Setup Cognito/ALB Ingress Controller¶
This document describes how to install ALB Ingress Controller with AWS Cognito integration to minimal capacity, other options and or configurations may be required for production, and on an app to app basis.
Assumptions¶
The following assumptions are observed regarding this procedure.
- ExternalDNS is installed to the cluster and will provide a custom URL for your ALB. To setup ExternalDNS refer to the install instructions.
Cognito Configuration¶
Configure Cognito for use with ALB Ingress Controller using the following links with specified caveats.
- Create Cognito user pool
- Configure application integration
- On step 11.c for the
Callback URL
enterhttps://<your-domain>/oauth2/idpresponse
. - On step 11.d for
Allowed OAuth Flows
selectauthorization code grant
and forAllowed OAuth Scopes
selectopenid
.
- On step 11.c for the
ALB Ingress Controller Setup¶
Install the ALB Ingress Controller using the install instructions with the following caveats.
- When setting up IAM Role Permissions, add the
cognito-idp:DescribeUserPoolClient
permission to the example policy.
Deploying an Ingress¶
Using the cognito-ingress-template you can fill in the <required>
variables to create an ALB ingress connected to your Cognito user pool for authentication.