Amazon Cognito

aws/security aws/identity aws/service

💡 Definition

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. It supports sign-up and sign-in with social identity providers (like Facebook, Google, Apple) and enterprise identity providers (like Microsoft Active Directory via SAML).

🔑 Key Concepts

⚙️ How it Works

When a user signs up or signs in, Cognito handles the authentication process. If using User Pools, it manages the user directory directly. If using Identity Pools, it can federate identities from external providers. After successful authentication, Cognito provides tokens that your application can use to authorize access to your backend resources (e.g., via API Gateway or Lambda) or to grant access to AWS services (via Identity Pools).

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * IAM * AWS Amplify * API Gateway * Lambda