Cognito Overview

  • Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.

  • Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

User Pools

  • A user pool is a user directory in Cognito.

  • With a user pool, your users can sign in to your web or mobile app through Cognito, or federate through a third-party identity provider (IdP).

  • User pools provide:

    • Sign-up and sign-in services.

    • A built-in, customizable web UI to sign in users.

    • Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple, and through SAML and OIDC identity providers from your user pool.

    • User directory management and user profiles.

    • Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.

  • After successfully authenticating a user, b.

Identity Pools

  • With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB.

  • Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for identity pools:

    • Cognito user pools.

    • Social sign-in with Facebook, Google, Login with Amazon, and Sign in with Apple.

    • OpenID Connect (OIDC) providers.

    • SAML identity providers.

    • Developer authenticated identities.

  • To save user profile information, your identity pool needs to be integrated with a user pool.

  • Cognito identity pools (federated identities) enable you to create unique identities for your users and federate them with identity providers.

Cognito Sync

  • Cognito Sync is an AWS service and client library that enables cross-device syncing of application-related user data.

  • You can use it to synchronize user profile data across mobile devices and the web without requiring your own backend.

  • The client libraries cache data locally so your app can read and write data regardless of device connectivity status.

  • Requires Federated Identity Pools; not User Pools.

PreviousAPI Gateway SecurityNextAWS SAM (Serverless Application Model)

Last updated