Reputation: 42500
How can I add cognito username/password to authenticate ALB?
I deployed AWS application load balancer to route requests to my backend service. And I'd like to add authenticate on it via cognito basic username and password.
I have read this doc https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html and it only mentions about OIDC, SAML, LDAP etc. How can I use username/password to authenticate ALB?
Upvotes: 1
Views: 835
Answers (1)
Reputation: 5797
The ALB itself provides direct integration with Cognito as an authenticator.
First, you need a Cognito User Pool. Within it, you need to create an App Client. This will then be used by the ALB when it uses OpenID Connect as a relying party in order to authenticate users against Cognito using the Authorization Code Flow.
So, for every route in your listener rules, you can add an "Authenticate using Cognito" step, where you then select your Cognito User Pool and the App Client Id.
After that, every request for this listener rule will first redirect the user to the Cognito login page.
Since Cognito itself can also federate authentication to other Identity Proviers, such as Facebook, Google, etc., this is also an option. But if you only want username/password authentication, then Cognito already gives this as an option for users in your user pool.
Basically, all the steps are explained in your mentioned AWS documentation page.
Upvotes: 1
Related Questions
- AWS cognito sign in without password
- How to set the password of a cognito user as the admin?
- Cognito login with tokens
- amazon alb and basic auth
- AWS Cognito authentication without password for backend server-server call
- AWS Cognito - authenticate as a user
- AWS Cognito Username and Password Authentication using PHP
- Receiving "Missing credentials in config" when using AWS.CognitoIdentityCredentials
- Using Cognito AccessKeyId / SecretAccessKey to access AWS services
- AWS Cognito for Basic Authentication