2 posts tagged with "Cognito"

Managing authentication and authorization with AWS Cognito. Covers user pools, identity pools, guest access, token flows, and securing access to APIs and cloud resources.

View All Tags

Day 13: Build your secure backend trigger

January 17, 2026 · 38 min read

Norah Klintberg Sakal

AI Consultant & Developer

Build your secure backend trigger

What you'll learn

How to build a secure Lambda backend with API Gateway and Cognito authorization to trigger AI calls

Why you need a secure trigger

Day 12: You build a protected frontend

Today: We build the secure backend that triggers calls

Here's the critical security issue:

Remember your ALB endpoint we built on Day 9 ↗?

https://ai-caller.yourdomain.com

If we add a /make-call endpoint directly to Fargate:

POST https://ai-caller.yourdomain.com/make-call
→ Publicly accessible
→ Anyone can trigger calls
→ Could rack up *huge* OpenAI/Twilio bills
→ Even with frontend auth, the endpoint is exposed

This is not acceptable.

Day 12: Deploy your frontend (with authentication)

January 14, 2026 · 50 min read

Norah Klintberg Sakal

AI Consultant & Developer

Deploy your frontend (with authentication)

What you'll learn

How to build a secure frontend with Vite, React and Cognito authentication, then deploy it to S3 + CloudFront

Protect your app from unauthorized use

Days 9-11: You built the infrastructure

Today: We build the protected frontend

Here's the critical security issue:

When you deploy your AI calling agent:

https://app.yourdomain.com
→ Publicly accessible
→ Anyone can use it
→ Could rack up huge OpenAI/Twilio bills

This is not acceptable.

What you need:

Why you need a secure trigger​

Protect your app from unauthorized use​

Why you need a secure trigger

Protect your app from unauthorized use