Moped Documentation
  • Welcome 👋
  • User Guides
    • Getting started
    • Map a project
  • Product Management
    • User communication
    • User management
    • User analytics
    • Local testing
    • Release process
    • Patch release process
    • MUI X Pro License
    • Integrations
      • Dataset documentation
      • ArcGIS Online
      • eCapris
      • Power BI
    • Features
  • Dev Guides
    • DB Docs & Data dictionary
    • Database backup policy
    • Moped Read Replica
    • How-to's
      • How do I start the Hasura cluster locally?
      • How do I launch the Hasura Console?
      • How do I get a JWT token?
      • How to ping the GraphQL API
      • How to ping the REST API
      • How do I connect a database with Postgres GUIs?
      • How do I connect to the RDS instance?
      • How to load production data into a local instance
      • How do I update seed data?
    • Hasura
      • Hasura Roles
      • Hasura Migrations
        • Getting Started
        • Installing the Hasura CLI
        • Configuration Files
        • Hasura Migration Principles
        • The Migration file format
        • Development
        • Hasura Seed Data
        • Running the Hasura Cluster Locally (video)
        • Create a migration: Exercise 1 (video)
        • Create a migration: Exercise 2 (video)
        • Latest hasura-cluster features
    • User Management
    • Authentication
      • Authentication Architecture
      • DynamoDB & Cognito
      • Secrets Manager & Cognito
      • Hasura & Cognito
      • React & Cognito
      • Flask API & Cognito
      • Single Sign-On with CTM
    • Code organization
    • API
      • Configuration Files
      • Testing
      • User Management API
    • Maps and geospatial data
      • Access tokens and API keys
      • Map libraries
      • Map data
      • Map styles
      • Map layers and basemaps
      • React patterns
      • V1 Archive
        • Map libraries
        • Map data
        • Map custom hooks
        • Map styles
        • Map layers and basemaps
    • UI access control
    • Design system
      • Branding
      • Component styles
      • Text content
    • Activity Log
      • Architecture
      • GitHub Actions and Deployment of Updates
      • Hasura Event Logs and Truncate Cron Job
      • Authentication
  • See also
  • Get Moped support, report a bug, or request an enhancement
  • Data & Technology Services
  • Github repository
Powered by GitBook
On this page
  • User ID
  • Claims
  • Goals
  • Architecture
  • Architecture flow
  • Deployment strategy
  • SLA
  • Action Items
  • References and documentation

Was this helpful?

  1. Dev Guides
  2. Authentication

DynamoDB & Cognito

PreviousAuthentication ArchitectureNextSecrets Manager & Cognito

Last updated 4 years ago

Was this helpful?

DynamoDB is a serverless NoSQL database that requires traffic limits provisioning. It’s called that way because it dynamically shards tables based on a proprietary algorithm that hashes a primary key, and distributes the data to a cluster. A successful primary key strategy involves randomizing as much as possible the key and avoid sequences.

You can access DynamoDB in this link:

The tables we created for cognito are extremely simple. Currently, we only have need for at least two fields:

  • User ID (string uuid)

  • Claims (string)

User ID

Claims

The claims in plain text for a user looks like this:

{
    "x-hasura-default-role": "user",
    "x-hasura-allowed-roles": ["user"],
}

The value of this JSON string is completely trivial to DynamoDB, meaning it does not care what is stored there or if it is valid. It only cares if there is a claims column and if the value is a string.

Diagram owner

Team

  • @ Team member

Informed

  • @ Stakeholder

  • @ Stakeholder

Status

Last date updated

e.g.,24 Sep 2020

On this page

Name

Description

Operational Excellence

The ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Security

The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reliability

The ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Performance Efficiency

The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve

Cost Optimization

The ability to run systems to deliver business value at the lowest price point.

note

Goals

  • Storing the token Claims for every individual user

  • Storing the claims safely and not in plain text (keeping them encrypted)

  • Serverless access to those claims for Cognito

Architecture

There is no grand architecture in this space; however, a user pool uuid maps directly to the user_id column in the dynamo db table.

Architecture flow

There are currently two tables in DynamoDB for the use of Cognito

  1. atd-moped-users-production

  2. atd-moped-users-staging

As you may have guessed, one is for each environment in cognito, which also has a staging and production separation.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "dynamodb:BatchGetItem",
                "dynamodb:DescribeTable",
                "dynamodb:GetShardIterator",
                "dynamodb:GetItem",
                "dynamodb:Scan",
                "dynamodb:Query",
                "dynamodb:GetRecords"
            ],
            "Resource": [
                "arn:aws:dynamodb:us-east-1:295525487728:table/atd-moped-users-production",
                "arn:aws:dynamodb:us-east-1:295525487728:table/atd-moped-users-staging"
            ]
        }
    ]
}

Deployment strategy

The deployment of the DynamoDB was manual. There is no real need to keep the deployment automated as there aren’t going to be a lot of changes to it.

SLA

Requests Per Second (RPS): The tables present a maximum reads per second and writes per second, this needs to be changed as the amount of traffic changes.

Action Items

Action

Description

Owner

Due date

GitHub ticket

1

  • Change RPS

There needs to be a change in the RPS, currently at 5 r/w ps.

e.g.,24 Sep 2020

None Yet.

2

References and documentation

Cognito provides us a UUID string for each individual user, this is what we use as our primary. Since it is random by nature, it’s the perfect pick for our primary key strategy.

This field is just a string, in Dynamo it looks like this (encrypted):

()

In order to be able to access DynamoDB, the lambda trigger needs to have the following permissions (policy name: , role name: )

If you are new to DynamoDB, here is an excellent resource to learn it quickly:

Python & DynamoDB (boto3)

AWS Well Architected Framework PDF
atd-moped-users-cognito-hook-secrets-access
atd-moped-cognito-hook
https://www.linkedin.com/learning/aws-for-developers-dynamodb/why-dynamodb?u=55898036
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html#DynamoDB.Client.get_item
Data & Technology Services
Sergio Garcia
Sergio Garcia
Sergio Garcia
https://console.aws.amazon.com/dynamodb/home?region=us-east-1#