Getting started with Amazon Cognito

What is Amazon Cognito?

Amazon Cognito provides authentication, authorization and user management for web and mobile apps. Users can sign-in directly with a username and password or through a third party such as Facebook, Amazon, Google or Apple.

Components

• User pools:
• User pools are user directories that provide sign-up and sign-in options for the application users.
• Identity pools:
• Identity pools are used to grant users access to other AWS services.

Features of Amazon Cognito

User pools:

It is a user directory in Amazon Cognito. Users can sign in to a web or mobile app through Amazon Cognito, or federate through a third-party identity provider. Whether users sign in directly or through a third party, all members of the user pool have a directory profile that can be accessed by an SDK.

User pools provide:

• Sign-up and sign-in services.
• A built-in, customizable web UI to sign-in users.
• Social sign-in with Facebook, Google, Login with Amazon and Sign-in with Apple, through SAML and OIDC identity providers from the user pool.
• User directory management and user profiles.
• Security features such as multi-factor authentication, checks for compromised credentials, account takeover protection and phone or email verification.
• Allows customized workflows and user migration through AWS Lambda triggers.

Identity pools:

With an identity pool, users can obtain temporary AWS credentials to access the AWS services, such as Amazon S3 and DynamoDB. It supports anonymous guest users and the following identity providers to authenticate users for identity pools:

• SAML identity providers
• Amazon Cognito user pools
• OpenID Connect providers (OIDC)
• Social sign-in with Facebook, Google and Login with Amazon
• Developer authenticated identities

Read more: https://tudip.com/blog-post/getting-started-with-amazon-cognito/