Cognito Registration & Identity Management System

Reading Time: 3 minutes

This blog contains a detailed description for creating Identity management systems.We will see how we manage this through AWS Cognito with a working example.

Problem Statement

Your orgainization wants to create an Identity management system for user accessibility and usability restrictions. The basic requirement of this highly secure workflow requirements is listed as follows:

  • End to End Identity Management portal.
  • Identity Manager redundant setup for Identity Management.
  • Database redundant setup for Identity Management.
  • Access Manager redundant setup for Access Management.
  • Directory Services redundant setup.

Solution Objectives

  • Identity Management System which manages user level access and restrictions
  • Highly Available architecture
  • Database clustering & load balancing
  • Faster Deployment to Production
  • Infrastructure Monitoring
  • Logging Solution Implementation

Technological Requirements

  • An AWS Account
  • An IAM User with Access Key and Secret key
  • AWS Cognito
  • One instance of type t2.medium
  • GitHub Private Repository
  • Docker hub Repository

2. Tools and Technologies

The tools and technologies used while making an automated solution are:

  • Infrastructure Setup with AWS 
  • Version Control with GitHub 
  • Identity Management and Data Synchronisation with AWS Cognito 
  • Docker Registry Docker Hub
  • Continuous Integration with Jenkins Pipeline 
  • Monitoring with AWS CloudWatch

3. InfrastructureDesign

This covers the complete design of Identity Management System for user accessibility and usability restrictions.

AWS Cognito

Amazon Cognito provides authentication, authorization.

Therefore, The 2 components of Cognito are the user pools and identity pools.

UserPools and Identity Pools Cognito - Registration & Identity Management System

Cognito with DynamoDB for disaster tolerance

We should design cloud architecture for Disaster Tolerance from the start. It shall be done because it is easy to do at the inception and it will help the business even if there is never a disaster.

Disastyer Tolerance Cognito - Registration & Identity Management System

DynamoDB Load Balancing

Dynamo Load balancing - Cognito - Registration & Identity Management System

4. DevOps Implementation

  • The functionality we covered during the solution are:
  • User registration
  • User login
  • Accessing a secured page if logged in
  • Resetting a forgotten password and log out

Set up AWS Cognito with the correct configuration

The steps to make setup for user pools are:

  • Login to AWS console and go to the AWS Cognito service. 
  • Specify a name for your pool and click “Review Defaults”.
  • Customize the password policy as per requirement.
  • Edit App clients option and specify a name of the application.
  • Click “Create pool”.
  • Take note of the “Pool Id” at the top of the page.
  • Click on the apps page to take note of the App client id.
  • The format of the .env file is as follows: REGION=eu-west-1 CLIENT_ID=eu-west-1_idm123 USERPOOL_ID=idm123 AWS_ACCESS_KEY_ID=****** AWS_SECRET_ACCESS_KEY=*******
  • The recommended way is to spin up an EC2 instance with a role and then

After that , We can attach AmazonCognitoPowerUser policy to either the created role or the user.

Configure and start the application

AWS Cognito user pool set up is complete and the correct configuration added to the “. env” file, 

Install docker on an instance in which application will be running

After that , Setup Docker file.

Docker File - Cognito - Registration & Identity Management System

After that, assign the correct permissions to this role.

AWS user. 

Setup docker compose “. yaml” file.

Yaml File - Cognito - Registration & Identity Management System

Create Jenkins pipeline.

Jenkins pipeline - Cognito - Registration & Identity Management System

Finally ,the application is now running on port 80.

application is running

Finally, You will be able to register with your correct e-mail address to receive the confirmation code.

5. Monitoring

Amazon CloudWatch Metrics and AWS CloudTrail

Monitoring in AWS

6. Logging and Reporting

Logging and Reporting in AWS

Written by 

Rahul Miglani is Vice President at Knoldus and heads the DevOps Practice. He is a DevOps evangelist with a keen focus to build deep relationships with senior technical individuals as well as pre-sales from customers all over the globe to enable them to be DevOps and cloud advocates and help them achieve their automation journey. He also acts as a technical liaison between customers, service engineering teams, and the DevOps community as a whole. Rahul works with customers with the goal of making them solid references on the Cloud container services platforms and also participates as a thought leader in the docker, Kubernetes, container, cloud, and DevOps community. His proficiency includes rich experience in highly optimized, highly available architectural decision-making with an inclination towards logging, monitoring, security, governance, and visualization.