I am making a web application. (Angular 2 on S3 and the API in lambda via the API gateway). For authentication, I played both with cognito and with a special authorizer (I configured my authentication to work with Google and Facebook using a special authorized and cognitive). In the case of a user authorizer, I pass the token through the authroization header, and my user authorizer checks it.
I am looking for advice on which I should go further and what are their pros and cons. I would have thought that:
AWS cognito:
Arguments
- The AWS SDK handles everything for you, and you cannot go wrong with the authentication process.
- Exact access control for AWS resources through IAM.
- Authentication does not require an additional lambda function before each API.
against
- You must use the AWS SDK specifically on the client side. Programmers should add this to their toolchain and use it in the development process. Adds extra complexity.
- Clear control over access to resources is not really required, because access to the API gateway requires only access.
User authorizer
Arguments
- You may have an authentication mechanism the way you want it. Ultimate authentication and authorization control.
- You can configure the API to a standard token (JWT), and the flow for developers will remain the same. No additional consideration for the AWS SDK.
against
- Authentication requires a lot of thought and effort to create.
- Chances of the absence of some important aspects are always present.
- . , Amazon .
, , . .
PS: , , , , .