Hello Folks!
I started to work on an application that provides a web interface for users who needs to execute some runbooks, namely those for ECS and EKS instead of EC2 Instances.
For this app, I wish to interact with cloud resources using the user credentials/permissions, the same kind of experience we have when using the AWS Console. Eg:
a. Do you have putItem permission to the app dynamodb config table? so you can configure application details, like a runbook registration;
b. Do you have execCommand permission for a given ECS Cluster or task? So you can apply the runbook over those ECS tasks;
Having the MVP in place (using lambdas and API-GW IAM authentication), I now need to think about how to effectively the user logs in and interact with the cloud resources from a web interface. Since then, I looked at some possible options:
- IAM Identity Cloud Applications - seems to be amazing, but I didn't find any documentation on how to create an application or examples for it;
- AWS Amplify & Cognito - Cognito seems to be a big gun here; I'd like to avoid it if possible;
- Login with Amazon - Not sure about this one; it seems to be focused on non-technical apps, but I didn´t tap into the details.
What do you folks think? Is it feasible? Between the 3 options, what would you pick? Is there another way to do it?
Thanks in advance!