I have few services deployed on a EKS cluster, and they are all accessible through a single load balancer created by AWS Load Balancer Controller with different hostnames. Like,
svc1.example.com
svc2.example.com
svc3.example.com
Now, I wanna add a authentication at load balancer level. Everyone need to go through the authentication before accessing all the services defined under the same Ingress and Load Balancer, so I chose AWS Cognito.
I read this tutorial on integrating AWS Cognito to Application Load Balancer of EKS.
I know I have to create a user pool for user information, and a app client to handle the operations. But I got confused while configuring callback URL of the app client. According to here, a callback URL indicates where the user will be redirected after a successful sign-in. I have multiple hostnames under the same Ingress pointing to different services. How should I configure the callback URL?
I am not sure if my understanding to callback URL is correct. If I use svc1.example.com as the callback URL, it won't return to svc2.example.com while I am actually accessing to svc2.example.com.
I thought about creating multiple app clients with corresponding callback URL for each service, but as I can only apply global annotation for the ingress instead of per path, and only one app client can be specified at the ingress annotation, it doesn't look fit to my case.
Given that I have to use same Ingress and Load Balancer to control the incoming traffic to all services, how should I setup the Cognito App Client? Is the callback URL possible to be setup as original URL?
