Aws - Cognito

> AWS (Amazon Web Services) > Aws - Cognito

1 - About

Account management

3 - Concept

3.1 - user pool

A User Pool is your user directory that you can configure for your web and mobile apps. A User Pool securely stores your users’ profile attributes. You can create and manage a User Pool using the AWS console, AWS CLI, or AWS SDK.

3.2 - identity provider

Amazon Cognito works with identity provider to retrieve and update user pool profiles.

3.3 - identity pool

Identity pools are the containers that Cognito Identity uses to keep your apps’ federated identities organized. Identity Pool associates federated identities from social identity providers with a unique user specific identifier.

3.4 - permission

The permissions for each user are controlled through AWS IAM roles that you create.

Cognito Identity also allows you to define a separate IAM role with limited permissions for guest users who are not authenticated.

In addition, you can use the unique identifier that Cognito generates for your users to control access to specific resources. For example you can create a policy for an S3 bucket that only allows each user access to their own folder within the bucket.


3.5 - identity

4 - Management

4.1 - Account confirmation

Account confirmation occurs either using :

  • the email verification process (After users submit their registration, Amazon Cognito will send a confirmation email with a verification code to the address they provided. Users return to the site and enter their email address and the verification code they received).
  • or a manual confirmation through the Amazon Cognito console. For testing, you can confirm user accounts using the Amazon Cognito console using fake email addresses

The verification email may end up in your spam folder. For real deployments, configure the user pool to use Amazon Simple Email Service to send emails from a domain you own.

4.2 - Sign-in

4.3 - Authentication providers

Amazon Cognito provides two different mechanisms for authenticating users. You can use:

  • Cognito User Pools to add sign-up and sign-in functionality to your application
  • Cognito Identity Pools to authenticate users through:
    • social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions,
    • or by using your own identity system.

5 - Example

5.1 - Create a user pool and add an app

5.2 - Code

aws/cognito/cognito.txt · Last modified: 2019/04/22 16:53 by gerardnico