使用AWS Cognito,AppSync和EventBridge在MICREVICES后端进行微服务的最佳方法(Flutter_Amplify)
在那里寻求一些建筑AWS智慧,我真的迷路了!
我目前正在使用微服务创建一个应用程序。我在建筑选择方面非常挣扎。
我想使用AWS Cognito允许用户注册和签名“本地”方式(提供您自己的电子邮件 +密码 +用户名)以及社交签名(Google,Facebook,Facebook,Apple,Apple,亚马逊)。
首先,我想使用一个DynamoDB表,该表将使用某些与应用程序相关的属性(例如Friendslist)来丰富我的用户信息。这是为了避免此处列举的一些麻烦 https://stackoverflow.com/a/544459928/16268050 (缺乏灵活性查询/节流/cognito自定义属性)
将会有一个lambda后确认后的触发器将我的用户信息复制到我自己的表格。
但是,与该方法有关的一些问题:
- 由于已经确认了用户(AFAIK),因此在社交招牌上不会发生这种lambda触发器。
- 当用户更新他的凭据时,我将在用户表上使用appsync graphQl突变(因为我的cognito用户池只能用于AppSync授权在每个API调用上使用的令牌生成的注册/INS)。但是,这些更改将在Cognito用户池中看不到。而且,如果我想使用Amplify使用Amplify Cognito Auth API修改这些凭据,那么这是我的DynamoDB表,但并非最新。也许我可以对Cognito用户池 + DynamoDB的AppSync突变进行放大更新,但这似乎有点骇人听闻。感觉在路上会出现很多问题。
因此,知道,我决定将Cognito的用户池目录用作用户数据库(因为社交标志确实通过属性映射在用户池中放置了一个新条目)。丰富将以自定义属性和其他微服务数据库的形式。 Amplify Auth API将用于移动式前端,用于本机/社交注册/登录名,密码重置,用户属性更新,验证属性和重新验证代码。
但是现在我的问题是如何使用户微服务数据库(用户池)异步/同步与其他微服务数据库(一堆动态单元)通过Eventbridge/api网关进行通信它可以回荡到适当的数据库,反之亦然?
我的某些应用程序微服务的示例可以帮助您更好地了解:
- 社区:用于存储 /管理用户朋友(DynamoDB / Lambdas)。
- 锻炼:用于存储 /管理用户锻炼程序(DynamoDB / lambdas / s3)
- 性能:用于存储和汇总用户的锻炼性能(dynamodb / lambdas)
- :cognito for Authn and Authz(通过AppSync Directives)
用户 或电子邮件,因为它也是唯一的)
现在)这些微服务DynamoDB的每个分区键都是用户ID(我希望Cognito用户池提供的此用户ID是GUID的形式,而不是用户名 问题和全球缺乏理解。我真的希望您能够帮助我,您可能已经注意到我在那里迷路了。多谢 :)
Seeking some architectural AWS wisdom there, I'm really lost!
I am currently creating an app using microservices. I am quite struggling regarding architectural choices.
I would like to use AWS Cognito to allow users to sign-up and sign in the "native" way (giving your own e-mail + password + username), as well as with social sign-ins (Google, Facebook, Apple, Amazon).
At first, I wanted to use a DynamoDB table that would be used to enrich my user information with some app-related attributes (like for example friendsList). This is to avoid some troubles enumerated here https://stackoverflow.com/a/54459928/16268050 (lack of flexibility for querying/throttling/Cognito custom attributes)
There would have been a Lambda Post-Confirmation trigger that would copy my user information to my own table.
However, there are some problems related to that approach:
- this lambda trigger doesn't happen on social sign-ins, as the user is already confirmed (afaik).
- when a user updates his credentials, I would use an AppSync graphQL mutation on the user table (as my Cognito user pool would only be used for sign-up/ins for the token generation used by AppSync authorization on every single API calls done). But these changes wouldn't be seen in the Cognito user pool. And if I want to use Amplify to modify those credentials with the Amplify Cognito Auth API, then it is my DynamoDB table that isn't up to date. Maybe I could do the amplify update of the Cognito user pool + an AppSync mutation to the DynamoDB, but that seems kinda hacky. It feels that there would be a lot of problems emerging down the road.
Therefore, knowing that, I decided that I would use the user pool directory from Cognito as my user database (as social sign-ins do put a new entry in the user pool through attributes mapping). The enriching would be in the form of custom attributes and in other microservice databases. Amplify Auth API would be used on the mobile Flutter front-end for native/social sign-ups/sign-ins, password resetting, user attributes updates, verifying attributes, and resending verification codes.
But now my question is how to let the user microservice database (the user pool) asynchronously/synchronously communicate with other microservices databases (a bunch of DynamoDBs) through EventBridge/API Gateway as soon as there is a change that happened in the user pool so that it can reverberate to appropriate databases and vice-versa?
Examples of some of my app microservices to help you have a better understanding:
- Community: used to store/manage friends of users (DynamoDB / Lambdas).
- Workouts: used to store/manage user workout programs (DynamoDB / Lambdas / S3)
- Performance: used to store and aggregate user's workout performances (DynamoDB / Lambdas)
- Users: Cognito user pool for AuthN and AuthZ (through Appsync directives)
I guess (for now) that every partition key of these microservices DynamoDB would be the userId, (I hope this userId given by Cognito user pool is in a form of a GUID, and not a username or e-mail as it would be unique as well)
Lots of questions and a global lack of understanding here. I really hope that you will be able to help me, You may have noticed that I'm kind of lost there. Thanks a lot :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论