Integrating custom authentication service with AWS Cognito

Question

I have an authentication service currently integrated with CA layer 7 API Gateway. When user presents username/password to L7, it forwards the call to the auth-service, which returns JWT and session id if credentials are valid.

I am looking to integrate this auth service with AWS API gateway through cognito federated identities. I am not clear on how to integrate this set up and migrate the existing users to the user pools. I am looking for an option to eliminate the need of saving credentials in internal database. Is it possible once I migrate the users to user pools? Also, what all the features my auth-service should be able to support as added to federated identities.

It would be really helpful if you could share the relevant implementation samples.

Answer 1

You can import users into the cognito user pool. This will transfer all information except for the password. All users will need to create a new password when they try to log in for the first time. If you don't want to use user pools you can just add your current authentication as a federated identity provider. I think you should stick to just using federated identity unless you are not satisfied with your authentication app since cognito user pool requires passwords. It will be far simpler to just created a federated identity pool and configure your app with it.