Cognito

User Pools

  • A user directory for your app (web or mobile).

  • Manages user registration, sign-in, and profiles.

  • Supports sign-in via:

    • Username & password

    • Social providers (Google, Facebook, Amazon, Apple)

    • SAML-based identity providers

  • Every user in the pool has a profile accessible via the Cognito SDK.

✅ Use When:

  • You want to manage users and authentication directly.

  • You need built-in support for sign-up, sign-in, and user attributes.

Identity Pools (Federated Identities)

  • Used to federate identities and provide temporary AWS credentials.

  • Supports identities from:

    • Cognito User Pools

    • Social identity providers

    • SAML providers

    • Unauthenticated guests

  • Enables users to access AWS services like S3, DynamoDB, etc.

✅ Use When:

  • You want users to access AWS services securely.

  • You need to generate temporary credentials for AWS access.

User & Identity Pools

Feature

User Pools

Identity Pools

Purpose

Manage users and authentication

Provide AWS credentials to users

User sign-in support

Username/password, social, SAML

Social, SAML, Cognito User Pools, guest users

AWS access

❌ Not for direct AWS service access

✅ Grants limited AWS service access

User profile management

✅ Yes (via SDK)

❌ No

Last updated