In this workshop, you learn how to build a serverless customer-facing microservices application demonstrating end-to-end authentication and authorization using Amazon Cognito, Amazon API Gateway, AWS Lambda, and all things AWS Identity and Access Management (IAM). You have the opportunity to build an end-to-end functional app with a secure identity provider showcasing user authentication patterns.
- Level: Advanced
- Duration: 2 hours
- CSF Functions: Protect
- CAF Components: Preventative
- Prerequisites: AWS Account, Admin IAM User
- AWS Services: Amazon Cognito, Amazon API Gateway, AWS Lambda, AWS IAM
The microservices application you'll be building enables users to request unicorn rides from the Wild Rydes fleet. The application will present users with a user interface for signing-up, signing-in, indicating their location to request a ride, and managing their rider profile.
See the diagram below for a depiction of the complete architecture.
This workshop is split into multiple modules. Each module builds upon the previous module as you expand the Wild Rydes application. You must complete each module before proceeding to the next.
User flows - In this module, you will create a Cognito User Pool for identity management and user authentication and will integrate it with a pre-existing WildRydes React JS Web Application. You will also configure Cognito Identity Pools, which provides the ability to assume an Identity and Access Management (IAM) role from within an application.
Backend authorization with Amazon API Gatway - In this module, you will add a serverless backend to our Wild Rydes application leveraging API Gateway and Lambda. You will then enable authentication and authorization on your API to secure the backend to only accept valid, authorized requests.
Retrieving and using temporary AWS credentials - In this module, you will expand your Wild Rydes application by enabling profile management and profile photo management capabilities. Amazon Cognito will be used to store your user's profile information and attributes whereas Amazon S3 will store your user's profile pictures, with a link to the photo stored in the user's profile information.
Cleanup - To prevent your account from accruing additional charges, you'll go through and cleanup all the resources you've used for this workshop.
Proceed to the next module to setup your environment.