Seeking some architectural AWS wisdom there, I'm really lost!
I am currently creating an app using microservices. I am quite struggling regarding architectural choices.
I would like to use AWS Cognito to allow users to sign-up and sign in the "native" way (giving your own e-mail + password + username), as well as with social sign-ins (Google, Facebook, Apple, Amazon).
At first, I wanted to use a DynamoDB table that would be used to enrich my user information with some app-related attributes (like for example friendsList). This is to avoid some troubles enumerated here https://stackoverflow.com/a/54459928/16268050 (lack of flexibility for querying/throttling/Cognito custom attributes)
There would have been a Lambda Post-Confirmation trigger that would copy my user information to my own table.
However, there are some problems related to that approach:
- this lambda trigger doesn't happen on social sign-ins, as the user is already confirmed (afaik).
- when a user updates his credentials, I would use an AppSync graphQL mutation on the user table (as my Cognito user pool would only be used for sign-up/ins for the token generation used by AppSync authorization on every single API calls done). But these changes wouldn't be seen in the Cognito user pool. And if I want to use Amplify to modify those credentials with the Amplify Cognito Auth API, then it is my DynamoDB table that isn't up to date. Maybe I could do the amplify update of the Cognito user pool + an AppSync mutation to the DynamoDB, but that seems kinda hacky. It feels that there would be a lot of problems emerging down the road.
Therefore, knowing that, I decided that I would use the user pool directory from Cognito as my user database (as social sign-ins do put a new entry in the user pool through attributes mapping). The enriching would be in the form of custom attributes and in other microservice databases. Amplify Auth API would be used on the mobile Flutter front-end for native/social sign-ups/sign-ins, password resetting, user attributes updates, verifying attributes, and resending verification codes.
But now my question is how to let the user microservice database (the user pool) asynchronously/synchronously communicate with other microservices databases (a bunch of DynamoDBs) through EventBridge/API Gateway as soon as there is a change that happened in the user pool so that it can reverberate to appropriate databases and vice-versa?
Examples of some of my app microservices to help you have a better understanding:
- Community: used to store/manage friends of users (DynamoDB / Lambdas).
- Workouts: used to store/manage user workout programs (DynamoDB / Lambdas / S3)
- Performance: used to store and aggregate user's workout performances (DynamoDB / Lambdas)
- Users: Cognito user pool for AuthN and AuthZ (through Appsync directives)
I guess (for now) that every partition key of these microservices DynamoDB would be the userId, (I hope this userId given by Cognito user pool is in a form of a GUID, and not a username or e-mail as it would be unique as well)
Lots of questions and a global lack of understanding here. I really hope that you will be able to help me, You may have noticed that I'm kind of lost there. Thanks a lot :)
