Menu
AWS seem to have a pile of services now so I have been looking more closely at it.
I am looking for a centralized service where I can host user data and have them authenticate and secure different web applications, iphone apps both using custom logins and social logins such as Twitter/Google/Facebook.
An example flow would be that I have multiple websites coded in PHP and want users to login to these sites. But only users who have access. This user data, logins, access rights etc. needs to be hosted somewhere centralized and as much headache free as possible.
Instead of building my own platform for this that will support all the authentication and user management it would be nice to have this taken care of.
Does AWS have a service for this?
The IAM service seem to only deal with AWS access.
Notice I am not only talking about mobile apps but also websites.
I see there is a new service called Cognito, is this what I am looking for specifically in this use case?
604
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
Manage IAM users and their access—You can create users in IAM, assign them individual security credentials (such as access keys, passwords, and multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources.
An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials. An IAM user with administrator permissions is not the same thing as the AWS account root user.
Two particular services would be of interest to you:
Cognito can also be used from a website.
From Use Amazon Cognito in your website for simple AWS authentication:
By using Amazon Cognito in your web applications as well as mobile apps, you can utilize a consistent, cross-platform identifier for your end users authenticated through Facebook, Google, or Amazon; together with the Cognito Sync service, this allows you to keep user-related data consistent across all your applications and platforms. Further, Cognito helps you to retrieve temporary, limited-privilege credentials for both your authenticated and unauthenticated users without managing any backend infrastructure.
198
Cognito does support social logins (facebook, google, and amazon) and custom logins (developer authenticated identities). Given the login of a user, it can get credentials to access different AWS resources (an s3 bucket, dynamo table...etc.). You can set up appropriate role permissions for these users using IAM. A series of blog posts was written to go into more detail about Cognito authentication: part 1 (basic auth flow), part 2 (developer authenticated identities), and part 3 (roles and policies). For more details on developer authenticated identities, this blog post goes into more detail and has an end to end sample app linked.
Additionally, if you're talking about using multiple applications, Cognito has a sync service. If someone were to use the same social login in multiple applications (all of which you have set up with the same identity pool), they'd be able to synchronize data across these applications. A blog post with more detail and some examples is available here
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
