Amazon Cognito — Main Features, User Pools and Identity Pools, Uses Cases and How it Works ?
In this article, we are going to learn all aspects of Amazon Cognito — Main Features, User Pools and Identity Pools, Uses Cases and How it Works ?
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. By the end of the article, we will learn Amazon Cognito for Authentication and Authorization in Serverless Applications.
I have just published a new course — AWS Lambda & Serverless — Developer Guide with Hands-on Labs.
What is Amazon Cognito ?
Amazon Cognito provides to add user sign-up, sign-in, and access control to web and mobile applications. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.
So we can say thati Amazon Cognito is provides user authentication and access for applications. Amazon Cognito synchronizes end-user data, which provides to an application developer can focus on writing code instead of building and managing the back-end infrastructure. This will accelerate the application development process.
What is Amazon Cognito used for?
The main idea is enables simple, secure user authentication, authorization and user management for web and mobile applications.
Amazon Cognito Main Features
Amazon Cognito has several features that provide to facilitate authentication processes.
- Amazon Cognito User Pools provide a secure identity server that authenticate to millions of users. Cognito User Pools can easily set up without provisioning any infrastructure, and all members of the user pool have a directory profile that you can manage with SDK.
- Users can sign in with social identity providers like Apple, Google, Facebook, and Amazon, and with enterprise identity providers such as SAML and OpenID Connect.
- Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards which’s are OAuth 2.0, SAML 2.0, and OpenID Connect.
- Amazon Cognito has built-in UI that provide easy configuration for federating identity providers. By this way we can integrate Amazon Cognito to add user sign-in, sign-up, and access control to application very easily.
Amazon Cognito Types — User Pools and Identity Pools
There are two main components of Amazon Cognito;
- User pools and
- Identity pools.
User pools are user directories that provide sign-up and sign-in options for app users. User pool provide that users can sign in to application through Amazon Cognito, or federate through a third-party identity provider (IdP).
User pool have a directory profile that we can access through an SDK to manage pools programmatically.
Identity pools provides to grant users access to other AWS services. We can use identity pools and user pools separately or together. Users can obtain temporary AWS credentials to access AWS services; Amazon S3 and DynamoDB. Identity pools also support anonymous guest users.
Amazon Cognito — How it Works ?
In Amazon Cognito, user pool and identity pool used together.
See the diagram above for a common Amazon Cognito scenario. Here the idea is to authenticate your user, and then grant your user access to another AWS service.
- In the first step, application user signs in through a user pool and receives user pool tokens after a successful authentication.
- Next, application exchanges the user pool tokens for AWS credentials through an identity pool.
- Finally, application user can then use those AWS credentials to access other AWS services such as Amazon S3 or DynamoDB.
Amazon Cognito Use Cases
As we learned from previous, Amazon Cognito has 2 main components; user pools and identity pools.
User pool is a user directory in Amazon Cognito. User pools are user directories that provide sign-up and sign-in operations. Identity pools provide AWS credentials to grant your users access to other AWS services.
UC1 : Authenticate with User Pool
We can enable users to authenticate with a user pool. Our application users can sign in with user pool, or federate through a third-party identity provider (IdP).
UC2: Cognito User Pool to Access Resources with API Gateway and Lambda
Cognito User Pool to Access Resources with API Gateway and Lambda. This use case is one of our hands-on use cases that we develop together in the next sections.
Basically We can enable users to access our API through API Gateway. API Gateway validates the tokens from a user pool authentication, and uses them to grant your users access to resources including Lambda functions, or your own API.
UC3: Access AWS services with User Pool and Identity Pool
In this use case, we use both User Pool and Identity Pool in Amazon Cognito;
- In the first step, application user signs in through a user pool and receives user pool tokens after a successful authentication.
- Next, application exchanges the user pool tokens for AWS credentials through an identity pool.
- Finally, application user can then use those AWS credentials to access other AWS services such as Amazon S3 or DynamoDB.
UC4: Authenticate with Third party and Access AWS Services with Identity Pool
We can enable to users access to AWS services using an identity pool. An identity pool requires an IdP token from a user authenticated by a third-party identity provider. In exchange, the identity pool grants temporary AWS credentials that you can use to access other AWS services.
Step by Step Design AWS Architectures w/ Course
I have just published a new course — AWS Lambda & Serverless — Developer Guide with Hands-on Labs.
In this course, we will learn almost all the AWS Serverless Services with all aspects. We are going to build serverless applications with using AWS Lambda, Amazon API Gateway, Amazon DynamoDB, Amazon Cognito, Amazon S3, Amazon SNS, Amazon SQS, Amazon EventBridge, AWS Step Functions, DynamoDB and Kinesis Streams. This course will be 100% hands-on, and you will be developing a real-world application with hands-on labs together and step by step.
Source Code
Get the Source Code from Serverless Microservices GitHub — Clone or fork this repository, if you like don’t forget the star. If you find or ask anything you can directly open issue on repository.
