Amazon Cognito - User Pools, Identity Pools - AWS Certification

Let’s get a quick overview of Amazon Cognito from an AWS certification perspective.

You will learn

  • What is Amazon Cognito?
  • Why do we need Amazon Cognito?
  • How can you do authorization and authentication with Amazon Cognito?
  • What are User Pools and Identity Pools?

AWS Certification - 25 PDF Cheat Sheets + Free Course

Each cheat sheet contains:

  • FAQs and Tutorials with 5-20 slides
  • Notes to quickly review and prepare for certification exam
  • Certification Exam Tips
  • Certification and Interview Scenario Questions

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Amazon Cognito - User Pools

User Pools help you create your own secure and scalable user directory.

It also helps you to create sign-up pages and customizable web UI to sign in users (with option to social sign-in ).

Amazon Cognito - Identity pools

Identity pools provide AWS credentials to grant your users access to other AWS services.

You can connect identity pools with authentication (identity) providers:

  • Your own user pool OR
  • Amazon, Apple, Facebook, Google+, Twitter OR
  • OpenID Connect provider OR
  • SAML identity providers (SAML 2.0)

You can configure multiple authentication (identity) providers for each identity pool.

Federated Identity is an external authentication (identity) provider.

  • ex: Amazon, Apple, Facebook, OpenID or SAML identity providers

Amazon Cognito - How does it work?

Here are the important steps:

  • 1: Application sends user credentials to identity provider
    • (If authenticated) Identity provider sends a token to application
  • 2: Application sends the token to Identity Pool
    • (If valid token) Identity Pool creates temporary credentials (access key, secret key, and session token) using STS
  • 3: App sends a request with the credentials to the AWS service


Certification - Recommended Reading

Amazon RDS - Relational Database Service and Amazon Aurora

Multi-AZ vs Multi-Region vs Read replicas - Amazon RDS

Database Primer - Availability vs Durability vs RTO vs RPO vs Consistency

Migrating databases in AWS - Data Pipeline vs DMS vs SCT

Amazon RedShift vs RedShift Spectrum vs Amazon EMR - A comparison

AWS Data Lakes - Simplified Big Data Solutions

Amazon RedShift - Big Data in AWS

Amazon S3 Storage Classes - Standard vs Standard-IA vs One Zone vs Intelligent-Tiering vs Glacier

Amazon S3 Glacier - vs Amazon S3

Choosing AWS Databases - RDS vs DynamoDB vs Redshift

Free Videos - Get Started with AWS Certification

Complete Course - AWS Certified Solutions Architect Associate

Get our amazing course pursued by thousands of learners

  • 400+ Lectures
  • 28 hours on-demand video
  • 18 articles
  • 2 downloadable resources
  • Full lifetime access