Instead of trying to remember which checkboxes you selected in the AWS Console, implementing Amazon Cognito As a Service allows you to version manage the entire life-cycle of your service.
If you are reading this, you have most likely spent time with Amazon Cognito. If so, you have probably completed your proof-of-concept work and are ready to fully implement this authentication, authorization, and user management service. But managing any service in the AWS Console can be tedious and even worse, error-prone. Amazon Cognito As a Service allows you to provision everything in version managed code.
To date, the best tool I am aware of to accomplish this goal is the serverless framework. If needed, you can find more helpful articles about the serverless framework here on this blog.
In this article I will show you how to provision Amazon Cognito As a Service so that you can deploy it with the serverless framework. The good news is: it is super easy. We can provision Amazon Cognito As a Service with fewer than 25 lines of code in a serverless.yml file.
The Service and Provider Sections of serverless.yml
In the example code above, we have everything needed in order to provision Amazon Cognito As a Service. Lines 1-5 are pretty standard; we name the service, and then indicate that the provider is AWS and set up the stage property. You can specify the value of the stage property when you deploy your service via a command line flag. If you do not provide this flag, the default value of “dev” will be used.
The Custom Section of serverless.yml
Lines 7-9 contain our custom section. You may be thinking that this section is over-engineered as we only reference the custom.COGNITO_USER_POOL & custom.COGNITO_CLIENT properties once. This makes perfect sense and you are wise to have noticed this. However, there is a reason why these properties have been set. Although we only reference them once, these properties are exactly the kind of values that are typically referenced multiple times in a serverless.yml file. As soon as you move into intermediate to advanced serverless.yml configurations, you will find yourself referencing these kinds of properties several, if not many times. The way we have done this is a common pattern and it’s recommended.
The Resources Section of serverless.yml
Creating the Cognito User Pool
Lines 11-18 are where the real action starts; we define our Cognito User Pool. There are two things to note. First, we reference the custom.COGNITO_USER_POOL property in order to specify the name for our user pool. Also, on lines 17 and 18, we specify that all verifications will be done via email. This means that when the user registers or needs a password reset, they will be asked to confirm by providing a code that is sent to the specified email address.
Creating the Cognito User Pool Client
Lines 19-24 are where we define our Cognito User Pool Client. Notice that on line 22, we reference self:custom.COGNITO_CLIENT in order to set the client name. Also, in order to tie this User Pool Client to the User Pool that we just created, we reference CognitoUserPool on line 24, in order to set the UserPoolId.
Deploying Your Amazon Cognito Service
In order to deploy our Amazon Cognito service we need to take the following steps:
- Open your terminal application
- Move into the same folder as your serverless.yml File
- Run the command: sls deploy -s dev (If you omit the “-s” flag, the default value of “dev” will be used)
- Go to console.aws.amazon.com/cognito
- Click the icon for your user pool
- You will see your user pool and user pool client as defined in serverless.yml
Removing Your Amazon Cognito service
In order to remove our Amazon Cognito service we need to take the following steps:
- Open your terminal application
- Move into the same folder as your serverless.yml file
- Run the command: sls remove -s dev (If you omit the “-s” flag, the default value of “dev” will be used)
- Go to console.aws.amazon.com/cognito
- You will see that your user pool no longer exists
Summary
While 25 lines of code may not seem like much, we have accomplished much here. With minimal effort, we were able to provision Amazon Cognito as a service. We have only scratched the surface here and there are plenty of Amazon Cognito features that we did not leverage. But importantly, we have provisioned and deployed Amazon Cognito as a service. Our service is version controlled and works exactly as expected. Mission accomplished.
I hope that you have enjoyed reading about Amazon Cognito as a service and have learned something new. If you have and it has made your coding easier and more efficient, please share this article on Facebook and Twitter.
