By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Share Cognito user pool between VPCS? Same IAC for more than one VPC?

0

Hi!

I have the main stack of my app deployed in one VPC. I'm using AWS Python CDK for my IAC and in this IAC I'm creating my Cognito user pool. Now I need to create another VPC with a new service that will use the same Cognito user pool. Can I share this resource between VPCs? Also should I create another IAC for this VPC? or can I use the same IAC I have?

Thank you!

Topics
Networking & Content DeliveryManagement & GovernanceSecurity, Identity, & ComplianceAWS Cloud Development Kit (CDK)
Tags
Amazon VPCAWS CloudFormationAmazon CognitoAWS Cloud Development Kit (CDK)
Language
English
cao95
asked 4 months ago168 views
2 Answers
1
Accepted Answer

Hello.

Since Cognito is a regional resource, I think that applications in the same region can use the same user pool even if the applications are in separate VPCs.
Also, Cognito is not a service that runs within a VPC, so it can be used regardless of whether the VPC is separate or not.
https://docs.aws.amazon.com/cognito/latest/developerguide/application-client-based-multi-tenancy.html

Also should I create another IAC for this VPC? or can I use the same IAC I have?

If it's a completely different application, I think it's okay to split the stack.
https://docs.aws.amazon.com/cdk/v2/guide/stack_how_to_create_multiple_stacks.html

profile picture
EXPERT
Riku_Kobayashi
answered 4 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 19 days ago
  • cao95
    4 months ago

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have? Is going to be a part of the main application but a diferent service. Should still be separated?

  • Riku_Kobayashi EXPERT
    4 months ago

    I see, about this, Also should I create another IAC for this VPC? or can I use the same IAC I have?

    It is possible to define new AWS resources without splitting the stack. If the VPC configuration or AWS services used to host the application are different, I think it would be better to separate the CDK stack to improve the readability of the code.

    Is going to be a part of the main application but a diferent service. Should still be separated?

    Personally, I split my CDK stack by application. Since the same Cognito user pool will be used, I think that dividing only the stack without dividing the CDK project will improve the readability of the code and make it easier to manage. https://docs.aws.amazon.com/cdk/v2/guide/resources.html#resource_stack

1

Hi,

Sharing a Cognito user pool between VPCs is definitely possible, as the user pool is not tied to a specific VPC configuration and can be utilized across multiple VPCs or AWS accounts.

You can use the same CDK app to provision resources for multiple VPCs.
But, in case you want to create a separate CDK app for the second VPC since you are deploying it for a totally different service, then you can import the previously created Cognito User pool into your CDK code. [1]

References:
[1] https://repost.aws/questions/QU6sXRXAzXQze9wWNJz1TUAw/reference-resources-between-cdk-stacks

Thanks,
Atul

profile picture
IBAtulAnand
answered 4 months ago
  • cao95
    4 months ago

    Thanks man! Really appreciate the help

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content