Dev2Prod Demo -Achieve Compliance-Ready Access Control with AWS Cognito & Azure Entra ID Federation
- Doron Shushan
- Oct 25
- 1 min read
Managing user access across microservices is complex — especially under frameworks like ISO 27001, SOC 2, or HIPAA.In this post, we’ll show how AWS Cognito can simplify secure login and access control for a real DevSecOps solution with an React frontend and Python FastAPI backend.
🔐 The Challenge
Modern apps often have multiple services, APIs, and environments. Without unified identity management, access becomes inconsistent — a compliance and security nightmare.
⚙️ Our Solution: AWS Cognito Access Flow
Below is a screenshot of our Cognito login integration in action:
After a secure OIDC login with PKCE, users receive scoped tokens (Access & ID) used across the microservices environment. The backend validates each token using Cognito’s JWKS public keys — ensuring zero trust and least privilege at every call.
🧩 Why It Matters
Unified Authentication across frontend and backend microservices.
Dynamic Access Rights – users are automatically mapped to roles and permissions.
No Static Credentials – compliance-friendly by design.
Seamless Integration – works with EKS, Vault, and ArgoCD pipelines.
🛡️ Compliance Alignment
Framework | Control Reference | What’s Covered |
ISO 27001 | A.9 – Access Control | Federated identity, least privilege |
SOC 2 | CC6.1 – Logical Access | Token-based access enforcement |
HIPAA | §164.312(a) | Unique user identification |
Each login, access, and role mapping is fully auditable and logged for compliance evidence.
📊 Engineering Highlights
OAuth2 + OpenID Connect with PKCE
JWT validation in FastAPI microservices
Secure session management and token refresh
Integration with CI/CD and audit-ready configurations
✅ Summary
Access control doesn’t need to slow innovation.With AWS Cognito, you get secure authentication, compliance coverage, and scalable identity management — all in one flow.