SlideShare uma empresa Scribd logo

Serverless Authentication and Authorisation for Your APIs on AWS

Amazon Web Services
Amazon Web Services

Serverless Authentication and Authorisation for Your APIs on AWS

1 de 93
Baixar para ler offline
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Leo Drakopoulos Solutions Architect, Amazon Web Services Serverless Authentication and Authorization for your APIs on AWS
What to expect from the session • 400 Level session • Learn how to implement authentication and authorization on API Gateway using Amazon Cognito and AWS Lambda. • Learn the basics on how to enable 3rd party developers to build apps on top of your REST APIs leveraging OAuth 2.0 on Amazon Cognito
SpaceFinder Hybrid mobile app • Runs in web browser, Android, Apple iOS devices • Built using Ionic 3 Framework • Angular 4 / TypeScript • AWS SDKs for JavaScript Do try this at home • Mobile app + API are open-sourced (Apache 2.0 license) • https://github.com/awslabs/ aws-serverless-auth-reference-app
Booking Manager A 3rd party Web application that leverages SpaceFinder’s APIs and data. • Authorization method is OAuth 2.0
Managing Identities
1. Sign-up Sign-up and Sign-in 2. Sign-in
Sign-up and Sign-in Username Email Password beverly123 beverly123@example.com Password$123 pilotjane pilotjane@example.com a##eroplan3 sudhir1977 sudhir197@example.com mmd414997a 2. Sign-in 1. Sign-up
• Never store passwords in plaintext! • Vulnerable to rogue employees • A hacked DB results in all passwords being compromised Username Email Password beverly123 beverly123@example.com Password$123 pilotjane pilotjane@example.com a##eroplan3 sudhir1977 sudhir197@example.com mmd414997a Sign-up and Sign-in 2. Sign-in 1. Sign-up
Sign-up and Sign-in Username Email Hashed Password beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883 sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d 2. Sign-in 1. Sign-up
• MD5/SHA1 collisions • Rainbow Tables • Dictionary attacks, brute-force (GPUs can compute billions of hashes/sec) Username Email Hashed Password beverly123 beverly123@example.com 21a730e7d6cc9d715efcc0514ed69a1f pilotjane pilotjane@example.com fea74fde863cd38f88b3393f590ae883 sudhir1977 sudhir197@example.com 6ce6be14f0c775cc9b3dbe4e18d9fc7d Sign-up and Sign-in 2. Sign-in 1. Sign-up
Sign-up and Sign-in Username Email Salted Hash beverly123 beverly123@example.com 1e66f9358530620b2bcae79dada717c… pilotjane pilotjane@example.com 88fccd9cf82377d11d2fede177457d47… sudhir1977 sudhir197@example.com 08a5981de4fecf04b1359a179962a48... 2. Sign-in 1. Sign-up • Incorporate app-specific salt + random user-specific salt • Use algorithm with configurable # of iterations (e.g. bcrypt, PBKDF2), to slow down brute force attacks
Sign-up and Sign-in Username Email SRP Verifier function beverly123 beverly123@example.com <password-specific verifier> pilotjane pilotjane@example.com <password-specific verifier> sudhir1977 sudhir197@example.com <password-specific verifier> 2. Sign-in 1. Sign-up • Secure Remote Password (SRP) Protocol • Verifier-based protocol • Passwords never travel over the wire • Resistant to several attack vectors • Perfect Forward Secrecy
Sign-up and Sign-in Username Email SRP Verifier function beverly123 beverly123@example.com <password-specific verifier> pilotjane pilotjane@example.com <password-specific verifier> sudhir1977 sudhir197@example.com <password-specific verifier> 2. Sign-in 1. Sign-up Security Requirements ☐ Secure password handling
Sign-up and Sign-in Username Email SRP Verifier function beverly123 beverly123@example.com <password-specific verifier> pilotjane pilotjane@example.com <password-specific verifier> sudhir1977 sudhir197@example.com <password-specific verifier> 2. Sign-in 1. Sign-up Security Requirements ☐ Secure password handling ☐ Multi-Factor Authentication ☐ Enforce password policies ☐ Encrypt all data server-side ☐ Support custom authentication flows ☐ Scalable to 100s of millions of users
Sign-up and Sign-in Username Email SRP Verifier function beverly123 beverly123@example.com <password-specific verifier> pilotjane pilotjane@example.com <password-specific verifier> sudhir1977 sudhir197@example.com <password-specific verifier> 2. Sign-in 1. Sign-up User Flows ☐ Registration ☐ Verify email/phone ☐ Secure sign-in ☐ Forgot password ☐ Change password ☐ Sign-out Security Requirements ☐ Secure password handling ☐ Multi-Factor Authentication ☐ Enforce password policies ☐ Encrypt all data server-side ☐ Support custom authentication flows ☐ Scalable to 100s of millions of users
Sign-up and Sign-in 2. Sign-in 1. Sign-up User Flows ☐ Registration ☐ Verify email/phone ☐ Secure sign-in ☐ Forgot password ☐ Change password ☐ Sign-out Security Requirements ☐ Secure password handling ☐ Multi-Factor Authentication ☐ Enforce password policies ☐ Encrypt all data server-side ☐ Support custom authentication flows ☐ Scalable to 100s of millions of users Amazon Cognito User Pools
Sign-up and Sign-in Amazon Cognito User Pools
Sign-up and Sign-in Register Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Authenticate (via SRP) Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Authenticate (via SRP) JWT Tokens Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Authenticate (via SRP) Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Authenticate (via SRP) Define Authentication Challenge Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Define Authentication Challenge Custom challenge (CAPTCHA, custom 2FA) Authenticate (via SRP) Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Define Authentication Challenge Verify Authentication Challenge Response Custom challenge (CAPTCHA, custom 2FA) Authenticate (via SRP) Challenge response Amazon Cognito User Pools
Sign-up and Sign-in Register Verification SMS / Email Confirm registration Successful registration Define Authentication Challenge Verify Authentication Challenge Response Custom challenge (CAPTCHA, custom 2FA) Authenticate (via SRP) Challenge response JWT Tokens Amazon Cognito User Pools
Sign-up and Sign-in Pre Sign-Up Validation Post Confirmation Custom logic Define Authentication Challenge Verify Authentication Challenge Response Pre Authentication Validation Post Authentication custom logic Register Verification SMS / Email Confirm registration Successful registration Authenticate (via SRP) Custom challenge (CAPTCHA, custom 2FA) Challenge response JWT Tokens Amazon Cognito User Pools
Sign-up and Sign-in Authenticate (via SRP) JWT Tokens Amazon Cognito User Pools
Sign-up and Sign-in Authenticate (via SRP) JWT Tokens Amazon Cognito User Pools
JWT token eyJraWQiOiI5ZXJydERLbHRxOFl3YUp5MkdadE9ieWtSREVB OVNCNGlEVDZ2V21UZVFFPSIsImFsZyI6IlJTMjU2In0.eyJz dWIiOiI2ZjU1NzM2OC1hODg0LTQ4NGUtYjY2Mi05ZmM2OWYz YzM4MDIiLCJhdWQiOiI2bGtmczcwcm92a3ViaXJoMXF0bnR2 ajAxMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91 c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ3ODQ0OTA2MCwiaXNz IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5h bWF6b25hd3MuY29tXC91cy1lYXN0LTFfWE1sVVc5c1V5Iiwi Y29nbml0bzp1c2VybmFtZSI6InRlc3QxMjMiLCJleHAiOjE0 Nzg0NTI2NjAsImdpdmVuX25hbWUiOiJUZXN0IiwiaWF0Ijox NDc4NDQ5MDYwLCJmYW1pbHlfbmFtZSI6IlRlc3QiLCJlbWFp bCI6InRyYW5qaW1AYW1hem9uLmNvbSJ9.atQO0SJg9V97d6t YonHNx0q7Zuof8-d-q0u69zNnuSJtmzGvOAW97tP2e3GydY9 K8q_2kG2IzkpEMUEdaeWjz2qG5dS328Scm6pRDPpC5pOkU8y mjH7DBPfVXhtgS3iOhyleFhtmaTaYb_lYLpaaV10m8sVFOMH tjdfrAm26Fq7zyjWYTSfzhqud29Ti4zn9PhcE7aL3s7BB8CJ 18_yFXSoG5CYCpLszvHazx1cbmPoXFrlFlPvZ07Oy8EbOaGs 4CukmoYiV-5RnZsA9JXj405Kp50k-v8HCL6ZACDw3OYMV87P e6PuEqbzQLlc8BufKThm0xBiO6NJtvI7iC2sEIQ
JWT token eyJraWQiOiI5ZXJydERLbHRxOFl3YUp5MkdadE9ieWtSREVB OVNCNGlEVDZ2V21UZVFFPSIsImFsZyI6IlJTMjU2In0.eyJz dWIiOiI2ZjU1NzM2OC1hODg0LTQ4NGUtYjY2Mi05ZmM2OWYz YzM4MDIiLCJhdWQiOiI2bGtmczcwcm92a3ViaXJoMXF0bnR2 ajAxMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91 c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ3ODQ0OTA2MCwiaXNz IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5h bWF6b25hd3MuY29tXC91cy1lYXN0LTFfWE1sVVc5c1V5Iiwi Y29nbml0bzp1c2VybmFtZSI6InRlc3QxMjMiLCJleHAiOjE0 Nzg0NTI2NjAsImdpdmVuX25hbWUiOiJUZXN0IiwiaWF0Ijox NDc4NDQ5MDYwLCJmYW1pbHlfbmFtZSI6IlRlc3QiLCJlbWFp bCI6InRyYW5qaW1AYW1hem9uLmNvbSJ9.atQO0SJg9V97d6t YonHNx0q7Zuof8-d-q0u69zNnuSJtmzGvOAW97tP2e3GydY9 K8q_2kG2IzkpEMUEdaeWjz2qG5dS328Scm6pRDPpC5pOkU8y mjH7DBPfVXhtgS3iOhyleFhtmaTaYb_lYLpaaV10m8sVFOMH tjdfrAm26Fq7zyjWYTSfzhqud29Ti4zn9PhcE7aL3s7BB8CJ 18_yFXSoG5CYCpLszvHazx1cbmPoXFrlFlPvZ07Oy8EbOaGs 4CukmoYiV-5RnZsA9JXj405Kp50k-v8HCL6ZACDw3OYMV87P e6PuEqbzQLlc8BufKThm0xBiO6NJtvI7iC2sEIQ { "kid":"9errtDKltq8YwaJy2GZtObykRDEA9SB4iDT6vWmTeQE=", "alg":"RS256” } Header
JWT token eyJraWQiOiI5ZXJydERLbHRxOFl3YUp5MkdadE9ieWtSREVB OVNCNGlEVDZ2V21UZVFFPSIsImFsZyI6IlJTMjU2In0.eyJz dWIiOiI2ZjU1NzM2OC1hODg0LTQ4NGUtYjY2Mi05ZmM2OWYz YzM4MDIiLCJhdWQiOiI2bGtmczcwcm92a3ViaXJoMXF0bnR2 ajAxMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91 c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ3ODQ0OTA2MCwiaXNz IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5h bWF6b25hd3MuY29tXC91cy1lYXN0LTFfWE1sVVc5c1V5Iiwi Y29nbml0bzp1c2VybmFtZSI6InRlc3QxMjMiLCJleHAiOjE0 Nzg0NTI2NjAsImdpdmVuX25hbWUiOiJUZXN0IiwiaWF0Ijox NDc4NDQ5MDYwLCJmYW1pbHlfbmFtZSI6IlRlc3QiLCJlbWFp bCI6InRyYW5qaW1AYW1hem9uLmNvbSJ9.atQO0SJg9V97d6t YonHNx0q7Zuof8-d-q0u69zNnuSJtmzGvOAW97tP2e3GydY9 K8q_2kG2IzkpEMUEdaeWjz2qG5dS328Scm6pRDPpC5pOkU8y mjH7DBPfVXhtgS3iOhyleFhtmaTaYb_lYLpaaV10m8sVFOMH tjdfrAm26Fq7zyjWYTSfzhqud29Ti4zn9PhcE7aL3s7BB8CJ 18_yFXSoG5CYCpLszvHazx1cbmPoXFrlFlPvZ07Oy8EbOaGs 4CukmoYiV-5RnZsA9JXj405Kp50k-v8HCL6ZACDw3OYMV87P e6PuEqbzQLlc8BufKThm0xBiO6NJtvI7iC2sEIQ { "sub":"6f557368-a884-484e-b662-9fc69f3c3802", "aud":"6lkfs70rovkubirh1qtntvj012", "email_verified":true, "token_use":"id", "auth_time":1478449060, "iss":"https://cognito-idp.us-east-1.amazonaws.com /us-east-1_XMlUW9sUy", "cognito:username":"test123", "exp":1478452660, "given_name”:"Test", "iat":1478449060, "family_name":"Test", "email":”test@example.com" } Payload
JWT token eyJraWQiOiI5ZXJydERLbHRxOFl3YUp5MkdadE9ieWtSREVB OVNCNGlEVDZ2V21UZVFFPSIsImFsZyI6IlJTMjU2In0.eyJz dWIiOiI2ZjU1NzM2OC1hODg0LTQ4NGUtYjY2Mi05ZmM2OWYz YzM4MDIiLCJhdWQiOiI2bGtmczcwcm92a3ViaXJoMXF0bnR2 ajAxMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91 c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ3ODQ0OTA2MCwiaXNz IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5h bWF6b25hd3MuY29tXC91cy1lYXN0LTFfWE1sVVc5c1V5Iiwi Y29nbml0bzp1c2VybmFtZSI6InRlc3QxMjMiLCJleHAiOjE0 Nzg0NTI2NjAsImdpdmVuX25hbWUiOiJUZXN0IiwiaWF0Ijox NDc4NDQ5MDYwLCJmYW1pbHlfbmFtZSI6IlRlc3QiLCJlbWFp bCI6InRyYW5qaW1AYW1hem9uLmNvbSJ9.atQO0SJg9V97d6t YonHNx0q7Zuof8-d-q0u69zNnuSJtmzGvOAW97tP2e3GydY9 K8q_2kG2IzkpEMUEdaeWjz2qG5dS328Scm6pRDPpC5pOkU8y mjH7DBPfVXhtgS3iOhyleFhtmaTaYb_lYLpaaV10m8sVFOMH tjdfrAm26Fq7zyjWYTSfzhqud29Ti4zn9PhcE7aL3s7BB8CJ 18_yFXSoG5CYCpLszvHazx1cbmPoXFrlFlPvZ07Oy8EbOaGs 4CukmoYiV-5RnZsA9JXj405Kp50k-v8HCL6ZACDw3OYMV87P e6PuEqbzQLlc8BufKThm0xBiO6NJtvI7iC2sEIQ Signature HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), {secret});
JWT token eyJraWQiOiI5ZXJydERLbHRxOFl3YUp5MkdadE9ieWtSREVB OVNCNGlEVDZ2V21UZVFFPSIsImFsZyI6IlJTMjU2In0.eyJz dWIiOiI2ZjU1NzM2OC1hODg0LTQ4NGUtYjY2Mi05ZmM2OWYz YzM4MDIiLCJhdWQiOiI2bGtmczcwcm92a3ViaXJoMXF0bnR2 ajAxMiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJ0b2tlbl91 c2UiOiJpZCIsImF1dGhfdGltZSI6MTQ3ODQ0OTA2MCwiaXNz IjoiaHR0cHM6XC9cL2NvZ25pdG8taWRwLnVzLWVhc3QtMS5h bWF6b25hd3MuY29tXC91cy1lYXN0LTFfWE1sVVc5c1V5Iiwi Y29nbml0bzp1c2VybmFtZSI6InRlc3QxMjMiLCJleHAiOjE0 Nzg0NTI2NjAsImdpdmVuX25hbWUiOiJUZXN0IiwiaWF0Ijox NDc4NDQ5MDYwLCJmYW1pbHlfbmFtZSI6IlRlc3QiLCJlbWFp bCI6InRyYW5qaW1AYW1hem9uLmNvbSJ9.atQO0SJg9V97d6t YonHNx0q7Zuof8-d-q0u69zNnuSJtmzGvOAW97tP2e3GydY9 K8q_2kG2IzkpEMUEdaeWjz2qG5dS328Scm6pRDPpC5pOkU8y mjH7DBPfVXhtgS3iOhyleFhtmaTaYb_lYLpaaV10m8sVFOMH tjdfrAm26Fq7zyjWYTSfzhqud29Ti4zn9PhcE7aL3s7BB8CJ 18_yFXSoG5CYCpLszvHazx1cbmPoXFrlFlPvZ07Oy8EbOaGs 4CukmoYiV-5RnZsA9JXj405Kp50k-v8HCL6ZACDw3OYMV87P e6PuEqbzQLlc8BufKThm0xBiO6NJtvI7iC2sEIQ { "kid":"9errtDKltq8YwaJy2GZtObykRDEA9SB4iDT6vWmTeQE=", "alg":"RS256” } Header { "sub":"6f557368-a884-484e-b662-9fc69f3c3802", "aud":"6lkfs70rovkubirh1qtntvj012", "email_verified":true, "token_use":"id", "auth_time":1478449060, "iss":"https://cognito-idp.us-east-1.amazonaws.com /us-east-1_XMlUW9sUy", "cognito:username":"test123", "exp":1478452660, "given_name”:"Test", "iat":1478449060, "family_name":"Test", "email":”test@example.com" } Payload Signature HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), {secret});
Application so far… Amazon Cognito User Pools
Demo
Authorizing Serverless APIs
Building an API with Amazon API Gateway Internet Mobile Apps Websites Services AWS Lambda functionsAPI Gateway Cache Endpoints on Amazon EC2 All publicly accessible endpoints Amazon CloudWatch Monitoring Amazon CloudFront Any other AWS service Endpoints on Amazon VPC Cognito Authorizer Custom Authorizer API Authorization
API Gateway: three types of authorization Amazon Cognito User Pools Amazon Cognito Federated Identities Custom Identity Providers AWS IAM authorization Custom Authorizers User Pools Authorizers
API Gateway: three types of authorization Amazon Cognito User Pools Amazon Cognito Federated Identities Custom Identity Providers AWS IAM authorization Custom Authorizers User Pools Authorizers
Mobile app AmazonAPI Gateway Amazon Cognito User Pools Amazon DynamoDB Lambda function Cognito User Pools Authorizers
Mobile app AmazonAPI Gateway Amazon Cognito User Pools Amazon DynamoDB Lambda function Cognito User Pools Authorizers
Mobile app AmazonAPI Gateway Amazon Cognito User Pools Amazon DynamoDB Lambda function Cognito User Pools Authorizers
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Cognito User Pools Authorizers
4. Validate Identity token Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Cognito User Pools Authorizers
Mobile app 5. Invoke API Call Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Cognito User Pools Authorizers
Mobile app 6. Access AWS Resources Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Cognito User Pools Authorizers
SpaceFinder API (Microservice) Application so far… Amazon Cognito User Pools
Demo
API Gateway: three types of authorization Amazon Cognito User Pools Amazon Cognito Federated Identities Custom Identity Providers AWS IAM authorization Custom Authorizers User Pools Authorizers
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app 3. Request AWS credentials Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app 4. Validate Id token Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app 5. Temp AWS credentials Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app Amazon DynamoDB Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management IAM-based authorization
Mobile app 8. Invoke Lambda Lambda function AmazonAPI Gateway Amazon Cognito User Pools Amazon Cognito Federated Identities AWS Identity & Access Management Amazon DynamoDB IAM-based authorization
{ "Version": "2012-10-17", "Statement": [ { "Action": "execute-api:Invoke", "Effect": ”Allow", "Resource": "arn:aws:execute-api:*:*:ff5h9tpwfh/*" }, { "Action": "execute-api:Invoke", "Effect": "Deny", "Resource": "arn:aws:execute-api:*:*:ff5h9tpwfh/*/POST/locations/*" } ] } IAM Policy Detail
“What AWS permissions will those users have?” “How do I give different users different AWS permissions?”
Fine-grained RBAC (role from rule)
Fine-grained RBAC (role from rule)
Fine-grained RBAC (role from token)
Fine-grained RBAC (role from token) Admins Precedence: 0 FinanceDept Precedence: 2 EngineeringDept Precedence: 2 LegalDept Precedence: 2
Admins Precedence: 0 FinanceDept Precedence: 2 EngineeringDept Precedence: 2 LegalDept Precedence: 2 IAM Role Fine-grained RBAC (role from token) IAM Role IAM Role
SpaceFinder API (Microservice) Application so far… Amazon Cognito User Pools Amazon Cognito Federated Identities
SpaceFinder API Admin only Admin only Admin only Admin only POST /locations GET /locations GET /locations/{locationId} DELETE /locations/{locationId} GET /locations/{locationId}/resources POST /locations/{locationId}/resources DELETE /locations/{locationId}/resources/{resourceId} GET /locations/{locationId}/resources/{resourceId}/bookings GET /users/{userId}/bookings POST /users/{userId}/bookings DELETE /users/{userId}/bookings/{bookingId}
Demo
API Gateway: three types of authorization Amazon Cognito User Pools Amazon Cognito Federated Identities Custom Identity Providers AWS IAM authorization Custom Authorizers User Pools Authorizers
Custom Authorizer Lambda function Mobile app Lambda function AmazonAPI Gateway Amazon DynamoDB AWS Identity & Access Management Custom Authorizers
Custom Authorizer Lambda function Mobile app Lambda function AmazonAPI Gateway Amazon DynamoDB AWS Identity & Access Management Custom Authorizers
Custom Authorizer Lambda function Mobile app AmazonAPI Gateway AWS Identity & Access Management Custom Authorizers Lambda function Amazon DynamoDB
Custom Authorizer Lambda function Mobile app AmazonAPI Gateway AWS Identity & Access Management Custom Authorizers Lambda function Amazon DynamoDB
Mobile app AmazonAPI Gateway 4. Check policy cache AWS Identity & Access Management Custom Authorizer Lambda function Custom Authorizers Lambda function Amazon DynamoDB
Mobile app AmazonAPI Gateway 5.Validatetoken AWS Identity & Access Management Custom Authorizer Lambda function Custom Authorizers Lambda function Amazon DynamoDB
Custom Authorizer Lambda function Mobile app AmazonAPI Gateway 6.Generateandreturn userIAMpolicy AWS Identity & Access Management Custom Authorizers Lambda function Amazon DynamoDB
Custom Authorizer Lambda function Mobile app AmazonAPI Gateway AWS Identity & Access Management Custom Authorizers Lambda function Amazon DynamoDB
Custom Authorizer Lambda function Mobile app AmazonAPI Gateway 8. Invoke AWS Identity & Access Management Custom Authorizers Lambda function Amazon DynamoDB
OAuth 2.0 in Cognito User Pools • OAuth 2.0 flows: • Authorization code grant • Implicit grant • Client credentials • Custom scopes defined for resource servers
Implicit grant Used client side apps (mobile primarily) 1. Your website redirects to IdP login page 2. IdP redirects back with access token
Implicit grant Used client side apps (mobile primarily) 1. Your website redirects to IdP login page 2. IdP redirects back with access token and a custom scope
Lambda function Amazon DynamoDB Custom Authorizer Lambda function Cognito User Pools HTML, CSS, JavaScript Resource Servers and hotel scope API Gateway Amazon S3 Implicit Grant OAuth 2.0 flow Booking Manager application 2. JWT Access token with custom scope 3. Custom Authorizer flow Amazon CloudFront
Lambda function Amazon DynamoDB Custom Authorizer Lambda function Cognito User Pools HTML, CSS, JavaScript Resource Servers and hotel scope API Gateway Amazon S3 1. Implicit Grant OAuth 2.0 flow Booking Manager application Amazon CloudFront
Lambda function Amazon DynamoDB Custom Authorizer Lambda function Cognito User Pools HTML, CSS, JavaScript Resource Servers and hotel scope API Gateway Amazon S3 2. JWT Access token with custom scopeBooking Manager application Amazon CloudFront
Lambda function Amazon DynamoDB Custom Authorizer Lambda function Cognito User Pools HTML, CSS, JavaScript Resource Servers and hotel scope API Gateway Amazon S3 Booking Manager application 3. Custom Authorizer flow Amazon CloudFront
Demo
Wrap up Amazon Cognito User Pools Amazon Cognito Federated Identities Custom Identity Providers AWS IAM authorization Custom Authorizers User Pools Authorizers
SpaceFinder Hybrid mobile app • Runs in web browser, Android, Apple iOS devices • Built using Ionic 3 Framework • Angular 4 / TypeScript • AWS SDKs for JavaScript Do try this at home • Mobile app + API are open-sourced (Apache 2.0 license) • https://github.com/awslabs/ aws-serverless-auth-reference-app
Thank you! leonidad@amazon.co.uk

Recomendados

SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxJoel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxAWS Chicago
 
AWS SQS SNS
AWS SQS SNSAWS SQS SNS
AWS SQS SNSDurgesh Vaishnav
 

Recomendados

SAML Protocol Overview
SAML Protocol OverviewSAML Protocol Overview
SAML Protocol OverviewMike Schwartz
 
Introduction to SAML 2.0
Introduction to SAML 2.0Introduction to SAML 2.0
Introduction to SAML 2.0Mika Koivisto
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksDeep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech Talks
Deep Dive on User Sign-up Sign-in with Amazon Cognito - AWS Online Tech TalksAmazon Web Services
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectDemystifying SAML 2.0,Oauth 2.0, OpenID Connect
Demystifying SAML 2.0,Oauth 2.0, OpenID ConnectVinay Manglani
 
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxJoel Schuweiler_AWS IAM Identity Center (Single Sign On).pptx
Joel Schuweiler_AWS IAM Identity Center (Single Sign On).pptxAWS Chicago
 
AWS SQS SNS
AWS SQS SNSAWS SQS SNS
AWS SQS SNSDurgesh Vaishnav
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon CognitoAmazon Web Services
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationCleo
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
Facebook & Twitter API
Facebook & Twitter APIFacebook & Twitter API
Facebook & Twitter APIFabrice Delhoste
 
Swagger UI
Swagger UISwagger UI
Swagger UIWalaa Hamdy Assy
 
Swagger
SwaggerSwagger
SwaggerNexThoughts Technologies
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
Aws IAM
Aws IAMAws IAM
Aws IAMChamali Liyanage
 
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...Amazon Web Services
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watchMahesh Raj
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and AuthenticationAmazon Web Services
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Serverless Authentication and Authorisation
Serverless Authentication and AuthorisationServerless Authentication and Authorisation
Serverless Authentication and AuthorisationAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best PracticesAmazon Web Services
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start GuideAndrii Gakhov
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationCleo
 
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...Amazon Web Services
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watchMahesh Raj
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and AuthenticationAmazon Web Services
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveNordic APIs
 

Mais procurados (20)

OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best Practices
 
Amazon Cognito
Amazon CognitoAmazon Cognito
Amazon Cognito
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
IAM Introduction and Best Practices
IAM Introduction and Best PracticesIAM Introduction and Best Practices
IAM Introduction and Best Practices
 
Swagger / Quick Start Guide
Swagger / Quick Start GuideSwagger / Quick Start Guide
Swagger / Quick Start Guide
 
SSL Communication and Mutual Authentication
SSL Communication and Mutual AuthenticationSSL Communication and Mutual Authentication
SSL Communication and Mutual Authentication
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
Facebook & Twitter API
Facebook & Twitter APIFacebook & Twitter API
Facebook & Twitter API
 
Swagger UI
Swagger UISwagger UI
Swagger UI
 
Swagger
SwaggerSwagger
Swagger
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Aws IAM
Aws IAMAws IAM
Aws IAM
 
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
AWS Security Week: Cloud-Scale Authentication & Advanced Authorization with A...
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watch
 
User Identity and Authentication
User Identity and AuthenticationUser Identity and Authentication
User Identity and Authentication
 
OAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep DiveOAuth & OpenID Connect Deep Dive
OAuth & OpenID Connect Deep Dive
 

Semelhante a Serverless Authentication and Authorisation for Your APIs on AWS

AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...Amazon Web Services
 
Serverless Authentication and Authorisation
Serverless Authentication and AuthorisationServerless Authentication and Authorisation
Serverless Authentication and AuthorisationAmazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationAmazon Web Services
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...Amazon Web Services
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Amazon Web Services
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesVladimir Budilov
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Amazon Web Services
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Amazon Web Services
 
Rodauth: Clean Authentication
Rodauth: Clean AuthenticationRodauth: Clean Authentication
Rodauth: Clean AuthenticationValikos Ostakh
 
Rodauth: Clean Authentication - Valentine Ostakh
Rodauth: Clean Authentication - Valentine OstakhRodauth: Clean Authentication - Valentine Ostakh
Rodauth: Clean Authentication - Valentine OstakhRuby Meditation
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Amazon Web Services
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API SecurityTaiseer Joudeh
 
Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Alvaro Sanchez-Mariscal
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
 

Semelhante a Serverless Authentication and Authorisation for Your APIs on AWS (20)

AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
AWS re:Invent 2016: Serverless Authentication and Authorization: Identity Man...
 
Serverless Authentication and Authorisation
Serverless Authentication and AuthorisationServerless Authentication and Authorisation
Serverless Authentication and Authorisation
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
 
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
[REPEAT 1] Managing Identity Management, Authentication, & Authorization for ...
 
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
Managing Identity and Securing Your Mobile and Web Applications with Amazon C...
 
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
Identity Management for Your Users and Apps: A Deep Dive on Amazon Cognito - ...
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
amazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutesamazon-cognito-auth-in-minutes
amazon-cognito-auth-in-minutes
 
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...
 
Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...Serverless identity management, authentication, and authorization - SDD405-R ...
Serverless identity management, authentication, and authorization - SDD405-R ...
 
Rodauth: Clean Authentication
Rodauth: Clean AuthenticationRodauth: Clean Authentication
Rodauth: Clean Authentication
 
Rodauth: Clean Authentication - Valentine Ostakh
Rodauth: Clean Authentication - Valentine OstakhRodauth: Clean Authentication - Valentine Ostakh
Rodauth: Clean Authentication - Valentine Ostakh
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
 
HTTP Services & REST API Security
HTTP Services & REST API SecurityHTTP Services & REST API Security
HTTP Services & REST API Security
 
Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015Stateless authentication for microservices applications - JavaLand 2015
Stateless authentication for microservices applications - JavaLand 2015
 
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Serverless Authentication and Authorisation for Your APIs on AWS