Amazon Cognito
Decentralized Managed Authentication
Sign-up, sign-in integration for your apps.
Social identity provider e.g. Facebook, Google
Cognito User Pools
User directory with authentication to IpD to grant access to your apps.
Cognito Identity Pools
Provide temporary credentials for users to access AWS Services
Cognito Sync
Syncs user data and preferences across all devices
User Pools
User Pools are user directories and used to manages the actions for web and mobile apps such as:
- Sign-up
- Sign-in
- Account recovery
- Account confirmation
Allows users to sign-in directly to the User Pools, or using Web Identity Federation
Uses AWS Cognito as the identity broker between AWS and the identity provider
Successful user authentication generates a JWT.
User Pools can be thought of as the account used to access the system (i.e. email address and password)
- Choose what attributes
- Choose password requirements
- Apply MFA
- Restrict whether users are allowed to sign up on their own or need admin verification
- Analytics with PinPoint for user campaigns
- Trigger custom log via Lambdas after actions such as after signup
Cognito Identity Pools
Identity Pools provide temporary AWS credentials to access services (e.g. S3, DynamoDB)
Identity pools can be thought of as the actual mechanism authorizing access to the AWS resources.
Cognito - Sync
Sync user data and preferences across devices with on line of code
Cognito uses push synchronization to push updates and sync data
Uses Simple Notification Service (SNS) to send notifications to all user devices when data in the cloud changes