By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

One ALB, one HTTPS listener, one TG - can I have both authorised requests with Cognito and Non-authorised requests?

0

Hi, can someone please let me know if this is a viable solution and if it's even possible. I have an Application Load Balancer sitting in front of my Target Group which is linked to my ECS Cluster where I have deployed a monolith that contains frontend user routing that doesn't require authentication as well as admin routing that does require authentication. Lets say my load balancer is www.example-alb.com - can I still use Cognito as an IdP where I have for example a path condition based rules on my listener that check whether the request is (1) www.example-alb.com/user or (2) www.example-alb.com/admin and if its (1) the request doesn't need to be authenticated and gets forwarded to the target group whereas if its (2) the request does need to be authenticated first and then forwarded to the target group.

Once the request reaches the target group then the routing authentication logic will verify the token or whatever for the admin paths.

Is this reasonable/viable , can it work or its not really how things are done?

Topics
Security, Identity, & ComplianceContainersAWS Well-Architected Framework
Tags
Amazon CognitoAmazon Elastic Container ServiceSecurityApplication Load Balancer
Language
English
taxmann
asked 5 months ago176 views
1 Answer
1
Accepted Answer

Hello.

I think what you want to do is probably possible.
I think it's okay if you create a listener rule that sets Cognito authentication in the case of "/admin/*" and does not set Cognito authentication in other cases.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html https://arpadt.com/articles/alb-auth-with-cognito

The article below is in Japanese, but it explains what you want to do.
https://blog.shibayu36.org/entry/2020/09/23/180000

profile picture
EXPERT
Riku_Kobayashi
answered 5 months ago
  • taxmann
    5 months ago

    Thanks this is a really helpful answer - and I was able to translate the Japanese article to English with Google Translate so that was also quite helpful to see that someone has actually done this and wrote about it!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content