AWS

AWS Cognito Authentication and AWS Amplify development

Few words of introduction

In the last article we have spent some time playing with Cognito authentication, and we’ve built a small solution for tests – all with AWS Console. Since then, I’ve found some nice things, and I would like to see how the Cognito looks from the developer’s point of view, and how easily and quickly it is to create authentication backend for projects. Shall we take a look from the other side? Quick note, I focus only on the development tasks, not devops or sysops work – where there are some mix-ups.

Before we make a first step, we must have a node.js and npm installed. If you have read the previous article, you should have it installed. If not, don’t fret. It’s really quite simple. Just download the package from https://nodejs.org, and install it on your preferred platform. If you have to test your node.js and npm in the system console, try to run npm -v. If the system returns with the version of npn, you can start the rest of the process.

$ npm -v
6.4.1
$ node -v
v8.12.0

	

At the beginning, we have to create a project and install base AWS Amplify packages and VUE JS extensions. To make the configuration process more comfortable let us install the cli for Amplify:

npm init

npm i aws-amplify
npm i aws-amplify-vue
npm install @aws-amplify/cli

npm audit fix

Npm had created some project files and directories for downloaded packages. Now, we have the project created, and we can start building our Cognito service.To do this, you have to configure AWS account and AWS CLI on your workstation. To check, if it was installed, you can use:

aws --version

If there is no output from AWS CLI, you will have to install it, and configure connection to AWS using aws configure command. For this article, I have configured it and I can connect to my AWS account. Also, I have an administration access. This is important because we are going to create a Cognito service and make some configurations.

If we already completed the cli/account configurations we can start the main process, and create the Cognito service. We just have to execute some commands in the project folder, and answer to some configuration questions:

amplify init

Currently, I use a VS Code, and I would like to have project files generated for it 🙂

Now, let’s focus on Java Script and vue. In order to do so, we have to select them first. Like this:

For source, distribution and others, let’s get the suggested values:

By answering the last question, we decide, where the Amplify should store or use our AWS account credentials. If we have created profile, we should use it, and choose the profile option. If you decide otherwise, your AWS credentials are going to be stored in project directory. Let’s select my favorite profile from the list defined on the system, and start the process:

Ok, so far we have created backend files ready for deployment on our AWS account. To test if the files were created properly, we go to project folder, and look into amplify\backend\amplify-meta.json

And there it is. With just few questions, we have prepared cloudformation definition for Cognito that is ready to be deployed to our account.

So far, we have backend definition. In the next step, we can add authentication to the project. Amplify can easily add required configuration files based on our previous steps.

amplify add auth

You can inspect these files in the project subdirectory

amplify\backend\auth\cognitof9a81923\cognitof9a81923-cloudformation-template.yml

	

Finally, we can push our definition to cloud. Let us do it, by using:

amplify push

When the process is completed – it takes less than 2 minutes for Amplify created User Pool, Identity Pool and some other required components – it is ready to be used. We have Cognito service created, and ready to use in our developer application. To check it, we can go to AWS console, and look for it through account defined in the profile:

The Cognito service is ok for the development process, but it’s not secure enough for production. Some important steps and hardening are required – as always, when it comes to production. But that’s just life 😉

If Amplify caught your attention, and you want more info, I recommend visiting official Amplify website:

https://aws-amplify.github.io/docs/

Let us do the cleaning

When we finish playing with our Cognito Service, we can easily (with the maximum attention to details, of course) do the cleaning (locally and in the cloud) with the command:

amplify delete

Disclaimer

Bear in mind that I did not try to build a fully secure authorization. This article is only a sandbox – it helps you start with Cognito, and provides some basic knowledge about the Authentication process. Every security implementation should be configured carefully and tested fully, because even a smallest misconfiguration may have a dramatic impact on the application and AWS account security.

So, what did we achieve?

We have prepared environment for future development and project tests, using Cognito service. We defined, configured and deployed it in just a few minutes, using only few commands.