5 Authentication and authorization with Cognito

One of the first questions we’re asked is usually about authentication and authorization in a serverless environment. Without a server, how does one authenticate users and secure access to resources? To help answer these questions, we introduce an AWS service called Cognito. We show how to set it up to provide user sign-up and login in a Serverless environment, and explain how it all works; you’ll love JSON Web Tokens. We follow this with the next chapter where we discuss how to build a serverless API, secure it with custom authorizers, and connect it to Lambda functions. However, before you can get to any of that exciting stuff we need to take a close look at Cognito and understand how it fits in.

5.1   Authentication in a serverless environment

5.1.1   A serverless approach

5.1.2   Auth0

5.1.5   Amazon Cognito

5.2   Adding authentication to 24-Hour Video

5.2.1   The plan

5.2.2   Invoking Lambda directly

5.2.3   24-Hour Video website

5.3   Cognito User Pools

5.3.1   Configuring a User Pool

5.3.2   Cognito Endpoints

5.3.3   Preparing the website for Cognito

5.4   Exercises

5.5   Summary