Cognito

Pros:

  • Give IAM access to other users

Cons:

  • Complicated as hell

  • No option to delete users from frontend

  • Naming doesn't follow Amazon naming conventions

Questions I Need To Answer:

  • How much can I customize the login page?

User Pools

Identity Pools

User pools are user directories that provide sign-up and sign-in options for your app users.

Identity pools provide AWS credentials to grant your users access to other AWS services.

Identity pools are used to store end user identities. To declare a new identity pool, enter a unique name.

With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for identity pools:

User pools provide:

  • Sign-up and sign-in services.

  • A built-in, customizable web UI to sign in users.

  • Social sign-in with Facebook, Google, and Login with Amazon, and through SAML and OIDC identity providers from your user pool.

  • User directory management and user profiles.

  • Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.

  • Customized workflows and user migration through AWS Lambda triggers.

  • Amazon Cognito user pools

  • Social sign-in with Facebook, Google, and Login with Amazon

  • OpenID Connect (OIDC) providers

  • SAML identity providers

  • Developer authenticated identities

Social Identity Providers

URLs:

Login URL

https://$domain/login?response_type=code&client_id=$client_id&redirect_uri=$redirect_uri

Valid OAuth Redirect URI

https://$domain/oauth2/idpresponse