Amazon Cognito Tutorial | AWS Cognito

  • Last updated Apr 25, 2024

Amazon Cognito is an access management service that lets you add user sign-up, sign-in and control access to your web and mobile applications easily and quickly. Amazon Cognito supports sign-in with social identity providers such as Google, Facebook, Amazon, and Apple, and enterprise identity providers through SAML 2.0 and OpenID Connect.

There are two main components of Amazon Cognito:

  1. User Pools
  2. Identity Pools

User Pools

A user pool is a secured user directory that provides sign-in, and sign-up options for your web and mobile application users. Every user, whether they are signed in directly or using a third-party identity provider, has a profile directory that can be accessed with the use of an SDK. User pools are fully managed services that scale to support hundreds of millions of users.

User pools provide the following:

  • User Sign-up and sign-in services.
  • Social sign-in with Google, Facebook, Amazon, and Apple.
  • Sign in using SAML and OIDC identity provider.
  • A built-in, customizable web interface to sign in users.
  • Security features such as multi-factor authentication (MFA), phone and email verification, checks for compromised credentials and account takeover protection.
  • User migration with the use of AWS Lambda triggers.
  • Customized workflows.

Identity Pools

With Identity Pools, we can grant users temporary access to other AWS services such as DynamoDB, and Amazon S3. The access can be given to anonymous guest users or users who have signed in. Identity pool needs to be integrated with the user pool in order to save user profile information.

We can use user pools and identity pools together or separately.