Can Application Load balancer perform Cognito auth on specific routes?

0

I have the following architecture in mind. Does this require two separate ALBs (i.e. configure one of two ALBs to perform auth) or can a single ALB be configured to do cognito auth on specific routes?

Enter image description here

2개 답변
0

Yes, it is possible.

When you create a rule for a specific path (e.g. /get_y) with your Application Load Balancer, you are able to include THEN clause called "Authenticate using Cognito" where you specify your UserPoolID, ClientID, etc. Also you include your target as forward to your ECS. Each HTTP request is then evaluated whether it contains specific token in HTTP headers. If it does not contain it, user is redirected to Cognito. You then create another rule (e.g. /get_x) where you don't require Authentication, so you omit the Authentication clause and just foward to your ECS.

I hope it helps.

답변함 일 년 전
-1

Hello AWS Customer,

Application Load Balancers support path-based routing and priority rules (so that multiple services can use the same listener port on a single Application Load Balancer).[1]

You can configure your Application Load Balancer's listener rules to configure different forwarding targets based on routes.

Hope you will find this information useful. Please let me know if you have any further questions or concerns. I will be more than glad to assist you.

I hope you are always healthy and have a nice day.

profile pictureAWS
지원 엔지니어
Jisoo_K
답변함 일 년 전
  • Thanks @jisso_K but your response does not answer the specific question which was Can Application Load balancer perform Cognito auth on specific routes?. i.e. the diagram shows the requirement for one route to trigger Cognito authentication but not for the other. Is this possible?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인