I am trying to figure out if this is the "proper"/current/correct flow for developing a user/developer defined login credential for iOS using AWS.
(I am migrating from Parse to AWS so only been reading AWS for a week).
- Download, install, and build an iOS app for registering users (say email and password (this is done and the app shows a UITextField for email and password and accessible in the UIViewController)). Also iOS SDK via Cocoapods is installed and available.
- Create an identity pool with an unauth and auth roles that access the different services. So unauth technically will access what they need. Unauth accesses DynamoDB full access and Cognito. Auth adds in s3 and sns. This is done. Does Lambda needed to be added? (all set up in IAM and Cognito).
- Use Lambda to create functions to be called from the iOS device to see if a user is register in DynamoDB.
- If user is registered and matched against Lambda's call to DynamoDB, use Cognito to switch from unauth role to auth.
- Now user is authenticated and can get access to S3, SNS and other service.
Is there a better way to do this? Is this secure? Have a little trouble with steps 3 to 5.
