How can I set up Application Load Balancer authentication using Facebook and Amazon Cognito as identity providers?

4 minutos de lectura

How can I set up Application Load Balancer authentication using Facebook and Amazon Cognito as identity providers (IdPs)?

Short description

With Application Load Balancer authentication, the Application Load Balancer either confirms that the client is authenticated or prompts the client to authenticate. The backend target is responsible only for running other business logic or services, such as user profile and payments. The Application Load Balancer is the gatekeeper for denying and allowing client access. However, because Application Load Balancers don't store client login credentials, you can configure Amazon Cognito and Facebook to manage and authenticate users.


Set up the Facebook application

  1. Go to Facebook for developers on the Facebook site.
  2. On the top right, choose My Apps, and then choose Add New App.
  3. Specify a Display name, and then choose Create App ID.
  4. Choose Facebook Login.
  5. Choose Web (www).
  6. Specify the domain name of the site. This name is the same as the name that you use to alias to the Application Load Balancer's DNS.
  7. Choose Next.
  8. Skip the JavaScript SDK, and then choose Next.
  9. Choose Next.

When you get to step 5 in the wizard, continue to set up Amazon Cognito. There's one final step to complete when setting up the Facebook application, but you must set up Amazon Cognito first.

Set up the Application Load Balancer for authentication, and then set up Amazon Cognito as an IdP/IdP aggregator

  1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
  2. Create an Application Load Balancer.
  3. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  4. Select the Application Load Balancer that you created in step 2.
  5. Choose ListenersAdd listener.
  6. Choose HTTPS:443(or any port with the HTTPS protocol).
  7. For Action, choose Authenticate.
  8. Keep the Amazon Cognitoselection.
  9. For Cognito user pool, choose Create new.
  10. For Social IDP, choose Facebook.
  11. Go to Facebook for developers on the Facebook site.
  12. Select the application that you created in the Set up the Facebook applicationsection of this procedure.
  13. Choose Settings, and then choose Basic.
  14. Copy the App ID.
  15. Choose Show, and then enter your Facebook password to select App Secret.
  16. Return to the Amazon Cognito setup page in the Amazon EC2 console. Then, paste the App IDand enter the App Secret.
  17. For Authorize scope, enter public_profile.
  18. Under Domain prefix, choose a unique name to append to the Amazon Cognito regional DNS service. For example, if you specify "abc" as your domain prefix, your fully qualified domain name (FQDN) is
  19. Choose Create Cognito User pool.
  20. Copy the domain name you specified in step 18.
  21. Add another rule to your HTTPS listener. Choose **Forward to:**and then specify the target group name of your Application Load Balancer.
  22. Choose Save.

Finish setting up the Facebook application

  1. Open the Facebook application.
  2. Choose Facebook Login, and then choose Settings.
  3. For Valid OAuth Redirect URIs, paste the Amazon Cognito FQDN and add a suffix of /oauth2/idpresponse. For example,
  4. Choose Save changes.
  5. Choose SettingsBasicsApp domains.
  6. Add the domain name that points to your Application Load Balancer.
  7. Choose Save changes.

Finish setting up Amazon Cognito

  1. Open the Amazon Cognito console.
  2. Choose your configured user pool.
  3. Choose App client settings.
  4. For Callback URL(s), specify the domain name that you created an alias record for in Route 53 that points to the Application Load Balancer, and then add the /oauth2/idpresponsesuffix. For example,

**Important:**Facebook is a third-party application, which means that the configuration steps above might change over time. For the latest updates, refer to Facebook's documentation on the Facebook site.

Related information

Authenticate users using an Application Load Balancer

Simplify login with Application Load Balancer built-in authentication

Facebook (Identity pools)

Register with a social IdP

OFICIAL DE AWSActualizada hace 3 años