2.1 Project Overview

Overview of Project ☁️

Scenario

A university is building a centralized student portal that allows thousands of students to log in and access grades, assignments, and learning materials. Professors also log in but require elevated access to manage and upload course records. To maintain privacy and compliance, the system must strictly enforce:

  • Multi-Factor Authentication (MFA)
  • Strong password policies
  • Role-based access control (RBAC)

This project simulates how a Cloud Security Engineer secures user identities and manages controlled access across different user roles using AWS-native identity services.

Our Solution

We’ll design a secure identity management system using Amazon Cognito, which will handle everything from authentication to access control.

  • User Authentication with Amazon CognitoCreate a User Pool with custom password policies and MFA
  • Define user groups for Students and Professors
  • Enable self-service sign-up and login
  • Frontend IntegrationConfigure App Client and Domain for secure hosted login
  • Integrate Cognito with a frontend app using OIDC Quick Setup
  • Ensure only verified users can access the university portal

This setup enforces strong identity protection while providing a seamless login experience.

About This Project

This hands-on project is part of the AWS Cloud Security Engineer Projects course — a collection of five real-world projects that teach you how to secure cloud workloads using AWS best practices.

In this project, you’ll gain practical experience with identity and access management, a core area of cloud security. You’ll learn to:

  • Configure Amazon Cognito User Pools
  • Enforce MFA and password policies
  • Manage user groups and roles
  • Integrate secure authentication with a frontend application

By the end, you’ll have implemented a realistic and production-style authentication system built entirely on AWS.

Steps To Be Performed 👩‍💻

  1. Create a Cognito User Pool with MFA and password policies
  2. Configure a Cognito App Client and Hosted Domain
  3. Create user groups (Students, Professors)
  4. Add and test user accounts for each group
  5. Integrate frontend login using the Cognito-hosted UI (OIDC Quick Setup)
  6. Verify group-based access and MFA enforcement

AWS Services Used 🛠

  • Amazon Cognito User Pool – User authentication and group management
  • Amazon Cognito App Client – Secure frontend integration
  • AWS IAM – Permissions and role mapping for different user groups
  • Frontend App (React + OIDC) – University portal interface

Estimated Time & Cost ⚙️

  • Duration: 3 - 4 hours
  • Cost: Free (under AWS Free Tier)

➡️ Architectural Diagram

➡️ Final Result

After completing this project:

  • Students log in securely to access their own course materials
  • Professors log in with group-based elevated privileges
  • MFA and password policies enhance account security
  • The frontend integrates seamlessly with Cognito for authentication
  • All users and roles are managed securely within AWS

You’ll gain a practical understanding of cloud-based identity management, one of the most essential skills for any Cloud Security Engineer.

Complete and Continue