How to make relationship between Amazon Cognito and other microservice?

2
votes

I am new to AWS and making some large application with microservice architecture. I am using Cognito user + identity pools for authorization. Organizations have branches, branches have positions, e.g Project Manager, Financial Manager, and a user belong to one of these branches and positions. Users are stored in the Cognito User Pool. I've EC2 and RDS for organization microservice and I'm going to use AWS API gateway with IAM Role-Based Access Control to communicate between microservices but how can I make a relationship between the organization and user microservices?

I was going to use Cognito custom attributes, e.g custom:branch=branchId but if I needed to get the users of this branch that would be impossible. From Cognito docs:

Custom attributes are not searchable.

Should I use DynamoDB table, for relation cognito_user_id | branch_id, or what's the better approach?

How to get single branch users, how to get single organization users and where to write this code ? AWS lambda with DynamoDB ?

1
amazon-web-servicesmicroservicesaws-api-gatewayamazon-cognito

1 Answers

0
votes

If you have no restriction to add table on RDS at organization micro-service, I will say do not use dynamodb as it is an extra component and your system supports relational better than NoSQL. Besides, one more prerequisite for dynamodb is one must be aware of data access pattern.

Create Organizations and Branchs table having one-to-many relation as seperate micro-service. User will be assigned to Branch.

You should write those shared logic to lambda as a service and that lambda will be called by both org and user services. I know that will cost extra integration effort. However, it is far better than adding new service like dynamodb.