API Gateway Security Mechanisms | AWS_IAM Vs Cognito User Pool Vs Identity Pool Vs Lambda Authorizer

Using the Scopes it is possible to get fine-grained access. Interesting is that the initial sign-in process with Cognito User Pool you get back a JWT with, identity, access and refresh tokens. Depending upon whether you pass in the identity or the access token, you get quite different approaches on how API Gateway Authorizer will apply it.

kappaj

If you want fine-grained authorisation using Cognito user pools, you can potentially use oauth scopes and not have to create more user pools.

SpookFilthy

Bravo! the best explanation I found around this topic. In AWS HTTP API gateway, I believe you have JWT authrorizer which does acts similarly as the Lambda authorizor. It checks the signature using the public key of the identity provider along with scopes and audiences

nickqi

Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .

And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:

saurabrakshit

Thank you sir. Explaining with picture and flow is very clear to understand.

yekohein

Most clear description of Cognito so far. and yes I have smashed that like button.

tusharanand

Great explanation, sorted my queries related to different authentication and authorization methods with AWS. Thanks.

shantisagargebise

Good job Raj. Clear and concise with very good illustrations

kakumanus

Very well described. Great . THANK YOU

JafarUlla

I got lost during the Cognito Identity Pool. You skipped explaining how the GIP knows which IAM role to assign to a user. Do users logging using Facebook only ever get IAM role 1, and those using User pool only ever get IAM role 3? Where and how is that logic configured.

totsubo

best video on the topic on the youtube

artemyevtushenko

Can we use roe level security whiile accessing redshift via cognito user->API->redshift data ApI

virendrabhatia

Great video, now I understand the differences correctly! Thanks a lot!

MohammedNoureldin

Can we use row level security while accessing redshift for cognito user....Login via cognito user->API->Lambds->redshift data ApI with row levelsecurity for example Cognito user1 can only see US data and user2 can only see UK data

virendrabhatia

Another great one, Raj. I am a fellow Amazonian too, and this playlist is a great learning tool!

anshikagupta

Thank you for the nice video, I did not find your udemy course of Rocking AWS serverless, is the name changed?

nosgxtt

Thanks for making this video. You explained the topic clearly.

lordwilfrandosy

Great explanation! I'm amazed by your videos, they are so clear. Thanks you so much.

jorgemartin

Ideally IAM should be applied to roles and not to users.

Lodayaprashant

Pretty good explanation on the differences. Thank u. Keep posting such awesome videos.

primekrish