1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
The docs here https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#authentication-flow (see step #9) show that an authentication session cookie, issued by the ALB, is required to proceed to forwarding of traffic to the Target Group. The ALB here will actually sign the JWT being sent back to the target group itself, not Cognito in this case.
Depending upon your use case, you may want to use API Gateway to achieve this design rather than ALB. You could use this NodeJS JWT authorizer code within a custom lambda authorizer instead. Not sure that's possible with your application but should meet your design expectations of using the Cognito issued JWT.
回答済み 2年前
関連するコンテンツ
- AWS公式更新しました 2年前
Thanks @Chris_S. We are using EKS for our services deployment. I dont think AWS API Gateway will fit here.
Hi @Chris_S, sadly the use case of using API Gateway is not possible for multiple use cases due to its limitations (Maximum payload & response time). Are there any other ways of solving this problem? API Gateway is not possible to use, ALB with Cognito doesn't allow on using JWT token that are generated with it, which is quite necessary in the current concept of microservices.