1 Answer
- Newest
- Most votes
- Most comments
0
It is possible to configure your Application Load Balancer to handle both authenticated and unauthenticated requests as you described.
You can create path-based rules on the HTTPS listener to check the request path and route it accordingly.
For example:
- Create a rule that matches requests to /user and does not require authentication. It will forward the request to the target group.
- Create another rule that matches requests to /admin and sets Cognito authentication using the user pool. After successful authentication, it will forward the request to the target group.
- The target group can contain your application servers that handle routing based on the request path or authorization headers after authentication.
This allows you to secure specific paths using Cognito while keeping other paths open without authentication. The ALB acts as a gatekeeper and offloads the authentication to Cognito while forwarding requests to the same target group.
Relevant content
- Accepted Answerasked 3 years ago
- asked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Thanks for the reply Giovanni but I don't think it addresses my question? I am trying to find out why changing from a Cognito domain to a Custom Domain, with no other changes to either Cognito or the ALB, causes the error "This URL doesn't exist on the authorization server."