Back to Catalog
Security, Identity, & Compliance

Amazon Cognito

"Identity platform for web and mobile apps (Sign-up, Sign-in)."

What is Amazon Cognito?

Amazon Cognito controls user authentication and access for your mobile and web applications. It handles the difficult parts of managing user accounts (password resets, MFA, etc.) so you can focus on your app code.

Key Concepts

1. User Pools (Authentication)

  • A directory of users (sign-up/sign-in).
  • Handles: Registration, Login, Password Recovery, MFA.
  • Result: You get a standard JSON Web Token (JWT).

2. Identity Pools (Authorization)

  • Exchanges your login token (from User Pools, Facebook, Google) for Temporary AWS Credentials.
  • Allows users to access AWS resources directly (e.g., uploading a file to an S3 bucket).

Exam Tips

[!IMPORTANT] User Pools vs Identity Pools:

  • User Pools: "I want to add sign-up/sign-in to my app."
  • Identity Pools: "I want to give my users access to an S3 bucket."

[!NOTE] Social Login: Cognito supports federation with Facebook, Google, Apple, and Amazon.

Common Use Cases

  • Mobile Apps: Adding a "Sign in with Google" button to your iOS game.
  • SaaS Applications: Managing thousands of user accounts and their profiles securely.
CloudTrail
Secrets Manager
SWIPE ZONE
< DRAG ME >