Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Avatar for kawaji kawaji
May 28, 2019
0
40

 Cognitoを利用してAWSサービスへのアクセス権限をコントロールする

Avatar for kawaji

kawaji

May 28, 2019
Tweet

More Decks by kawaji

See All by kawaji
次世代のSageMakerとは
Avatar for kawaji kawaji_scratch
0
67
サーバレスの未来〜The Key to Simplifying Everything〜
Avatar for kawaji kawaji_scratch
3
470
こんなJAWS FESTAはいやだ!
Avatar for kawaji kawaji_scratch
0
80
AWSにおける生成AIと最近のアップデート
Avatar for kawaji kawaji_scratch
0
42
Cookieレスな時代に向けたマーケティング基盤の作り方
Avatar for kawaji kawaji_scratch
0
37
JAWS ミート 2024 LT
Avatar for kawaji kawaji_scratch
0
22
Agents for Amazon Bedrockで美味しいパンを購入したい
Avatar for kawaji kawaji_scratch
0
62
JAWSUG Nagoya AWSコンテナサービス概要
Avatar for kawaji kawaji_scratch
0
51
未来の技術、現在の現実〜サーバーレスとGen AIの交差点〜
Avatar for kawaji kawaji_scratch
0
41

Featured

See All Featured
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.5k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
107
19k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
10
660

Transcript

  1. CognitoΛར༻ͯ͠ AWSαʔϏε΁ͷΞΫηεݖݶΛί ϯτϩʔϧ͢Δ 2019/5/28 JAWS-UG ໊ݹ԰ ઒࿏ ོٛ

  2. w ॴଐ 
 ༗ݶձࣾεΫϥονιϑτ w ໊લ 
 ઒࿏ོٛʢ͔Θ͡Α͔ͨ͠ʣ w "84ྺ

    
 ̔೥ w ޷͖ͳ"84αʔϏε 
 3PVUFɺ&$4QPU'MFFU"1* w ظ଴͍ͯ͠ΔαʔϏε 
 .BOBHFE#MPDLDIBJO ࣗݾ঺հ !LBXBKJ@TDSBUDI

  3. Cognitoͱ͸ ͳΜ͔ॻ͘ "84#MBDL#FMU0OMJOF4FNJOBS"84$PHOJUPΑΓҾ༻

  4. Ϣʔεέʔε • ։ൃҊ݅ͰϢʔβʔϩάΠϯػೳ͕ඞཁɻ • ೝূج൫ΛࣗલͰ։ൃ͠ͳ͍ํ๏͸ͳ͍͔ʁ

  5. HTMLϕʔεͷ৔߹

  6. ߏ੒

  7. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • ALBΛ༻ҙ͢Δ • ϦεφʔΛઃఆ͢Δ

  8. ΞϓϦΫϥΠΞϯτ

  9. ΞϓϦΫϥΠΞϯτ $PHOJUPΛ*%ϓϩόΠμͱͯ͠ࢦఆ αΠϯΠϯޙʹϦμΠϨΫτ͞ΕΔ63- αΠϯΞ΢τޙʹϦμΠϨΫτ͞ΕΔ63-

  10. Ϧεφʔͷઃఆ σϑΥϧτΞΫγϣϯͰʮೝূʯΛબ୒

  11. Ϧεφʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ࡁΈͷϢʔβʔϓʔϧ ࡞੒ࡁΈͷΞϓϦΫϥΠΞϯτ Ҏ্Ͱɺ&-#΁ϦΫΤετ͕དྷͨ৔߹ʹ$PHOJUPͱ࿈ܞ͢Δ

  12. Ϧεφʔͷઃఆ ೝূࡁΈͷϦΫΤετΛసૹ͢Δઃఆ

  13. Ϧεφʔͷઃఆ "-#ʹઃఆͨ͠"VUP4DBMJOH(SPVQΛࢦఆ

  14. ׬੒Πϝʔδ ϦΫΤετ ϩάΠϯը໘΁ ϦμΠϨΫτࢦࣔ ೝূϦΫΤετ ೝূޙ63-΁ϦμΠϨΫτ 5PLFOݕূ

  15. Cognito͕༻ҙ͢ΔUI αΠϯΠϯը໘ αΠϯΞοϓը໘

  16. ิ଍ ALB͕ϦΫΤετΛͲ͏Validation͢Δ͔ • CookieΛར༻͍ͯ͠Δ 
 AWSELBAuthSessionCookie-0 
 AWSELBAuthSessionCookie-1 • λΠϜΞ΢τ஋ͳͲ΋ࣗ਎ͰมߋՄೳ

  17. SPA 
 ʢγϯάϧϖʔδΞϓϦέʔγϣϯʣ 
 ͷ৔߹

  18. ߏ੒

  19. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

  20. ͬ͘͟Γखॱ • Cognito UserPoolΛ༻ҙ͢Δ • ΫϥΠΞϯτΞϓϦΛઃఆ͢Δ • APIGatewayΛ༻ҙ͢Δ • ΦʔιϥΠβʔΛઃఆ͢Δ

    • API୯ҐͰೝՄ৚݅Λઃఆ͢Δ આ໌ࡁΈ

  21. ΦʔιϥΠβʔͷઃఆ $PHOJUPΛબ୒ ࡞੒ͨ͠ϢʔβʔϓʔϧΛબ୒ )551ϔομʹ෇༩͢Δ τʔΫϯͷ໊শ

  22. APIʹ࡞੒ͨ͠ΦʔιϥΠβʔΛઃఆ͢Δ "1*୯ҐͰ੍ޚ͕Մೳɻ (&5͸0, 1045͸/(ͳͲ΋Ͱ͖Δ

  23. ׬੒Πϝʔδ αΠϯΠϯ 5PLFOฦ٫ "1*ݺͼग़͠ 5PLFO෇༩ "1*Ϩεϙϯε 5PLFOݕূ

  24. ิ଍ "1*(BUFXBZ͸ΦʔιϥΠβʔҎ֎ʹ*".ʹΑΔೝ ՄΛαϙʔτ͍ͯ͠Δ

  25. LambdaΛར༻ͯ͠ΧελϚΠζՄೳ

  26. ͜͜·Ͱ͸Cognito UserPoolͷ͓࿩

  27. Amazon Cognito ID ϓʔϧ 
 (ϑΣσϨʔςΟουΞΠσϯςΟςΟ) 
 Λར༻ͯ͠ग़དྷΔ͜ͱ

  28. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯ

    τ৘ใΛIdentityͱͯ͠·ͱΊΔɻ

  29. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ

  30. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ

  31. • AWSϦιʔεΞΫηε༻ͷTemporary CredentialsΛ෷͍ग़͢ɻ • ೝূ͸֎෦Identity Provider౳ʹҠৡՄೳɻ • Ұਓͷਓ͕ؒ࣋ͭෳ਺ͷIdentity ProviderͷΞΧ΢ϯτ৘ใΛ Identityͱͯ͠·ͱΊΔɻ

    Ұ࣌తͳݖݶΛ෷͍ग़͢͜ͱʹΑΓΞϓϦ͔Β"84αʔϏε ΁ΞΫηεՄೳʹ 'BDFCPPL (PPHMFͳͲ$PHOJUPҎ֎ͷ*E1Λར༻Մೳɻ "VUIͱ͔ݴͬͱ͚͹ࠓ೔͸ਖ਼ղʁ J1IPOFΞϓϦͱBOESPJEΞϓϦͷΞΧ΢ϯτΛ ಺෦Ͱಉ͡ਓͱͯ͠ೝࣝͰ͖Δ

  32. Πϝʔδ

  33. Πϝʔδ

  34. ۩ମྫ • ೝূࡁΈϢʔβʔ͸ࣗ෼ઐ༻ͷόέοτ಺ྖҬ΁ ϑΝΠϧΛΞοϓϩʔυͰ͖Δɻ • ೝূ͞Ε͍ͯͳ͍Ϣʔβʔ͸ɺࢀরݖݶ͚ͩ༩͑Β Ε͓ͯΓσʔλΛӾཡ͚ͩͰ͖Δɻ ͳͲ੍͕ޚՄೳɻ

  35. AWS Amplify 8&#ͰΞϓϦ࡞ΓࠐΉͱ͖͸"84"NQMJGZ͓͢͢Ίɻ $PHOJUPपลΛطଘϥΠϒϥϦ͕͍Ζ͍ΖରԠͯ͘͠Ε·͢ɻ

  36. ଓ͖͸࠙਌ձͰʂʂ

  37. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠