AWS API Gateway with Amazon Cognito User Pools as authorizer


A customer is interested in using Amazon Cognito User Pools instead of Lambda functions as authorizers for AWS API Gateway. They are trying to figure out if this solution would be ok for production workloads, also focusing on the performance overhead introduced by Cognito. In the past they used to use a Lua backend with HA Proxy and they experienced great performance (overhead in the order of microseconds), so now they are wondering if Cognito can offer good performance as well, maybe adopting some kind of optimizations (caching?). Are there any best practices about that? I don't see any reference to caching in the related documentation webpage.

Thanks a lot.

1 Answer
Accepted Answer

Cognito is used for Authentication, so it is only used once at the beginning of the session. Once the client gets a token, it uses the same token in all API calls and API Gateway knows how to interpret that token.

There are no caching controls for Cognito authorizers, but it may well be that API Gateway implements one. The best would be to run a test and find out if the latency is too high.

If latency is an issue for the customer, I recommend using the HTTP API which is 60% less latency compared to the REST API (and also costs 70% less).

profile pictureAWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions