Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for kawaji kawaji
May 28, 2019
45
0

 Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Avatar for kawaji

kawaji

May 28, 2019

More Decks by kawaji

See All by kawaji
昔はシンプルだった_AmazonS3
Avatar for kawaji kawaji_scratch
0
410
Amazon Nova シリーズでパワポカラオケしてみた
Avatar for kawaji kawaji_scratch
0
38
re:Invent 2025 から見る 営業が知るべき AWS サービス
Avatar for kawaji kawaji_scratch
0
39
次世代のSageMakerとは
Avatar for kawaji kawaji_scratch
0
130
サーバレスの未来〜The Key to Simplifying Everything〜
Avatar for kawaji kawaji_scratch
3
560
こんなJAWS FESTAはいやだ!
Avatar for kawaji kawaji_scratch
0
140
AWSにおける生成AIと最近のアップデート
Avatar for kawaji kawaji_scratch
0
80
Cookieレスな時代に向けたマーケティング基盤の作り方
Avatar for kawaji kawaji_scratch
0
73
JAWS ミート 2024 LT
Avatar for kawaji kawaji_scratch
0
53

Featured

See All Featured
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
390
The SEO identity crisis: Don't let AI make you average
Avatar for Varn varn
0
470
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
Avatar for David Carrasco davidcarrasco
0
140
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
230
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.9k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
2k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
28
3.5k
Neural Spatial Audio Processing for Sound Field Analysis and Control
Avatar for NII S. Koyama's Lab skoyamalab
0
300
It's Worth the Effort
Avatar for 3n 3n
188
29k
How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today
Avatar for Helen Beal helenjbeal
1
180
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
300
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k

Transcript

  1. CognitoΛར༻ͯ͠ AWSαʔϏε΁ͷΞΫηεݖݶΛί ϯτϩʔϧ͢Δ 2019/5/28 JAWS-UG ໊ݹ԰ ઒࿏ ོٛ

  2. w ॴଐ 
 ༗ݶձࣾεΫϥονιϑτ w ໊લ 
 ઒࿏ོٛʢ͔Θ͡Α͔ͨ͠ʣ w "84ྺ

    
 ̔೥ w ޷͖ͳ"84αʔϏε 
 3PVUFɺ&$4QPU'MFFU"1* w ظ଴͍ͯ͠ΔαʔϏε 
 .BOBHFE#MPDLDIBJO ࣗݾ঺հ !LBXBKJ@TDSBUDI

  3. Cognitoͱ͸ ͳΜ͔ॻ͘ "84#MBDL#FMU0OMJOF4FNJOBS"84$PHOJUPΑΓҾ༻

  4. Ϣʔεέʔε • ։ൃҊ݅ͰϢʔβʔϩάΠϯػೳ͕ඞཁɻ • ೝূج൫ΛࣗલͰ։ൃ͠ͳ͍ํ๏͸ͳ͍͔ʁ

  5. HTMLϕʔεͷ৔߹

  6. ߏ੒

  7. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • ALBΛ༻ҙ͢Δ • ϦεφʔΛઃఆ͢Δ

  8. ΞϓϦΫϥΠΞϯτ

  9. ΞϓϦΫϥΠΞϯτ $PHOJUPΛ*%ϓϩόΠμͱͯ͠ࢦఆ αΠϯΠϯޙʹϦμΠϨΫτ͞ΕΔ63- αΠϯΞ΢τޙʹϦμΠϨΫτ͞ΕΔ63-

  10. Ϧεφʔͷઃఆ σϑΥϧτΞΫγϣϯͰʮೝূʯΛબ୒

  11. Ϧεφʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ࡁΈͷϢʔβʔϓʔϧ ࡞੒ࡁΈͷΞϓϦΫϥΠΞϯτ Ҏ্Ͱɺ&-#΁ϦΫΤετ͕དྷͨ৔߹ʹ$PHOJUPͱ࿈ܞ͢Δ

  12. Ϧεφʔͷઃఆ ೝূࡁΈͷϦΫΤετΛసૹ͢Δઃఆ

  13. Ϧεφʔͷઃఆ "-#ʹઃఆͨ͠"VUP4DBMJOH(SPVQΛࢦఆ

  14. ׬੒Πϝʔδ ϦΫΤετ ϩάΠϯը໘΁ ϦμΠϨΫτࢦࣔ ೝূϦΫΤετ ೝূޙ63-΁ϦμΠϨΫτ 5PLFOݕূ

  15. Cognito͕༻ҙ͢ΔUI αΠϯΠϯը໘ αΠϯΞοϓը໘

  16. ิ଍ ALB͕ϦΫΤετΛͲ͏Validation͢Δ͔ • CookieΛར༻͍ͯ͠Δ 
 AWSELBAuthSessionCookie-0 
 AWSELBAuthSessionCookie-1 • λΠϜΞ΢τ஋ͳͲ΋ࣗ਎ͰมߋՄೳ

  17. SPA 
 ʢγϯάϧϖʔδΞϓϦέʔγϣϯʣ 
 ͷ৔߹

  18. ߏ੒

  19. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

  20. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

    • API୯ҐͰೝՄ৚݅Λઃఆ͢Δ આ໌ࡁΈ

  21. ΦʔιϥΠβʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ͨ͠ϢʔβʔϓʔϧΛબ୒ )551ϔομʹ෇༩͢Δ τʔΫϯͷ໊শ

  22. APIʹ࡞੒ͨ͠ΦʔιϥΠβʔΛઃఆ͢Δ "1*୯ҐͰ੍ޚ͕Մೳɻ (&5͸0, 1045͸/(ͳͲ΋Ͱ͖Δ

  23. ׬੒Πϝʔδ αΠϯΠϯ 5PLFOฦ٫ "1*ݺͼग़͠ 5PLFO෇༩ "1*Ϩεϙϯε 5PLFOݕূ

  24. ิ଍ "1*(BUFXBZ͸ΦʔιϥΠβʔҎ֎ʹ*".ʹΑΔೝ ՄΛαϙʔτ͍ͯ͠Δ

  25. LambdaΛར༻ͯ͠ΧελϚΠζՄೳ

  26. ͜͜·Ͱ͸Cognito UserPoolͷ͓࿩

  27. Amazon Cognito ID ϓʔϧ 
 (ϑΣσϨʔςΟουΞΠσϯςΟςΟ) 
 Λར༻ͯ͠ग़དྷΔ͜ͱ

  28. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯ

    τ৘ใΛIdentityͱͯ͠·ͱΊΔɻ

  29. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ

  30. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ

  31. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ J1IPOFΞϓϦͱBOESPJEΞϓϦͷΞΧ΢ϯτΛ ಺෦Ͱಉ͡ਓͱͯ͠ೝࣝͰ͖Δ

  32. Πϝʔδ

  33. Πϝʔδ

  34. ۩ମྫ • ೝূࡁΈϢʔβʔ͸ࣗ෼ઐ༻ͷόέοτ಺ྖҬ΁ ϑΝΠϧΛΞοϓϩʔυͰ͖Δɻ • ೝূ͞Ε͍ͯͳ͍Ϣʔβʔ͸ɺࢀরݖݶ͚ͩ༩͑Β Ε͓ͯΓσʔλΛӾཡ͚ͩͰ͖Δɻ ͳͲ੍͕ޚՄೳɻ

  35. AWS Amplify 8&#ͰΞϓϦ࡞ΓࠐΉͱ͖͸"84"NQMJGZ͓͢͢Ίɻ $PHOJUPपลΛطଘϥΠϒϥϦ͕͍Ζ͍ΖରԠͯ͘͠Ε·͢ɻ

  36. ଓ͖͸࠙਌ձͰʂʂ

  37. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠