AWS Cognito
Cognito is used for authentication and authorization. For that, Cognito has two types. They are
- Cognito User Pools (CUP): It is mainly used for authentication. And it has the following features.
• Create a serverless database of the user for your web & mobile apps
• Simple login: Username (or email) / password combination
• Password reset
• Email & Phone Number Verification
• Multi-factor authentication (MFA)
• Federated Identities: users from Facebook, Google, SAML…
• Feature: block users if their credentials are compromised elsewhere
- Login sends back a JSON Web Token (JWT)
- It can even integrate with a Lambda function also.
Cognito Identity Pools (Federated Identities): It is used for authorization. And it has the following features.
• Get identities for “users” so they obtain temporary AWS credentials
• Your identity pool (e.g identity source) can include:
• Public Providers (Login with Amazon, Facebook, Google, Apple)
• Users in an Amazon Cognito user pool
• OpenID Connect Providers & SAML Identity Providers
• Developer Authenticated Identities (custom login server)
• Cognito Identity Pools allow for unauthenticated (guest) access
• Users can then access AWS services directly or through API Gateway
• The IAM policies applied to the credentials are defined in Cognito
- They can be customized based on the user_id for fine-grained control
