https://serverless-stack.com/ logo
Join Slack
Powered by
Hey, I want to use the `sst.Auth` construct, but I...
# help
s
Hey, I want to use the 
sst.Auth
construct, but I don't need an identity pool. reason for using the construct is; it handles permissions for triggers, creates the user pool, creates the app client, has sensible defaults. Reason I am not using identity pools is because I am working with multi-tenancy and need to create policies for data isolation. Is there any way to turn identity pool generation off for the Auth construct?
f
Hey @Simon Reilly, are you going to use this UserPool to authenticate ur API? (ie. UserPool JWT)
s
Yes, here is the code I am using 👍
f
Got it. We are actually creating a 
UserPool
(might call it 
UserPoolAuth
) construct that doesn’t have the identity pool stuff in there.
The auth stuff has been pretty confusing to some ppl.. and we want to be able to tell them to either use the 
Auth
or 
UserPoolAuth
.
If you are using IAM to protect ur API, use 
Auth
(the recommended way, might be a bit biased here)
Or if you are using JWT, use 
UserPoolAuth
.
And 
UserPoolAuth
also comes with an easy way to create triggers, etc.
s
That is what I need; and makes sense to me. I did consider creating an IAM Role against the identity pool and using this; but I need attributes identifying the user belonging to a tenant anyway as per some SaaS best practices and recommendations: https://docs.aws.amazon.com/cognito/latest/developerguide/multi-tenant-application-best-practices.html. Still exploring this space though, might change 👍
f
Ah that makes sense. Apart from the configuring clients and triggers, anything else you like the construct to simply?
s
Nothing comes to mind, if I have any thoughts I will let you know 👍
Open in Slack
PreviousNext
Powered by