I'm working on a project where I have a static site hosted on S3 using HTML and vanilla JavaScript. The site calls AWS Lambdas to pull user-specific data. Right now, I'm the only user and everything works well, but I need to set it up so that each user only sees their own data, especially since I'm dealing with financial information. Traditionally, I've handled authentication by storing password hashes in a database, but I've heard that AWS Cognito can leverage Google authentication, which seems more secure. Is it straightforward to implement this? I'm looking at a few users for this hobby project, so I'd like to keep costs to a minimum, ideally under a few dollars per month.
4 Answers
It sounds like there's a bit of confusion about the need for Google authentication here. Cognito handles authentication itself, and you can pair it with API Gateway to help route to your Lambdas. Cognito can provide essential user identity attributes without needing separate username/password setups. But if you specifically want to link data to a Google account, that's more about verifying user identity through Google login for access control.
Definitely consider using the OAuth PKCE flow. If you're using API Gateway, it has an authorizer that can validate JWT tokens, which is really handy. Just a heads-up, AWS has recently added JWT validation to Application Load Balancers too, making it even easier.
Cognito is quite versatile for authentication and authorization, but it can be a bit complex due to its many features. I suggest checking out the developer's guide for Cognito. Take some time to really understand the basics before diving into implementation. If you only have a handful of users, you might find it more trouble than it's worth unless you're required by privacy regulations or something like that.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads