Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Avatar for kawaji kawaji
May 28, 2019
0
43

 Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Avatar for kawaji

kawaji

May 28, 2019
Tweet

More Decks by kawaji

See All by kawaji
re:Invent 2025 から見る 営業が知るべき AWS サービス
Avatar for kawaji kawaji_scratch
0
6
次世代のSageMakerとは
Avatar for kawaji kawaji_scratch
0
92
サーバレスの未来〜The Key to Simplifying Everything〜
Avatar for kawaji kawaji_scratch
3
530
こんなJAWS FESTAはいやだ!
Avatar for kawaji kawaji_scratch
0
110
AWSにおける生成AIと最近のアップデート
Avatar for kawaji kawaji_scratch
0
59
Cookieレスな時代に向けたマーケティング基盤の作り方
Avatar for kawaji kawaji_scratch
0
53
JAWS ミート 2024 LT
Avatar for kawaji kawaji_scratch
0
35
Agents for Amazon Bedrockで美味しいパンを購入したい
Avatar for kawaji kawaji_scratch
0
83
JAWSUG Nagoya AWSコンテナサービス概要
Avatar for kawaji kawaji_scratch
0
64

Featured

See All Featured
Odyssey Design
Avatar for Ryan Kendrick rkendrick25
PRO
0
430
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
0
1.8k
Prompt Engineering for Job Search
Avatar for Mfonobong Umondia mfonobong
0
120
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
7k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
27
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
0
760
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
0
370
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
0
94
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
73
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.4k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.2k

Transcript

  1. CognitoΛར༻ͯ͠ AWSαʔϏε΁ͷΞΫηεݖݶΛί ϯτϩʔϧ͢Δ 2019/5/28 JAWS-UG ໊ݹ԰ ઒࿏ ོٛ

  2. w ॴଐ 
 ༗ݶձࣾεΫϥονιϑτ w ໊લ 
 ઒࿏ོٛʢ͔Θ͡Α͔ͨ͠ʣ w "84ྺ

    
 ̔೥ w ޷͖ͳ"84αʔϏε 
 3PVUFɺ&$4QPU'MFFU"1* w ظ଴͍ͯ͠ΔαʔϏε 
 .BOBHFE#MPDLDIBJO ࣗݾ঺հ !LBXBKJ@TDSBUDI

  3. Cognitoͱ͸ ͳΜ͔ॻ͘ "84#MBDL#FMU0OMJOF4FNJOBS"84$PHOJUPΑΓҾ༻

  4. Ϣʔεέʔε • ։ൃҊ݅ͰϢʔβʔϩάΠϯػೳ͕ඞཁɻ • ೝূج൫ΛࣗલͰ։ൃ͠ͳ͍ํ๏͸ͳ͍͔ʁ

  5. HTMLϕʔεͷ৔߹

  6. ߏ੒

  7. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • ALBΛ༻ҙ͢Δ • ϦεφʔΛઃఆ͢Δ

  8. ΞϓϦΫϥΠΞϯτ

  9. ΞϓϦΫϥΠΞϯτ $PHOJUPΛ*%ϓϩόΠμͱͯ͠ࢦఆ αΠϯΠϯޙʹϦμΠϨΫτ͞ΕΔ63- αΠϯΞ΢τޙʹϦμΠϨΫτ͞ΕΔ63-

  10. Ϧεφʔͷઃఆ σϑΥϧτΞΫγϣϯͰʮೝূʯΛબ୒

  11. Ϧεφʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ࡁΈͷϢʔβʔϓʔϧ ࡞੒ࡁΈͷΞϓϦΫϥΠΞϯτ Ҏ্Ͱɺ&-#΁ϦΫΤετ͕དྷͨ৔߹ʹ$PHOJUPͱ࿈ܞ͢Δ

  12. Ϧεφʔͷઃఆ ೝূࡁΈͷϦΫΤετΛసૹ͢Δઃఆ

  13. Ϧεφʔͷઃఆ "-#ʹઃఆͨ͠"VUP4DBMJOH(SPVQΛࢦఆ

  14. ׬੒Πϝʔδ ϦΫΤετ ϩάΠϯը໘΁ ϦμΠϨΫτࢦࣔ ೝূϦΫΤετ ೝূޙ63-΁ϦμΠϨΫτ 5PLFOݕূ

  15. Cognito͕༻ҙ͢ΔUI αΠϯΠϯը໘ αΠϯΞοϓը໘

  16. ิ଍ ALB͕ϦΫΤετΛͲ͏Validation͢Δ͔ • CookieΛར༻͍ͯ͠Δ 
 AWSELBAuthSessionCookie-0 
 AWSELBAuthSessionCookie-1 • λΠϜΞ΢τ஋ͳͲ΋ࣗ਎ͰมߋՄೳ

  17. SPA 
 ʢγϯάϧϖʔδΞϓϦέʔγϣϯʣ 
 ͷ৔߹

  18. ߏ੒

  19. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

  20. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

    • API୯ҐͰೝՄ৚݅Λઃఆ͢Δ આ໌ࡁΈ

  21. ΦʔιϥΠβʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ͨ͠ϢʔβʔϓʔϧΛબ୒ )551ϔομʹ෇༩͢Δ τʔΫϯͷ໊শ

  22. APIʹ࡞੒ͨ͠ΦʔιϥΠβʔΛઃఆ͢Δ "1*୯ҐͰ੍ޚ͕Մೳɻ (&5͸0, 1045͸/(ͳͲ΋Ͱ͖Δ

  23. ׬੒Πϝʔδ αΠϯΠϯ 5PLFOฦ٫ "1*ݺͼग़͠ 5PLFO෇༩ "1*Ϩεϙϯε 5PLFOݕূ

  24. ิ଍ "1*(BUFXBZ͸ΦʔιϥΠβʔҎ֎ʹ*".ʹΑΔೝ ՄΛαϙʔτ͍ͯ͠Δ

  25. LambdaΛར༻ͯ͠ΧελϚΠζՄೳ

  26. ͜͜·Ͱ͸Cognito UserPoolͷ͓࿩

  27. Amazon Cognito ID ϓʔϧ 
 (ϑΣσϨʔςΟουΞΠσϯςΟςΟ) 
 Λར༻ͯ͠ग़དྷΔ͜ͱ

  28. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯ

    τ৘ใΛIdentityͱͯ͠·ͱΊΔɻ

  29. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ

  30. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ

  31. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ J1IPOFΞϓϦͱBOESPJEΞϓϦͷΞΧ΢ϯτΛ ಺෦Ͱಉ͡ਓͱͯ͠ೝࣝͰ͖Δ

  32. Πϝʔδ

  33. Πϝʔδ

  34. ۩ମྫ • ೝূࡁΈϢʔβʔ͸ࣗ෼ઐ༻ͷόέοτ಺ྖҬ΁ ϑΝΠϧΛΞοϓϩʔυͰ͖Δɻ • ೝূ͞Ε͍ͯͳ͍Ϣʔβʔ͸ɺࢀরݖݶ͚ͩ༩͑Β Ε͓ͯΓσʔλΛӾཡ͚ͩͰ͖Δɻ ͳͲ੍͕ޚՄೳɻ

  35. AWS Amplify 8&#ͰΞϓϦ࡞ΓࠐΉͱ͖͸"84"NQMJGZ͓͢͢Ίɻ $PHOJUPपลΛطଘϥΠϒϥϦ͕͍Ζ͍ΖରԠͯ͘͠Ε·͢ɻ

  36. ଓ͖͸࠙਌ձͰʂʂ

  37. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠