Aws Cognito Service Placement Advice

1
votes

I have moved my microservices behind AWS Api Gateway and have secured it with oAuth 2.0 using AWS Cognito, As per my implementation the client first have to call the cognito url to get the access token, then they will call Api Gateway with the access token to reach till the desired service. My question is that, should i also move cognito service behind Api Gateway or should i leave it as is, what would be better both in terms of billing and security. Expert Advice required.

This is my first implementation with Aws so please bear with me if the questions sounds stupid.

1
amazon-web-servicesaws-api-gatewayamazon-cognito

1 Answers

1
votes

AWS has a blogpost where they explore a Cognito setup combined with API Gateway. You can read it here. This image is an excerpt of that blogpost:

enter image description here

As you can see, the Cognito infrastructure is not placed behind the API Gateway, but rather in front of it. A good reason for this is to not incur charges for API Gateway when your users are not even able to pass through cognito.

But, this is not a rule. API Gateway offers advantages that could make your life easier, as the OP has pointed out. For instance, API Gateway can impose rate limiting, next to other features.