ReadWrite
paint-brush
Automate Infrastructure and Secure Your App with Terraform and Cognitoby@bukolasobowale
443 reads
443 reads

Automate Infrastructure and Secure Your App with Terraform and Cognito

by Bukola SobowaleJanuary 25th, 2025
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Terraform is an open-source tool that allows you to define and provision infrastructure using code.
featured image - Automate Infrastructure and Secure Your App with Terraform and Cognito
Bukola Sobowale HackerNoon profile picture

Terraform is an open-source tool that allows you to define and provision infrastructure using code. It allows you to describe the desired state of your infrastructure, and Terraform figures out how to achieve it. This enables you to automate infrastructure provisioning, manage complex environments efficiently, and collaborate effectively with your team.


Amazon Cognito is an AWS service that simplifies user authentication and authorisation for your web and mobile applications. It manages user sign-up, sign-in, and data securely, allowing you to focus on building your core application features. Cognito also provides features like multi-factor authentication and integration with social identity providers, enhancing the security and convenience of your user experience.

Infrastructure as code (IaC)

Infrastructure as code (IaC) is a practice where infrastructure and services are defined and provisioned through code instead of manual processes. This approach allows you to manage and automate the creation, configuration, and updates of your infrastructure resources like servers, networks, and storage. IaC enables consistency, repeatability, and version control for your infrastructure, making it easier to manage and scale your systems. There are a couple of other tools that currently help with IaC; these include:


  • AWS CloudFormation

  • Ansible

  • Puppet

  • Chef


In this tutorial, we aim to create an AWS Cognito user pool manually through the AWS web interface and also create a similar user pool with Terraform. This is generally a beginner’s introduction to how Terraform can help automate the creation of resources on AWS programmatically.


Manual setup of AWS Cognito

We will be creating an AWS Cognito user pool with the AWS console as follows:

  • Sign in to the AWS console.

  • Search for Cognito in the top left bar for services.

  • Create the user pool through the AWS Console user interface


The manual creation process is as shown below:


You should notice I added some attributes as required for sign-up (email, family_name, given_name). We have just created an AWS Cognito user pool that provides an authentication service for any web or mobile application.

Installation of Terraform

To install Terraform on your operating system, follow the installation guide here:

AWS Configuration

Check if you have configured AWS on your device before using the command below:

aws sts get-caller-identity

If you do not have any configured AWS credentials on your device as shown above, set up an AWS profile on your device using the command:

aws configure

If you do not currently have access keys configured for your account, follow the guide here to create the needed keys.

You will need to enter the following to configure your device profile:

  • Access Key ID
  • Secret Access Key
  • Default region (e.g., us-east-1)
  • Output format (e.g., json)


After you are done with the terminal prompt, run aws sts get-caller-identityagain and ensure it returns your AWS profile identity.

Terraform script

Create a folder AMAZON-TERRAFORM-COGNITO for the Terraform script and configuration files.


Create a file main.tf in your newly created folder.

provider "aws" {
  region = "us-east-1" # Replace with your desired AWS region
}

# Create a Cognito User Pool
resource "aws_cognito_user_pool" "main" {
  name = "terraform-user-pool"

  # Custom attributes with shorter names
  schema {
    name = "custom:lang"
    attribute_data_type = "String"
    mutable = true
    required = false
    string_attribute_constraints {
      max_length = 10
      min_length = 2
    }
  }

  schema {
    name = "custom:status"
    attribute_data_type = "String"
    mutable = true
    required = false
    string_attribute_constraints {
      max_length = 20
      min_length = 5
    }
  }

  # Standard attributes
  schema {
    name = "email"
    attribute_data_type = "String"
    mutable = true
    required = true
  }

  schema {
    name = "family_name"
    attribute_data_type = "String"
    mutable = true
    required = true
  }

  schema {
    name = "given_name"
    attribute_data_type = "String"
    mutable = true
    required = true
  }


  # Password policy
  password_policy {
    minimum_length = 8
    require_lowercase = true
    require_uppercase = true
    require_numbers   = true
    require_symbols   = true
  }

  # Tags for resources
  tags = {
    Environment = "dev"
  }
}

# Create a User Pool Client
resource "aws_cognito_user_pool_client" "main" {
  name              = "terraform-user-pool-client"
  user_pool_id      = aws_cognito_user_pool.main.id
  generate_secret   = false
  explicit_auth_flows = [
    "ALLOW_USER_PASSWORD_AUTH",
    "ALLOW_REFRESH_TOKEN_AUTH",
    "ALLOW_CUSTOM_AUTH",
    "ALLOW_USER_SRP_AUTH"
  ]
}

# Output User Pool and Client IDs
output "user_pool_id" {
  value = aws_cognito_user_pool.main.id
}

output "user_pool_client_id" {
  value = aws_cognito_user_pool_client.main.id
}

Open a terminal in the current working directory and run the three terminal commands as shown below:


Command:


terraform init


Result:


Command:


terraform plan -out=tfplan


Result:


Command:


 terraform apply tfplan


Result:



Visit your Amazon Cognito page on the console and observe the new terraform-user-pool you created with Terraform. You have been able to successfully provision a Cognito service without doing it manually through the AWS console!


Imagine configuring the over 200 Amazon Web Services with Infrastructure as Code. Terraform can handle complex scenarios like multi-region deployments, intricate networking topologies, and serverless architectures. It integrates seamlessly with CI/CD pipelines and leverages advanced features like modules and workspaces for efficient infrastructure management. By utilising Terraform's capabilities, we can automate complex deployments, ensure consistency, and enhance the reliability of our AWS infrastructure.


If you've followed this tutorial to this point, congratulations! You've successfully provisioned an AWS Cognito service using Terraform. Keep exploring Terraform’s capabilities to further enhance your cloud infrastructure, and don’t hesitate to experiment as you refine your skills. Happy provisioning!

Miro-Prog
L O A D I N G
. . . comments & more!

About Author

Bukola Sobowale HackerNoon profile picture
Bukola Sobowale@bukolasobowale
Senior Software Engineer with experience in logistics, edtech, healthtech, and blockchain industries
Read my storiesLearn More

TOPICS

purcat-imgprogramming #terraform #aws-services #cloud-infrastructure #aws-cognito #web-development #infrastructure-as-code #aws-cloudformation #ansible

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader Terminal
Read this story w/o Javascript Lite
Also published here
Hackernoon
Bsky

RELATED STORIES

Article Thumbnail
How I Spend Less Than $50 on Running My Entire Web Stack
by bukolasobowale
Jan 25, 2025
#open-source
Article Thumbnail
Understanding sync.Cond in Go: A Guide for Beginner's
by ivanlemeshev
Apr 28, 2024
#go
Article Thumbnail
How I Spend Less Than $50 on Running My Entire Web Stack
by bukolasobowale
Jan 25, 2025
#open-source
Article Thumbnail
Build Your Own RAG App: A Step-by-Step Guide to Setup LLM locally using Ollama, Python, and ChromaDB
by nassermaronie
Jul 04, 2024
#rag-architecture
Article Thumbnail
A Little Hashicorp Vault introduction:
by garciaj.uk
Sep 29, 2016
#aws
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas