Microservices are decoupled, self-contained units, which
makes security pivotal. Two-tier authentication can offer an extra layer of protection.
By integrating both AWS Cognito (for cloud-based authentication) and FAMS (an
on-premises solution), we can create a robust authentication mechanism for such
architectures.
It's a clear separation of concerns, with FAMS focusing on
user identity and Cognito securing your API. This is a valid and robust
approach, particularly if you want to leverage Cognito's capabilities for
managing API access without intertwining it with FAMS.
Two-Tier Authentication in Microservices
Microservices often communicate through APIs. The two tiers
in this setup are:
On-Premises Authentication (e.g., FAMS): Before
accessing cloud-based microservices, authentication through on-prem systems
like FAMS ensures that the initial user or service is validated.
Cloud-Based Authentication (e.g., AWS Cognito): After
the initial validation, Cognito facilitates the subsequent authentication
steps, providing tokens that are required to access microservices' endpoints.
Benefits of Using AWS Cognito with FAMS
·
Seamless Integration: AWS Cognito integrates
well with AWS services and can work in tandem with FAMS for initial
authentication.
·
Token-based security: After initial
authentication with FAMS, Cognito handles token-based authentication for cloud
resources.
·
Flexibility: Offers the ability to switch
between different authentication providers.
Sequence Flow in a Microservices Environment
Conclusion
Two-tier authentication using both FAMS and AWS Cognito
offers a comprehensive authentication strategy for microservices, bridging
on-premises systems and cloud architectures. It ensures that microservices are
only accessed by authenticated clients and services, upholding the principles
of security and integrity.
