Amazon Cognito - User Pools, Identity Pools - AWS Certification

Let’s get a quick overview of Amazon Cognito from an AWS certification perspective.

You will learn

  • What is Amazon Cognito?
  • Why do we need Amazon Cognito?
  • How can you do authorization and authentication with Amazon Cognito?
  • What are User Pools and Identity Pools?

AWS Certification - 25 PDF Cheat Sheets + Free Course

Each cheat sheet contains:

  • FAQs and Tutorials with 5-20 slides
  • Notes to quickly review and prepare for certification exam
  • Certification Exam Tips
  • Certification and Interview Scenario Questions

Amazon Cognito

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Amazon Cognito - User Pools

User Pools help you create your own secure and scalable user directory.

It also helps you to create sign-up pages and customizable web UI to sign in users (with option to social sign-in ).

Amazon Cognito - Identity pools

Identity pools provide AWS credentials to grant your users access to other AWS services.

You can connect identity pools with authentication (identity) providers:

  • Your own user pool OR
  • Amazon, Apple, Facebook, Google+, Twitter OR
  • OpenID Connect provider OR
  • SAML identity providers (SAML 2.0)

You can configure multiple authentication (identity) providers for each identity pool.

Federated Identity is an external authentication (identity) provider.

  • ex: Amazon, Apple, Facebook, OpenID or SAML identity providers

Amazon Cognito - How does it work?

Here are the important steps:

  • 1: Application sends user credentials to identity provider
    • (If authenticated) Identity provider sends a token to application
  • 2: Application sends the token to Identity Pool
    • (If valid token) Identity Pool creates temporary credentials (access key, secret key, and session token) using STS
  • 3: App sends a request with the credentials to the AWS service


Certification - Recommended Reading

AWS Security Groups and Network Access Control List - A Comparison

AWS VPN vs AWS Direct Connect vs Software VPN vs CloudHub - AWS Certification

VPC and Subnet Route Tables - Routing in AWS

Moving Data between AWS and On-premises - Snowball vs Snowmobile vs DataSync

AWS Storage Gateway - File vs Tape vs Volume - Stored vs Cached

Security Groups vs NACL - A Comparison

Public Subnet vs Private Subnet - Routing and Internet Gateway

Private Subnets - NAT Gateway vs NAT Instance

VPC Endpoints - Gateway vs Interface, VPC Peering and VPC Flow Logs

Virtual Private Cloud and Subnet Fundamentals - VPC

Free Videos - Get Started with AWS Certification

Complete Course - AWS Certified Solutions Architect Associate

Get our amazing course pursued by thousands of learners

  • 400+ Lectures
  • 28 hours on-demand video
  • 18 articles
  • 2 downloadable resources
  • Full lifetime access