(Originally published elsewhere in 2018), AWS Cognito User Pools, Lambda and Box integration example

Where are the AWS CloudFront Lambda@Edge logs and metrics?

I had a use case I wanted to try out and stood up an AWS Cognito user pool with 2 Lambda functions connecting to a box app using box sample code[1]. The process was simple and I managed to stand up the site really quickly, thus very impressed - I’d been keen on using Cognito for a while as an identity pool, and only created my AWS account the day before so all in all a great experience.

Here’s what the solution would look like:

20180328AWScognitoboxapparchitecture - Architect Forward (architectFWD™)

Cognito

I created a sign in / sign up policy similar to the B2C and the pool config was really easy. I created and linked up a box.com app.

20180328Screenshot-170318-12_12_01 - Architect Forward (architectFWD™)

20180328Screenshot-170318-11_40_45 - Architect Forward (architectFWD™)

I was then tasked with the box-specific lambda functions for post authentication and for creating the user in box. Lambda 2 Lambda and a couple of roles later and I was connected up. I used a sample angular app, wired up the AWS and box config and was A for away, except I had to increase the one of the function’s timeout to 5 seconds once I stood up the angular app in Azure, it kept timing out. Cognito User Pool Lambda functions must respond within 5 seconds, not configurable.

20180328Screenshot-170318-11_44_29- Architect Forward (architectFWD™)

I also needed to create roles for the Cognito and Lambda integration, specifically the first needed to be a service role, specifically a AWS lambda basic execution role. It probably needs Log policies. The second role needed a little more:

20180328Screenshot-170318-11_53_10- Architect Forward (architectFWD™)

An API gateway was needed for lambda proxying to the token exchange function with box

20180328Screenshot-170318-11_54_54- Architect Forward (architectFWD™)

I also needed an authorizer for the Cognito pools

20180328Screenshot-170318-11_56_49- Architect Forward (architectFWD™)

CORS

CORS was a nuisance, I ended up writing headers back in all responses, just couldn’t get it to work otherwise. the origin should not be a *, I know. I’ll fix that, any anyway the box.com app config provides one more CORS setting which is tied to the correct domain.

20180328Screenshot-170318-11_59_41- Architect Forward (architectFWD™)

Working app

It helped that I had some sample code from box. With all this configured I have a custom user pool of users who each get their own folder in a box.com instance where they can upload documents to.

I stood this up in an evening, really impressed by the AWS Cognito User Pool service and the simplicity of the interfaces. The lambda interface is awesome to use. Box.com app config is simple, and I am a long time box.com user so I think their user experience is great in general.

Closing

I want to spend more time with AWS. I may continue with the Azure B2C as exploratory and rather throw my efforts in this direction.

References

[1] box samples on github

Architect Forward (architectFWD™) ** *Originally published elsewhere on 08 July, 2019.

Quintes van Aswegen

Quintes van Aswegen

24+ years experience in solving business problems and maximising opportunities through technology in a variety of industries, public and private sector internationally. I founded architectFWD™ to provide knowledge and trusted advice in the areas of strategy, technology, cloud and digital to enable organisations to become Digital Leaders.