We have given architecture (simplified)
- Our Multitenant Service is behind loadbalancer and has no auth capabilities - that is why we use cognito
- We also have single tenant software (Tenant 1 and Tenant2) installable in AWS or in Private Cloud
- These tenant instances backends integrates with the Multitenant Service. But as you can see, as it can be running from the internet, we need to have some authenticataion.
- We have setup Load Balancer with Cognito Authentication, UserPool and AppClient.
How to approach the integration of our tenants, when they need to authenticate on LoadBalancer on machine level? - there won't be anyone to login via GUI. We thought of using multiple App Clients for each tenant, however we just want to authenticate, so our HTTP requests flow through LB, and we don't need to manage Cognito UserPool.
Thanks
Hi, would this shed any light on? https://github.com/kyriakos96/aws-cognito-service-to-service-authentication