Amazon Cognito is an access management service that lets you add user sign-up, sign-in and control access to your web and mobile applications easily and quickly.
There are two main components of Amazon Cognito
- User Pools
- Identity Pools
User Pools are secured directories that provide sign-in and sign-up options for you application users. Your users can sign in directly with a user name and password or using a third-party identity provider,it has a profile directory that can be accessed with the use of an SDK.
Identity pools enable you to grant your users access to other Amazon services such as DynamoDB, and Amazon S3 etc., The access can be given to anonymous guest users or users who have signed in.
You can use identity pools and user pools separately or together.
How it works
At First your app user signs in through a user pool and receives user pool tokens after a successful authentication.
In the Second step, your app exchanges the user pool tokens for Amazon credentials through an identity pool.
Finally, your app user can then use those Amazon credentials to access other Amazon services such as Amazon S3 or DynamoDB.
Features of Amazon Cognito
User pool provides:
- Sign-up and sign-in services
- A built-in, customizable web UI to sign in users
- Social sign-in with third party applications like Google, Amazon and facebook etc.,
- Security features like MFA (multi-factor authentication), Account take over protection, and phone and email verification.
- Customized workflows and user migration through Amazon Lambda triggers.
Identity pool provides:
- Amazon Cognito user pools
- Social sign-in to the third party applications like Facebook, Google, Login with Amazon, and Sign in with Apple
- OpenID Connect (OIDC) providers like Salesforce, Amazon, Google and Microsoft etc.
- SAML identity providers
- Developer authenticated identities
To save user profile information, your identity pool needs to be integrated with a user pool.
Thank you for your time!!