Initial Setup Steps for New API Creators - mac10046/cognito-auth-api-gateway-proxy-service GitHub Wiki

Welcome to the cognito-auth-api-gateway-proxy-service wiki!

Here's a quick guide to install and use this YAML in your API

For New API Creator's:

Step 1: Create a Cognito User pool, copy the User Pool Id, Pool ARN and then App Client ID Step 2: Create a IAM Role for Cognito and API Gateway. Step 3: Replace the Place Holders in this YAML file Step 4: On your AWS Account, Console > API Gateway > Create New API > Import API -> either copy paste the copy or upload the file. Step 5: Ta da!

In depth explanation for each step above:

Cognito Creation in AWS > Console > Open Cognito

Go through each screen shown in creating cognito user pool and make sure this images are referred where required, for every other screen you can opt for options as you like no problem. Dont make a mistake in attribute selection, few settings can not be changed once done.

Select all three checkbox from first Option, Once selected this cannot be changed, thats why first option has more options than the second.

User Attributes

We will be using the admin API of Cognito, So you can select Only Admin can create Users (if you want)

Only Admin can create users

MFA - Keep it Optional(for this YAML to work - If you want MFA then you can contact me for custom support - few changes will be required to be made in this API YAML for that)

MFA Policy

Create a App Client as per this image - App Client Id will be generated after the last submit you do. After that you can copy the App Client ID

App Client to be created for API Gateway to access Cognito

Once you submit and User pool is created you get User Pool Id and ARN - which is required to be copied and used in step 3

User Pool ID

Step 2

Create a AWS Console > IAM > Role, Provide Full Access to API Gateway and Cognito Policies in this ROLE Copy the ROLE ARN for Step 3 ROLE ARN

Step 3 Replace the Actual Value's with Place Holder's as follows

  1. YOUR_API_TITILE => Whatever API Name you wish to provide
  2. IAMROLE => Replace it with New ROLE created (Include the underscore before and after of this placeholder)
  3. REGION => Replace it with AWS Region where you want to created your API - example us-east-1, ap-south-2 (Include the underscore before and after of this placeholder)
  4. ClientId => Replace it with APP Client generated after your Cognito Pool got created (Include the underscore before and after of this placeholder)
  5. UserPoolId => Replace it with User Pool ID (and not with User Pool ARN) (Include the underscore before and after of this placeholder)
  6. USERPOOLARN => Replace it with User Pool ARN (and not with User Pool ID) (Include the underscore before and after of this placeholder)

Step 4 Paste the complete code in AWS Console > API Gateway > REST (build) > Create API Screen

API Gateway Import

and here's a final implemented API seen in your console.

Final Output