Let's explore a recent project where we leveraged AWS Cognito was used for user authentication and authorization. AWS Cognito is, a cloud-based managed service that, significantly simplifies the process for developers by eliminating the need to build an authentication system from scratch. It not only supports traditional sign-in processes but also allows sign-in via third-party identity providers. This service provides customizable user account security, multi-factor authentication, custom user role attributes, and several forms of account creation and identity confirmation.
Background/Problem
One facet of our project centered around the migration of data from a legacy user authentication system to a newly developed system, with a goal to preserve as much user account infrastructure as possible. The challenge was that the only information available was a spreadsheet with four columns - user email address, full name, the company they worked for, and whether they had administrative privileges. With the tight deadline that our project was under, it was important to find an efficient way to import these thousands of records. Furthermore, preserving all the meaningful distinctions between users was necessary for the minimum viable product to launch as a seamless transition for end users from the legacy system.
Solution/Methodology
Thanks to Cognito, the task of instantiating users with the appropriate permissions was streamlined. Cognito allowed us to create users in bulk directly from a CSV file, eliminating the need to develop extract-transform-load middleware. Furthermore, we utilized AWS Lambda, a serverless compute service, along with Cognito to enhance the automated functionality behind the bulk user import. This was particularly useful as it allowed us to use a function to respond to Cognito user pool events, such as automatically filtering administrators into a separate user group. Cognito’s custom user attribute functionality was also a boon, giving us a convenient foundation to build off of for provisioning which features of our solution different companies were authorized to access. Additionally, Cognito's customizable sign-up experience and message delivery system proved invaluable, enabling us to notify users about their migration to the new system via email. The email could link them directly to where they could set their new passwords and verify their identities, making the whole process seamless and user-friendly.
Benefits/Impact
While more traditional application infrastructure tends to rely on database look-ups for user information, this would have required our development team to invest resources into ingesting the spreadsheet data and formatting it to be saved in SQL, MongoDB, or the like. In such an architecture where developers are responsible for handling account data, that data would need to be extracted manually from the spreadsheet and formatted to be placed within queries to save it to a database. This middleware development cost would have come on top of the time and resources required to design and implement database schema support for account information in the first place. In total would have been difficult for the team to accomplish before our deadline. Instead, by using Cognito, we were able to create users with custom access-defining attributes in one fell swoop.
Conclusion
This experience truly underscores the value of AWS Cognito in user authentication and authorization. It saves significant time, resources, and effort for developers, making it an excellent solution for similar projects requiring bulk user importing with access control distinctions. Being a member of the AWS Jumpstart Program and an AWS Advanced Services Partner, many of our developers here at Jahnel Group are well-versed in Cognito, Lambda, and other AWS technologies and services, which allowed our team to arrive at the solution structure detailed in this blog post. If you have a project that may be currently or potentially using AWS, contact Jahnel Group to see how we might be able to work with you.
Author Bio
Sam Schantz is an associate software engineer at Jahnel Group, Inc., a custom software development firm based in Schenectady, NY. Jahnel Group is a consulting firm that specializes in helping companies leverage technology to improve their business operations. We provide end-to-end strategic consulting and deployment services, helping companies optimize their operations and reduce costs through the use of technology. Jahnel Group is an Advanced Tier AWS Services Partner, with expertise in AWS Lambdas, Amazon API Gateway, Amazon DynamoDB, and other AWS services.