Skip to main content

Retrieve Recommended Products

Architecture Flow:

  • Cognito authenticates users and provides access tokens.
  • Route 53 routes API requests from the authenticated user to the Application Load Balancer (ALB).
  • The ALB forwards the traffic to ECS Fargate, where your API service runs.
  • The API service validates the Cognito token and retrieves recommended products from DynamoDB, using cached data generated by Amazon Personalize.
  • Optionally, the CloudFront distribution caches the responses for further optimization.

Step-by-Step Exploration:

1. Amazon Cognito

  • Objective: Use Cognito for user authentication and generate JWT tokens for secure API requests.
  • Exploration:
    • Navigate to Cognito and configure a User Pool for user authentication, if not already set up.
    • Ensure that the User Pool settings include proper token lifetimes for ID token and Access token.
    • Explore App Clients within the User Pool to configure your API to accept these tokens from authenticated users.
    • Confirm that OAuth 2.0 scopes and Cognito Identity Provider endpoints are set up for your app to exchange authentication for tokens.
    • Review Cognito triggers and post-authentication flows if additional logic is needed.

2. Route 53 to Application Load Balancer (ALB)

  • Objective: Route authenticated API requests from Cognito users via ALB.
  • Exploration:
    • As before, ensure that Route 53 routes traffic from your domain or subdomain (e.g., api.cloudexploration-two.com) to the ALB.
    • In the ALB listener rules, ensure that traffic from authenticated users is forwarded to the appropriate target group, which links to your ECS Fargate tasks.

3. Amazon ECS (Fargate)

  • Objective: Host the API service that handles recommended product requests and validates Cognito tokens.
  • Exploration:
    • In ECS, configure your task definition to run the API service (e.g., a Spring Boot app) that receives API requests from the ALB.
    • Ensure your service is equipped to validate Cognito tokens:
      • Use AWS libraries or JWT libraries (e.g., AWS SDK for Java or AWS Amplify for JavaScript) to decode and validate the Cognito token.
      • Verify the token’s signature, audience, issuer, and claims (like user ID or roles).
    • After token validation, proceed with your regular logic to fetch recommended products from DynamoDB.
    • You can pass the user’s Cognito ID (sub) to personalize the recommendations for each user.

4. Amazon DynamoDB (Caching)

  • Objective: Retrieve cached recommended products based on the authenticated user’s identity.
  • Exploration:
    • Use DynamoDB to store a cached list of recommended products generated by Amazon Personalize.
    • When the API receives a request with a valid Cognito token, retrieve the cached recommendations by querying DynamoDB for the user’s Cognito sub (or other user attributes).
    • Ensure you have the appropriate partition key to store and retrieve cached recommended products efficiently.

5. Amazon Personalize (Recommendation Engine)

  • Objective: Generate personalized recommendations for authenticated users.
  • Exploration:
    • If the cache is missing or outdated, use Amazon Personalize to fetch new recommendations for the user. The Cognito sub can serve as the user identifier.
    • Check that Personalize campaigns are set up and configured to generate recommendations in real time or via batch processing.
    • If batch processing is used, ensure the ECS service periodically updates the DynamoDB cache with new recommendations based on user activity.

7. Amazon CloudWatch (Monitoring)

  • Objective: Monitor the system and ensure tokens are validated correctly, and user-specific recommendations are served efficiently.
  • Exploration:
    • Set up CloudWatch Alarms to monitor for issues with token validation, DynamoDB performance, or ECS container health.
    • Use CloudWatch Logs for detailed logging of token validation processes and the logic that determines how recommended products are fetched.

Example Flow for Validating Cognito Tokens:

In ECS Fargate:

  • The API receives the request along with the Authorization header containing the Cognito JWT.
  • The token is parsed and validated by checking the signature using Cognito's JWKS (JSON Web Key Set) endpoint.
  • Extract claims (e.g., sub, aud) to identify the user.
  • The API checks DynamoDB to retrieve cached recommendations for the user based on their sub.
  • If cached data is missing or expired, the API fetches fresh recommendations from Amazon Personalize and stores them in DynamoDB for future use.