ray
AWS Black Belt Online Seminar 2017 AWS X-Ray
 
AWS Black Belt Online Seminar 2017 Amazon GameLift
AWS Black Belt Online Seminar 2017 Amazon GameLiftAWS Black Belt Online Seminar 2017 Amazon GameLift
AWS Black Belt Online Seminar 2017 Amazon GameLift
 
AWS BlackBelt AWS上でのDDoS対策
AWS BlackBelt AWS上でのDDoS対策AWS BlackBelt AWS上でのDDoS対策
AWS BlackBelt AWS上でのDDoS対策
 
AWS Black Belt Online Seminar 2017 Amazon EMR
AWS Black Belt Online Seminar 2017 Amazon EMR AWS Black Belt Online Seminar 2017 Amazon EMR
AWS Black Belt Online Seminar 2017 Amazon EMR
 

Similar to Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Security Day

Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
Amazon Web Services
 
Rapid Application Development on AWS
Rapid Application Development on AWSRapid Application Development on AWS
Rapid Application Development on AWS
Amazon Web Services
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Amazon Web Services
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
Amazon Web Services
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Amazon Web Services
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Amazon Web Services
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
Amazon Web Services
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
Amazon Web Services
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWS
Amazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
Amazon Web Services
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
Amazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Amazon Web Services
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Amazon Web Services
 

Similar to Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Security Day (20)

Building Secure Mobile APIs
Building Secure Mobile APIsBuilding Secure Mobile APIs
Building Secure Mobile APIs
 
Rapid Application Development on AWS
Rapid Application Development on AWSRapid Application Development on AWS
Rapid Application Development on AWS
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
Getting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar SeriesGetting Started with Cognito User Pools - September Webinar Series
Getting Started with Cognito User Pools - September Webinar Series
 
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech TalksDeep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
Deep Dive on Amazon Cognito - March 2017 AWS Online Tech Talks
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
(DEV203) Amazon API Gateway & AWS Lambda to Build Secure APIs
 
Mobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWSMobile Application Development and Testing on AWS
Mobile Application Development and Testing on AWS
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...Authentication & Authorization for Connected Mobile & Web Applications using ...
Authentication & Authorization for Connected Mobile & Web Applications using ...
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Security Day

  • 1. Securing Serverless Workloads with Cognito and API Gateway Part II Drew Dennis Solution Architect drewdenn@amazon.com
  • 2. API Gateway Custom auth via Lambda • Support for bearer token auth (OAuth, SAML) API GatewayClient Auth server 1. Login 2. GetToken AWS Lambda 3. Authorized
  • 3. API Gateway Custom auth via Lambda Client Lambda Auth function API Gateway OAuth token OAuth provider Policy is evaluated Policy is cached Endpoints on Amazon EC2 Any other publicly accessible endpoint AWS Lambda functions 403
  • 4. Option 2 – The policy { "principalId": ”meyjames", "policyName": "*", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*" } ] } } The Lambda function returns a policy that specify the resources that the given token is allowed to invoke in the API In this case all resources (*) in the API with id z8fxjufsyf
  • 5. Option 2 – The policy { "principalId": ”meyjames", "policyName": "ReadOnly", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*/GET/*" } ] } } We could limit the permission to only GET methods.
  • 6. Option 2 – The policy { "principalId": ”meyjames", "policyName": "ReadOnly", "policyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": ”Deny", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf/*/*/users/*" }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": "arn:aws:execute-api:us-east- 1:9XXX5213927:z8fxjufsyf /*/*/users/myUserId" } ] } } We could get clever with JWT tokens Given the content of the token, only allow the user to access their own data (user id is part of the token)
  • 7. Option 2 – The policy var testPolicy = new AuthPolicy(”meyjames", "XXXXXXXXXXXX", apiOptions); testPolicy.denyAllMethods(); testPolicy.allowMethod(AuthPolicy.HttpVerb.GET, "/users/username"); testPolicy.allowMethod(AuthPolicy.HttpVerb.POST, "/users/username"); testPolicy.allowMethodWithConditions(AuthPolicy.HttpVerb.GET, "/pets/123123", { "StringEquals": { "s3:x-amz-acl": [ "public-read" ] } }); context.succeed(testPolicy.getPolicy()); Generating a policy is not as hard as it looks…
  • 8. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO
  • 9. Amazon Cognito Identity Federated Identities and Secure Access to AWS Service for Apps Authenticate via 3rd party Identity Providers Developers Don’t Want to Build Their Own User Directory Guest Access Authenticate via Developer Provided Authentication Sign in with Facebook Or Username Password Sign In Or Start as a guest Developers do not want to take on the undifferentiated heavy lifting to: • Build and maintain a directory • Get security right • Support workflows like forgot password • Scale as their user base grows
  • 10. A Fully Managed User Directory in Cognito Add sign-up and sign-in easily to your mobile and web apps Easy User Management Verify phone numbers and email addresses and offer multi-factor authentication Enhanced Security Features Launch a simple, secure, low-cost, and fully managed service to create and maintain a user directory that scales to 100s of millions of users Managed User Directory
  • 11. Comprehensive User Scenarios Email or phone number Verification Forgot Password User sign-up and sign- in Users verify their email address or phone number prior to activating an account Users can change their password if they forget it Users sign-up using email, phone number or user name and password. Users can then sign-in. User Profile Retrieve and update user profiles, including custom attributes SMS-based MFA If enabled, users complete Multi-Factor Authentication (MFA) with a confirmation code via SMS as part of sign-in and forgot password flows
  • 12. Comprehensive Administrator Scenarios Manage users in a User Pool Select Email and Phone Verification Customize with Lambda Triggers Setup Password Policies Create and manage User Pools List, search and perform actions on specific user(s) in the User Pool Configure verifications of users’ email addresses and phone numbers (via SMS) Create functions in AWS Lambda to customize workflows Control password requirements like minimum length, uppercase, and inclusion of special characters Create, configure and delete multiple User Pools in their AWS account Define Attributes Select required attributes and Define custom user attributes
  • 13. Secure Sign-in Made Easy Token-based Authentication Secure Remote Password Protocol SMS-based Multi-factor Authentication Uses tokens based on OpenID Connect (OIDC) and OAuth 2.0 standards Uses Secure Remote Password (SRP) for secure password handling end to end Enables your end users to user the text messaging functionality of a mobile phone as an extra layer of security
  • 14. Cognito User Pool Tokens • User Token • JWT • OpenID Connect • One Hour • Access Token • JWT • OAuth2 • One Hour • Refresh Token • Long-lived • Sent to Cognito Identity when Token has expired
  • 15. Customization using Lambda hooks Lambda Hook Example Scenarios Pre user sign-up Custom validation to accept or deny the sign- up request Custom message Advanced customization and localization of verification messages Pre user sign-in Custom validation to accept or deny the sign- in request Post user sign-in Event logging for custom analytics Post user confirmation Custom welcome messages or event logging for custom analytics
  • 16. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Lets walk through this step by step…
  • 17. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 1: User signs up for an account with our Amazon Cognito User Pool, providing their email, telephone number & password (+ any custom attributes). Amazon Cognito can automatically verify the user’s email address and/or phone number if required.
  • 18. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 2: At some point in the future, the user wants to sign in. We can now authenticate the user.
  • 19. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Optional: If MFA is enabled (either for this user, or all users), Amazon Cognito will SMS or email a one time authentication code to the user.
  • 20. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 3: After a successful authentication, Amazon Cognito responds with a signed JSON Web Token (JWT) containing the user’s details.
  • 21. Wait… What is a JSON Web Token (JWT)? * https://jwt.io Cryptographically verifiable claims
  • 22. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 4: You are now ready to call your backend API’s from your mobile application. The JWT is passed in via the Authorization HTTP header. GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
  • 23. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 5: API Gateway calls your custom authorizer function which validates the JWT token and creates an IAM policy that defines which API resources the user can access (based on their user attributes in the JWT claims). GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
  • 24. Condition example "Condition" : { "DateGreaterThan" : {"aws:CurrentTime" : "2015-10-08T12:00:00Z"}, "DateLessThan": {"aws:CurrentTime" : "2015-10-08T15:00:00Z"}, "IpAddress" : {"aws:SourceIp" : ["192.0.2.0/24", "203.0.113.0/24"]} } • Allows a user to access a resource under the following conditions: • The time is after 12:00 P.M. on 10/8/2015 AND • The time is before 3:00 P.M. on 10/8/2015 AND • The request comes from an IP address in the 192.0.2.0 /24 OR 203.0.113.0 /24 range • MFA Present, MFA Age, Secure Transport All of these conditions must be met in order for the statement to evaluate to TRUE. AND OR What if you wanted to restrict access to a time frame and IP address range?
  • 25. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 6: Additionally, the custom authorizer function will need to check that the JWT hasn’t been tampered with. To do this, it needs the signing public key (JWK) from Amazon Cognito. GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
  • 26. Authentication Flow Amazon Cognito User Pools Amazon API Gateway Custom Authorizer Lambda Function /pets Lambda Function /n… Lambda Function Amazon DynamoDB Throttling Cache Logging Monitoring Auth Mobile apps Step 7: If authentication was successful, the API call will be passed through to the backend Lambda functions where your logic sits. Authentication is cached for each token (up to 1 hour). GET /pets HTTP/1.1 Host: ... Authorization: eyJraWQiOi…
  • 27. DEMO