On my post called Secure API Gateway with Amazon Cognito using SAM I talked about different Auth terms and walked through a setup to use the Client Credentials Flow, but Cognito recently introduced pricing changes for machine-to-machine authentication that will make this cost us and my main goal is to do this while staying in the free tier for personal projects that will not be generating any income. That is why in this post I am going to setup Amazon Cognito using a different flow called user…

When you have CI/CD pipelines that run automated tests against your APIs you might need to dynamically create users in Amazon Cognito to run them. If that is the case you are in the right place. In this post we’ll be going over what you need to do to create a valid user in Cognito to be used by your automation.

I create a lot of APIs, these are for blog posts, for playing around with new functionality or tools that I’ve created for myself. All of these have been created without authentication in place. Not securing APIs can create data exposures for you, but it can also pose a financial risk to your accounts if a malicious user gets your endpoints. This is why I want to secure any API I create but I want this to be with minimal setup so that it’s simple to replicate many times.

When you create a new AWS account it will create a root user with the email and password used to create it. The simplest thing to do is to use that user for everyday tasks. We will be looking at why you shouldn’t do that and the configuration necessary to secure your account.