-1

I'm considering AWS IAM vs usual ACL (django-guardian, passport.js, ...) to manage permissions and monitor the costs per user on my current project.

I wonder if IAM can be used to manage authorization of the application users or if it is only aimed to the developer team ?

Is there some examples of people using it this way on a regular basis ? Is it a good practice ? Will there be some caveats or hard limitations? (if you've experience it)

I already found this 2 years old answer : Should you use AWS IAM roles and permission for application users? but it lacked a return of experience on this question

Raymos
  • 3
  • 1
  • The answer to the question you linked is very clear. What does "It lacked a return of experience" mean exactly? That answer is still correct today. – Mark B Oct 23 '17 at 18:50
  • Hello Mark, I would like to know on which parameter can i consider if a use case is better suited to IAM or to an app ACL – Raymos Oct 23 '17 at 20:12

2 Answers2

1

You can use AWS Cognito UserPools with Users and Groups feature to handle both authentication and authorization of your web application.

For more information refer the Amazon Cognito Groups and Fine-Grained Role-Based Access Control blog post by AWS.

IAM is mainly built to provide authentication and authorization to AWS Services but not for web application. Because of this, it will become challenging to use IAM for web application authentication and authorization.

Ashan
  • 18,898
  • 4
  • 47
  • 67
  • I thought Cognito was an authentication tool, i'm looking for an authorization tool – Raymos Oct 23 '17 at 20:10
  • Both authentication and authorization can be achieved with the new feature they have introduced called users and groups. – Ashan Oct 23 '17 at 20:20
0

I recommend AWS Cognito instead.

IAM is suited better for developers and applications/services.

Tanbouz
  • 389
  • 3
  • 5