Cognito

User Pools
A user directory for your app (web or mobile).
Manages user registration, sign-in, and profiles.
Supports sign-in via:
Username & password
Social providers (Google, Facebook, Amazon, Apple)
SAML-based identity providers
Every user in the pool has a profile accessible via the Cognito SDK.
✅ Use When:
You want to manage users and authentication directly.
You need built-in support for sign-up, sign-in, and user attributes.

Identity Pools (Federated Identities)
Used to federate identities and provide temporary AWS credentials.
Supports identities from:
Cognito User Pools
Social identity providers
SAML providers
Unauthenticated guests
Enables users to access AWS services like S3, DynamoDB, etc.
✅ Use When:
You want users to access AWS services securely.
You need to generate temporary credentials for AWS access.

User & Identity Pools
Feature
User Pools
Identity Pools
Purpose
Manage users and authentication
Provide AWS credentials to users
User sign-in support
Username/password, social, SAML
Social, SAML, Cognito User Pools, guest users
AWS access
❌ Not for direct AWS service access
✅ Grants limited AWS service access
User profile management
✅ Yes (via SDK)
❌ No

Last updated