I'm currently working on a project where various internal apps need to communicate with each other, and I've implemented JWT token authentication for this purpose. I'm using Cognito alongside IRSA to get the tokens, which I then exchange to call another service from my initial app. I recently consulted an AI tool regarding this setup, and it mentioned that Cognito is mainly for end-user authentication, suggesting that other architectures like IAM with SigV4 might be more suitable. Since I'm not an AWS expert and I know AI can sometimes provide misleading information, I'm curious about when Cognito might not be the best choice. Can anyone recommend resources that would help me determine whether I'm using the right architecture for my needs?
3 Answers
You might want to check out this podcast that discusses machine-to-machine authentication using OAuth2 and Cognito. It provides some solid insights on how to properly architect for your use case. Here's the link: developers.podcast.go-aws.com/web/episodes/170/index.html. It could really help clarify things for you!
While Cognito provides OAuth2 client_credentials for app-to-app auth, the costs have increased recently. An alternative is using Cognito Identity Pools with developer-authenticated identities, which can issue IAM credentials based on checks you define, instead of managing IAM roles and users. This method could offer more flexibility based on your needs.
Cognito does support machine-to-machine authentication, but keep in mind that AWS has recently changed its pricing model. It's around $6 for each app client and $2.50 per 1000 token requests, which can add up quickly if you have high usage! So it's definitely something to consider if your feature has a lot of potential for high traffic.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads