Cognito

Pros:
Give IAM access to other users
Cons:
Complicated as hell
No option to delete users from frontend
Naming doesn't follow Amazon naming conventions
Questions I Need To Answer:
How much can I customize the login page?
​
User Pools
Identity Pools
User pools are user directories that provide sign-up and sign-in options for your app users.
Identity pools provide AWS credentials to grant your users access to other AWS services.
​
Identity pools are used to store end user identities. To declare a new identity pool, enter a unique name.
​
​
With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for identity pools:
​
User pools provide:
Sign-up and sign-in services.
A built-in, customizable web UI to sign in users.
Social sign-in with Facebook, Google, and Login with Amazon, and through SAML and OIDC identity providers from your user pool.
User directory management and user profiles.
Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification.
Customized workflows and user migration through AWS Lambda triggers.
​
Amazon Cognito user pools
Social sign-in with Facebook, Google, and Login with Amazon
OpenID Connect (OIDC) providers
SAML identity providers
Developer authenticated identities
You can use identity pools and user pools separately or together.
To save user profile information, your identity pool needs to be integrated with a user pool.
​https://docs.aws.amazon.com/cognito/index.html​
Social Identity Providers
URLs:
Login URL
​https://$domain/login?response_type=code&client_id=$client_id&redirect_uri=$redirect_uri​
Valid OAuth Redirect URI
​https://$domain/oauth2/idpresponse
​

API Gateway

DynamoDB

Last updated -6

User Pools	Identity Pools
User pools are user directories that provide sign-up and sign-in options for your app users.	Identity pools provide AWS credentials to grant your users access to other AWS services.
	Identity pools are used to store end user identities. To declare a new identity pool, enter a unique name.
	With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. Identity pools support anonymous guest users, as well as the following identity providers that you can use to authenticate users for identity pools:
User pools provide: Sign-up and sign-in services. A built-in, customizable web UI to sign in users. Social sign-in with Facebook, Google, and Login with Amazon, and through SAML and OIDC identity providers from your user pool. User directory management and user profiles. Security features such as multi-factor authentication (MFA), checks for compromised credentials, account takeover protection, and phone and email verification. Customized workflows and user migration through AWS Lambda triggers.	Amazon Cognito user pools Social sign-in with Facebook, Google, and Login with Amazon OpenID Connect (OIDC) providers SAML identity providers Developer authenticated identities