In praise of AWS Cognito and Lambda

I’ve been trying to figure out if it’s possible to go pretty much serverless… or more to the point “instanceless” for the past few years.

Up until recently I think this was pretty much impossible, but starting a new CTO role has allowed me the opportunity to test my theories.

I’ve been using AWS for years (and by that, I mean pretty much since it was created) and have used it mainly for hosting EC2, RDS and S3 which is pretty standard.


But last year, when I first saw Lambda I got very excited. Immediately I could see that you didn’t need servers, and you could pretty much do anything you liked.

The downside (originally) of Lambda was that you couldn’t use it with an endpoint. In other words, you had to use it from somewhere else within the AWS ecosystem.

But that has now changed, with the ability to use the endpoints directly and use API Gateway as a proxy to Lambda. This isn’t a technical conversation, but basically, this is awesome!

The ability to create small bits of code that do very specific things means that light client-server interactions are now a strong possibility, and for mobile, this is probably the most important thing I’ve seen in the past few years.


I love Cognito. I’d seen it but not really cared, and then I needed to be able to get AWS credentials into my apps. This is Cognito.

I’ve paired it in my latest app with Digits. Press a button, sign in with digits, and links to Cognito.

Doing it this way, I have two AWS roles: authorised and unauthorised Cognito roles. These are rolling credentials, meaning that I don’t have to store things in my app directly.

So… I have AWS credentials available to me, with specific permissions via IAM roles without having to release any AWS credentials with the app.


Putting it all together

So, the setup I now have is very straight forward. Interaction on authenticated and simple data is done via Cognito. Anything complicated is done via Lambda or API Gateway.

There is no EC2 in there. There isn’t even any RDS since I don’t have the concept of an ORM to care about either. There is some S3, but I can use the ACL to ensure that it’s not public too.

Basically, I’ve hidden the entire workings of my app behind an authentication scenario reliant upon Cognito + Digits.

The upshot? AWS can care about the maintenance. I will care about making my app awesome.

Job done!

Written by

ServerlessDays CoFounder (Jeff), ex AWS Serverless Snr DA, experienced CTO/Interim, Startups, Entrepreneur, Techie, Geek and Christian

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store