Cognito

Identity management for your apps

Overview

Feature	User pool	Identity pool
Purpose	user directory for sign-up and sign-in	temporary credential for access AWS services
Authen	SAML, Facebook, Google...	Supports unauthenticated (guest) access and federated identities.
Use Case	Managing user profile Authentication in apps	granting users access to AWS resources
Token	JWT token	AWS credentials
Integration	often use with Identity pool	standalone or with User pool

Feature

User pool

Identity pool

Purpose

user directory for sign-up and sign-in

temporary credential for access AWS services

Authen

SAML, Facebook, Google...

Supports unauthenticated (guest) access and federated identities.

Use Case

granting users access to AWS resources

Token

JWT token

AWS credentials

Integration

often use with Identity pool

Social IdPs (Google, Facebook...) is based on OpenID, so to add social identity providers to the user pool, provide the app client ID and the app client secret.

Gives developers the ability to synchronize user profile data across mobile devices and the web.

A feature of Cognito Sync, you can invoke a Lambda function in response to important activity in you identity pool.

You can enable MFA (required, optional) or no MFA option for Cognito User. After enabling, app users can receive SMS or TOTP.

Last updated 8 months ago