I hit Day 50 of my #100DaysOfCloud challenge today! To celebrate, I decided to tackle the scariest part of any GenAI side project: Billing Spikes from unprotected APIs.
My AI Financial Agent uses Amazon Bedrock under the hood. Until today, the API was open. To fix this, I set up Amazon Cognito.
Instead of building a custom login system (and probably hashing passwords wrong), I let AWS handle it.
My Cognito Setup:
Authentication: Email & Password.
App Client: Public Client (for my React SPA).
Security: AWS handles the heavy lifting of issuing JWTs (ID, Access, and Refresh tokens).
Tomorrow, I will connect this User Pool to my React frontend using AWS Amplify, and configure my backend to validate the tokens. No Token = No AI generation = Safe Budget!
If you are building with GenAI, put authentication in front of your APIs on Day 1 (or Day 50, better late than never!).
Top comments (0)