9

I have a Jhipster application that is authenticated with the Amazon Cognito. The users that can access this application are those that dont have access to the AWS Resources therefore I moved with user pools instead of Identity pools. Please let me know on how to assign roles that are not related to the Amazon IAM cause wherever I refer to roles in cognito all are mentioning the following website Link Here

Please let me know on an alternative way I can maintain roles

prashant s
  • 148
  • 1
  • 1
  • 9
  • how did you get a Jhipster application that is authenticated with the Amazon Cognito? That is what I would like to do. Is it working well for you? – KingAndrew Dec 06 '19 at 23:20
  • @KingAndrew You can do it , when you create a jhipster application it will ask whether you want to create application with oauth2 implementation. But issue was that the implementaion generated by jhipster is basically for okta and cognito has no role concept in it . ACL needs to be implemented by ourselves. – prashant s Dec 12 '19 at 07:27

1 Answers1

14

You can use Groups for Cognito User Pools to establish a minimalistic Role-Based-Access-Control. Since the cognito groups can be found in the JWT, you can handle your users depending on the group they are in:

"cognito:groups": [
  "Admin",
  "User"
]

A user can be in one or more group (AWS hard limit: 25) and you can have up to 500 groups for each User Pool. For more information please look at: Limits in Amazon Cognito

Additionally, each group must have an IAM role. You can specify the permissions for the user there or just handle it with different groups.

James Kingsbery
  • 7,298
  • 2
  • 38
  • 67
Quappinger
  • 198
  • 2
  • 9
  • I have already managed to use the groups functionality , I was wondering if there is a possibilty to pass granted Authority setup from cognito to the jhipster application, because by default jhipster looks into the granted Authority Attribute of the Auth token to manage roles – prashant s Sep 09 '19 at 05:55
  • 1
    The limit of Cognito groups per user has been increased to 100. This is still a hard limit unfortunately. – Craig Watkinson Aug 17 '20 at 09:36
  • 2
    @Quappinger can we implement Access Control List for our custom app with AWS congito? or it is only for IAM and AWS resources access? – Mohsin Saeed Jul 24 '21 at 20:37
  • 1
    @MohsinSaeed From whatever i understood from the documentation it is associated with the IAM roles. kindly correct me if I am wrong – prashant s Sep 22 '21 at 04:48