With our application available on the internet for millions of users to access, it is now more vulnerable than ever to exploitations and cyber attacks like unauthorized access or Distributed Denial-of-Service (DDOS). Security could either make or break our application and it is a topic that we must not ignore. With thousands of user data under our protection, it is up to us to properly safeguard our application. Welcome to part 5 of my 6-part series called Basics of the Basics to AWS, where I introduce you to AWS by breaking it down into smaller digestible concepts related to software development. 

In this article, I will be talking about AWS Security Services. Before we proceed with the services, we’ll be talking about Single-Sign On and DDOS. The services included in this article are Amazon Cognito and AWS Shield. Let’s get started!

Amazon Cognito and AWS Shield

SSO and Amazon Cognito

Since this is a user-driven web application, we will need a way to allow our users to register and log in to our application. Of course, we can create a custom login and registration functionality to our web application. On the contrary, we can also make our lives easier by introducing an SSO. SSO or Single-Sign On is a way for our users to log in to our application without too much hassle. This works by using third-party applications with already well-established log-in databases, such as Google or Facebook. You’ve probably seen this functionality in multiple applications already. Once on the Login page you’ll see a “Log in with Google” or “Continue with Facebook” buttons. This is a Single-Sign On. Now that that’s established, how do we implement a Single-Sign On? Introducing Amazon Cognito, an AWS Service that allows us to add a highly secure user authentication to our Web Application. We can also use Cognito to restrict access to several of our AWS Resources like Lambda Functions and add a Single-Sign On feature.

DDOS and AWS Shield

DDOS Attack

User authentication isn’t the only component we have to secure. The application itself is in a lot of danger, especially now that we’re globally available. Arguably, the most common cyber attack is a DDOS or Distributed Denial-of-Service. This attack launches a lot of bots to send traffic or requests to a single server. This leads to the server being overloaded and not being able to accommodate the actual users of the application, thus the name denial-of-service. To battle these attacks, AWS created AWS Shield. AWS Shield automatically detects DDOS attacks at the network level and automatically blocks these attackers. No more DDOS means more happy customers.

We are now done with the fifth part of our Basics of the Basics to AWS series. In this article, I talked about the concepts of Single-Sign On and DDOS. We also added 2 AWS Services to our toolkit which are Amazon Cognito and AWS Shield. We are now done with building our application but I have a bonus article for you to check out on how we can improve our application with Artificial Intelligence and Machine Learning.