AWS Cognito User Pools
- User pool is a user directory with which users can sign into your web/mobile app through Amazon cognito
- Your users can also sign in through identity providers Google, Facebook, Amazon, Apple, Microsoft etc
- After succesful authentication Cognito issues JSON web tokens (JWT) that you can use to secure and authorize access
Creating a UserPool
- Login into AWS Console and select cognito
- For federated logins use Amazon Cognito Identity pools
- FOR API Reference Refer Here
AWS Shield
- AWS provides AWS Shield Standard and AWS Shield Advanced for protection againts DDoS attacks.
- AWS Shield Advanced provides expanded DDos attack protection for
- EC2 instances
- Elastic Loadbalancers
- Cloudfront distributions
- Route53 Hosted zones
- AWS Shield Advanced Supports protection for Layer 7 attacks in addition to layer 3 and layer 4 attacks (Standard Plan)
- AWS Shield Advanced plan automically includes AWS WAF (Web application Firewall)
- Types of DDoS attacks:
- UDP reflection attacks
- SYN flood attack
- DNS query flood
- Http flood/cache-busting attacks
AWS WAF
- AWS WAF that helps you in monitoring HTTP(s) requests to
- Cloudfront distribution
- API Gateway
- Application Loadbalancer
- Web ACLs: you can use web access control lists to protect set of AWS resources.
- Rules – Each rule will have a statement that defines inspection criteria
- Rules groups: grouping of rules.
AWS Firewall Manager
- Simplifies using AWS WAF, Shield Advanced, security groups administration and maintanence tasks across multiple accounts and resources.
AWS Step functions
- Step functions enables to coordinate applications and microservices using visual workflows
- Two workflows are supported
- Standard
- Express workflows
