Reputation: 6358
AWS Cognito and custom roles
I am new to AWS... We have a home grown user authentication and authorization. We define authorizations(roles) in company terms, role1 allows you to do tasks1 and tasks2. Role2 allows one to perform tasks3 only.
I can see how I can use Cognito for my user/password management. Unclear if I use cognito for roles verification, i.e authorization.
Thoughts?
Upvotes: 4
Views: 4316
Answers (1)
Reputation: 2065
In a Cognito User Pool one can define both Users and Groups, which can be leveraged to drive fine-grained RBAC permissioning. You can define a custom attribute in the User model (e.g., "department" or "role") and map this attribute to Groups.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html
Each group can optionally be associated with an IAM role, so it's possible to restrict access to AWS resources (e.g., certain DynamoDB tables) by group -- as an additional layer of security.
However, if you don't need/want to map users to different IAM roles, maybe just handle authentication completely from within your application.
Upvotes: 1
Related Questions
- AWS cognito authorization
- Specifying User Access Control with Amazon Cognito
- generate role-based claims for aws cognito id token
- AWS-Cognito: How to assign user roles in the user pool?
- AWS cognito: allowing only a certain users (identities) to get credentials
- AWS cognito custom user roles for authorization
- AWS Cognito - authenticate as a user
- Implement Role Based Access Control using AWS Cognito with Serverless
- Use custom authorization logic with AWS Cognito authentication
- Additional authorization logic for Cognito User Pools User