What is AWS Cognito? User Management by AWS
What is AWS Congito? Cognito by AWS is a very powerful user management system. It integrates with IAM, so you can get very granular on access control. When building an application on AWS, we recommend using Cognito as a critical piece of your stack.
If your’re familiar with a tool like Auth0, Cognito takes the complexity out of managing user authentication credentials. Cognito directly integrates with Amazon Web Services to provide fine grained access control on which systems a user can use and what data they can access.
What are the benefits of Cognito?
Cognito allows you to implement best-practice user management out of the box with a wide range of available features. Also, Cognito make it easy to implement 2FA by default. This allows you to create more secure applications out of the box.
At Broadway Lab, we leverage the Vue starter project to begin many of our web apps, and it easily incorporates Cognito with API Gateway. This allows you to adhere to best practices from day one.
What are user pools?
User pools are essentially groups of users in a Cognito project. User pools are great, because you can allocate resources to specific pools. This makes managing authorization very easy.
What are identity pools?
Identity pools are groups off sign in information for users. For instance, you may have a separate pool focusers that sign in via a social login on Google as opposed to signing in with their email or phone number. Identity pools manage the complexity of linking multiple auth accounts which makes your systems more simple. Most importantly, identity pools provide tokens that serve as temporary credentials for applications.
What are federated identities?
Federated identities is an authentication architecture that essentially outsources the responsibility to a third party outside of your system. A federated identity could be a corporate SSO, or it could be a social network that’s responsible for representing that user.
Federated identities are very common in a microservices architecture.
As you can see, Cognito is a very powerful tool that takes the responsibility of authentication. It also integrates with AWS services, including API gateway, so you can provide access to the appropriate resources with relative ease.
We recommend using AWS services, because it will allow you to adhere to best practices more easily.