Using AWS Cognito for Secure Access on S3 Static Websites with CloudFront Integration

Using AWS Cognito for Secure Access on S3 Static Websites with CloudFront Integration

Clock Icon2024.08.07

Introduction

Hello, I'm Hemanth from the Alliance Department. In this blog, I will demonstrate how to use AWS Cognito on an S3 Static Page Website accessed by CloudFront Origin Access Control (OAC) for Login and Sign-up.

AWS

Amazon Web Services, or AWS, is a cloud service platform that provides content distribution, database storage, processing capacity, and other features to support corporate expansion. AWS has offered a broad range of services in many different categories, including Compute, Storage, Networking, Database, Management Tools, and Security.

S3

Simple and popular AWS Service for storage. Replicates data by default across multiple facilities. It charges per usage. It is deeply integrated with AWS Services. Buckets are logical storage units. Objects are data added to the bucket. S3 has a storage class on object level which can save money by moving less frequently accessed objects to a colder storage class.

CloudFront

Low latency and fast transfer speeds, Amazon CloudFront is a quick content delivery network (CDN) solution that securely sends data, videos, apps, and APIs to clients all over the world. In addition to providing cutting-edge security capabilities like DDoS defense and field-level encryption, CloudFront interfaces with AWS services.

Cognito

For web and mobile apps, AWS Cognito offers user management, permission, and authentication. In addition to using third-party identity providers like Facebook, Google, and Amazon, users have the option to log in directly with just their username and password. Security issues like MFA, account recovery, and email/phone number verification are also taken care of by Cognito.

Prerequisites

Follow the steps in this guide to set up an S3 bucket and CloudFront distribution.

Demo

In the AWS Management Console, search for "Cognito".
Screenshot 2024-08-07 at 14.44.37
Click on "Create user pool".
Screenshot 2024-08-07 at 14.50.12
Select "Email" for user authentication and click "Next".
Screenshot 2024-08-07 at 14.52.04
Keep the default password policy and select "No MFA" for this project.
Screenshot 2024-08-07 at 14.53.15
Leave the user account recovery settings as default and click "Next".
Screenshot 2024-08-07 at 14.55.10
Configure the sign-up experience with default settings and click "Next".
Screenshot 2024-08-07 at 14.59.04
Screenshot 2024-08-07 at 14.59.22
For this project, select "Send email with Cognito" and click "Next".
Screenshot 2024-08-07 at 15.04.57
Give your user pool a name.
Screenshot 2024-08-07 at 15.17.08
Provide an app client name.
Screenshot 2024-08-07 at 15.19.26
Screenshot 2024-08-07 at 15.21.03
Review the settings and click "Create".
Screenshot 2024-08-07 at 15.22.48
Your user pool has been successfully created.
Screenshot 2024-08-07 at 15.24.10
Go into the user pool, copy the User Pool ID, and click on "App Integration".
Screenshot 2024-08-07 at 15.38.42
Scroll down and copy the Client ID.
Screenshot 2024-08-07 at 15.40.33
Now in the config add the above stuff like user pool id and client id
Screenshot 2024-08-07 at 16.09.40
Update your S3 bucket with the necessary configuration to integrate Cognito and use CloudFront to access the website and click on here for user registration.
Screenshot 2024-08-07 at 16.19.10
Users can enter their email, password, and confirm password to sign up.
Screenshot 2024-08-07 at 16.38.02
Users will receive a verification email.
Screenshot 2024-08-07 at 16.26.11
Enter the received verification code to complete the registration process.
Screenshot 2024-08-07 at 16.24.09
Users can now sign in and access the website.
Screenshot 2024-08-07 at 16.32.00
Screenshot 2024-08-07 at 16.33.50

Conclusion

An S3 static page website that is accessible via CloudFront OAC can be integrated with AWS Cognito to offer a safe and expandable method of user management and authentication. The smooth sign-up and login processes improve user experience while also guaranteeing data security.

Share this article

facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.