This blog contains a detailed description for creating Identity management systems.We will see how we manage this through AWS Cognito with a working example.
Your orgainization wants to create an Identity management system for user accessibility and usability restrictions. The basic requirement of this highly secure workflow requirements is listed as follows:
- End to End Identity Management portal.
- Identity Manager redundant setup for Identity Management.
- Database redundant setup for Identity Management.
- Access Manager redundant setup for Access Management.
- Directory Services redundant setup.
- Identity Management System which manages user level access and restrictions
- Highly Available architecture
- Database clustering & load balancing
- Faster Deployment to Production
- Infrastructure Monitoring
- Logging Solution Implementation
- An AWS Account
- An IAM User with Access Key and Secret key
- AWS Cognito
- One instance of type t2.medium
- GitHub Private Repository
- Docker hub Repository
2. Tools and Technologies
The tools and technologies used while making an automated solution are:
- Infrastructure Setup with AWS
- Version Control with GitHub
- Identity Management and Data Synchronisation with AWS Cognito
- Docker Registry Docker Hub
- Continuous Integration with Jenkins Pipeline
- Monitoring with AWS CloudWatch
This covers the complete design of Identity Management System for user accessibility and usability restrictions.
Amazon Cognito provides authentication, authorization.
Therefore, The 2 components of Cognito are the user pools and identity pools.
Cognito with DynamoDB for disaster tolerance
We should design cloud architecture for Disaster Tolerance from the start. It shall be done because it is easy to do at the inception and it will help the business even if there is never a disaster.
DynamoDB Load Balancing
4. DevOps Implementation
- The functionality we covered during the solution are:
- User registration
- User login
- Accessing a secured page if logged in
- Resetting a forgotten password and log out
Set up AWS Cognito with the correct configuration
The steps to make setup for user pools are:
- Login to AWS console and go to the AWS Cognito service.
- Specify a name for your pool and click “Review Defaults”.
- Customize the password policy as per requirement.
- Edit App clients option and specify a name of the application.
- Click “Create pool”.
- Take note of the “Pool Id” at the top of the page.
- Click on the apps page to take note of the App client id.
- The format of the .env file is as follows: REGION=eu-west-1 CLIENT_ID=eu-west-1_idm123 USERPOOL_ID=idm123 AWS_ACCESS_KEY_ID=****** AWS_SECRET_ACCESS_KEY=*******
- The recommended way is to spin up an EC2 instance with a role and then
After that , We can attach AmazonCognitoPowerUser policy to either the created role or the user.
Configure and start the application
AWS Cognito user pool set up is complete and the correct configuration added to the “. env” file,
Install docker on an instance in which application will be running
After that , Setup Docker file.
After that, assign the correct permissions to this role.
Setup docker compose “. yaml” file.
Create Jenkins pipeline.
Finally ,the application is now running on port 80.
Finally, You will be able to register with your correct e-mail address to receive the confirmation code.
Amazon CloudWatch Metrics and AWS CloudTrail
6. Logging and Reporting