Cognito user pool for single admin

Question

I'm trying to create a personal blog using s3 and lambda. I already have the API setup but I'm trying to figure out how to make the blog post requests more secure by requiring an authorization token in order to access the API Gateway.

I believe this can be done with cognito user pools but is usually used with many users not a single admin user. However, if there's another way I should go about this then I'm all ears.

Answer 1

You can implement this by:

1. Creating a User Pool in Cognito
2. If you are using the Hosted UI login pages, I recommend having the pages send a code response rather than a token response because you can call the token endpoint to get all the appropriate tokens.
3. Call your token endpoint with the code you receive in Step 2 (it'll be in the URL when you are redirected back to your site) to retrieve the ID, Access, and Refresh Tokens.
4. Once you have your cognitoUser tokens, you can wrap your blog publish function with a token check function to ensure that your token is up-to-date and send the updated token to your publish blog callback.
5. Send the user token in your headers: { Authorization: token } API Call.
6. In API Gateway, choose the Method Request in your Blog Post API and select your Cognito User Pool name under authorizers.

As long as the token you send is valid, the Method Request is all you need to update in order to secure the ability to post.