I have AWS K8s cluster(EKS) and I want to use AWS API gateway to protect endpoints and separate authorization logic from microservices. I need to have 2 authentication schemas:
- Send login/password and get JWT
- OAuth2
There is an integration between API gateway and K8s cluster via ALB Ingress Controller. It looks fine. Then I need to authenticate somehow. AWS provides Cognito as a service to manage users and the possibility to have your own identity provider. I know that we can integrate API gateway authorizer with Cognito, but I can't understand the following things:
- How to integrate Cognito with already existed LDAP for example? (SAML?)
- Can I use my own already created OAuth2 authentication endpoint?
- How Can I authenticate with login/password and retrieve JWT using API gateway+Cognito?