AWS Certified Solutions Architect - Professional
  • AWS Certified Solutions Architect - Professional
  • Accounts & Permissions
    • AWS Organizations
    • Service Control Policies
    • Security Token Service
    • Permissions Boundaries
    • Permissions Evaluation
    • AWS Resource Access Manager
    • Service Quotas
  • ADVANCED IDENTITIES & FEDERATION
    • SAML2.0 Identity Federation
    • IAM Identity Center
    • Amazon Cognito
    • Amazon Workspaces
    • Directory Service
    • AWS Control Tower
  • NETWORKING & HYBRID
    • Private and Public AWS Services
    • DHCP In a VPC
    • VPC Router
    • Stateful vs Stateless Firewalls
    • Network Access Control Lists
    • Security Groups
    • AWS Local Zones
    • Border Gateway Protocol
    • AWS Global Accelerator
    • IPSec VPN
    • Site2Site VPN
    • Transit Gateway
    • VPC Routing
    • Accelerated Site-to-Site VPN
    • AWS Client VPN
Powered by GitBook
On this page
  • User Pools
  • Identity Pools (Federated Identities)
  • User & Identity Pools
  1. ADVANCED IDENTITIES & FEDERATION

Amazon Cognito

Last updated 1 day ago

User Pools

  • A user directory for your app (web or mobile).

  • Manages user registration, sign-in, and profiles.

  • Supports sign-in via:

    • Username & password

    • Social providers (Google, Facebook, Amazon, Apple)

    • SAML-based identity providers

  • Every user in the pool has a profile accessible via the Cognito SDK.

✅ Use When:

  • You want to manage users and authentication directly.

  • You need built-in support for sign-up, sign-in, and user attributes.

Identity Pools (Federated Identities)

  • Used to federate identities and provide temporary AWS credentials.

  • Supports identities from:

    • Cognito User Pools

    • Social identity providers

    • SAML providers

    • Unauthenticated guests

  • Enables users to access AWS services like S3, DynamoDB, etc.

✅ Use When:

  • You want users to access AWS services securely.

  • You need to generate temporary credentials for AWS access.

User & Identity Pools

Feature

User Pools

Identity Pools

Purpose

Manage users and authentication

Provide AWS credentials to users

User sign-in support

Username/password, social, SAML

Social, SAML, Cognito User Pools, guest users

AWS access

❌ Not for direct AWS service access

✅ Grants limited AWS service access

User profile management

✅ Yes (via SDK)

❌ No