Can Application Load balancer perform Cognito auth on specific routes?
I have the following architecture in mind. Does this require two separate ALBs (i.e. configure one of two ALBs to perform auth) or can a single ALB be configured to do cognito auth on specific routes?
- Newest
- Most votes
- Most comments
Yes, it is possible.
When you create a rule for a specific path (e.g. /get_y) with your Application Load Balancer, you are able to include THEN clause called "Authenticate using Cognito" where you specify your UserPoolID, ClientID, etc. Also you include your target as forward to your ECS. Each HTTP request is then evaluated whether it contains specific token in HTTP headers. If it does not contain it, user is redirected to Cognito. You then create another rule (e.g. /get_x) where you don't require Authentication, so you omit the Authentication clause and just foward to your ECS.
I hope it helps.
Hello AWS Customer,
Application Load Balancers support path-based routing and priority rules (so that multiple services can use the same listener port on a single Application Load Balancer).[1]
You can configure your Application Load Balancer's listener rules to configure different forwarding targets based on routes.
Hope you will find this information useful. Please let me know if you have any further questions or concerns. I will be more than glad to assist you.
I hope you are always healthy and have a nice day.
Relevant content
- asked 4 years ago
- asked 4 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
Thanks @jisso_K but your response does not answer the specific question which was Can Application Load balancer perform Cognito auth on specific routes?. i.e. the diagram shows the requirement for one route to trigger Cognito authentication but not for the other. Is this possible?