Amazon Cognito: Learn more about the User Pool and Identity Pool

1. Introduction to Amazon Cognito2. Amazon Cognito: Key features How AWS Cognito authentication works Amazon Cognito Security5. Amazon Cognito pricing How to set Amazon Cognito up as a user pool and identity pool7. Conclusion8. About CloudThat9. FAQs

Introduction to Amazon Cognito
Amazon Cognito allows users to sign in/sign up for the web and mobile apps. It allows users to control access to resources and authorizes them with authentication.
Click here to learn more about Amazon Cognito Authentication.
Amazon Cognito: Key factors
Authentication adds an extra layer to protection for applications that allow users to authenticate.
Password and username
OTP-based authentication
Multi-factor authentication
Authorization is required when a user wishes to access private resources such as a database or RESTAPI. They need authorization to access the secure resources.
The user pool acts as an active directory that allows users to sign in/sign up for applications. The identity pool is used to grant access to AWS resources. A user pool is a directory that stores login credentials of users. This can be used to validate logins. Amazon Cognito offers temporary login credentials with limited access.
Cognito can be signed into by users via social networks (Facebook and Google, etc.) or Federated identity providers.
The user pool allows us to customize the authentication flow. The user can log into the application without entering a password. To do this, the user must enter their username and click on sign in. It will send an OTP to the appropriate email or phone to authenticate and then the user can log into the application.
If the user is authenticated, then we can grant access the Identity pool resources. If the user isn’t authenticated, we can grant temporary guest access. It also allows role-based access for AWS resources.
The data is automatically synced to AWS when the device is online. This allows users to access data from multiple devices. An identity pool is required to activate Amazon Cognito sync.
Amazon Cognito allows us to use the lambda function without having to reset their passwords.
How does the AWS Cognito Authentication work?

a) First, sign in to the user pool.
b) After authentication is successful, the user will receive a user token.
c) The app can exchange tokens for AWS credentials with the help of the identity Pool.
d) Now, the user can use these AWS credentials for access to AWS resources.
Amazon Cognito Security
It uses standard-based authentications such as OpenID Connect and SAML 2.0/0Auth 2.0
Amazon Cognito adheres to security standards for your apps, users, and data – HIPAA compliant and PCI DSS and SOC, ISO/IEC 27001 and ISO/IEC 27017. ISO/IEC 27018 and ISO 9001.
Amazon Cognito Pricing
The AWS free Tier has 50000 MAUs (Monthly Active Users) who sign in with the user Pool, and 50 MAUs if users are federated via identity providers.
Amazon Cognito Identity pool and User pool Setup Guide
Step 1: Log into AWS Console and type AWS Clognito in the search box.
Step 2: Click Manage user pools.
Step 3: Enter the name of your pool.
Step 4: Fill in the details below and click on Create Pool
Create a pool and attributes
Customize password policy
For additional security, configure SES (Simple Email Service), and MFA (Multi Factor Authentication)
Configure App client
Click on Create a Pool

Step 5: After submitting the details, the Pool ID and Pool ARN will be created.
Step 6: Click on the user or group option to create users
Step 7: Click Create the User and enter a username, temporary password and phone number.
Step 8: To create an identity pool, click Federated identity and give a new name for the pool (pool nam).