Reputation: 328
AWS API gateway for K8s using Cognito with JWT
I have AWS K8s cluster(EKS) and I want to use AWS API gateway to protect endpoints and separate authorization logic from microservices. I need to have 2 authentication schemas:
- Send login/password and get JWT
- OAuth2
There is an integration between API gateway and K8s cluster via ALB Ingress Controller. It looks fine. Then I need to authenticate somehow. AWS provides Cognito as a service to manage users and the possibility to have your own identity provider. I know that we can integrate API gateway authorizer with Cognito, but I can't understand the following things:
- How to integrate Cognito with already existed LDAP for example? (SAML?)
- Can I use my own already created OAuth2 authentication endpoint?
- How Can I authenticate with login/password and retrieve JWT using API gateway+Cognito?
Upvotes: 2
Views: 1120
Answers (1)
Reputation: 599
1 How to integrate Cognito with already existed LDAP for example? (SAML?)
Make use of Cognito Userpools with SAML IDP. https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-saml-idp.html
2 Can I use my own already created OAuth2 authentication endpoint?
Yes, use Developer Authenticated Identities for Cognito Identity Pools. Users that authenticate from the existing user database will be authorized by identity pools through assuming the authenticated IAM role of the identity pool, in that role set the access level to AWS resources. https://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html
3 How Can I authenticate with login/password and retrieve JWT using API gateway+Cognito?
Best way to achieve this seeing that API Gateway is being used is to implement a Lambda authorizer in API gateway that uses Cognito Userpools. You will then be able to get the JWT token in that Lambda authorizer, the claims in the authorizer will also be available in the integration request vtl and accessible using $context . i.e.
$context.authorizer.claims.sub
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
Upvotes: 1
Related Questions
- AWS API Gateway Authorizer using Cognito Identity Pool
- using api gateway with aws cognito for protected routes
- How can I authenticate my api gateway with cognito?
- How can I use Cognito to authenticate requests to my API without using AWS API Gateway
- Integrating AWS Cognito with API for authentication
- How to use AWS Cognito to authenticate API Gateway
- AWS Cognito and API Gateway Authentication
- How to pass Cognito token to Amazon API Gateway?
- How do I use AWS cognito response to authenticate API requests
- Authenticate app to AWS API Gateway with Cognito