Amazon Cognito supports sign-in with social identity providers such as Google, Facebook, Amazon, and Google as well as enterprise identity providers via SAML2.0 and OpenID Connect. This allows for a simple and secure User Registration, Sign-In, Access Control, and User Sign-Up that can scale up to millions of users. This service offers many other areas.
This blog will provide all the information you need to learn about Amazon Cognito and its features.
What is Amazon Cognito?
Amazon Cognito can provide authentication, authorization, user management, and user management for both your web and mobile applications. Users can sign up using a username and password, or through third-party platforms like Facebook, Amazon, Google, and Apple.
Amazon Cognito also has two major components, user pools or identity pools. User pools are user directories that offer sign-up and login options for your app users. Identity pools are used to grant access to other AWS services. These two components can be used together or separately. Let’s say that a user pool or an identity pool is used together.
This diagram shows how to authenticate your user and then allow access to another AWS Service to that user.
Image Source: AWS
The app then exchanges the tokens from the user pool for AWS credentials by using an identity pool.
The app user can then use these AWS credentials to access other AWS services such as DynamoDB or Amazon S3.
What are the key features of Amazon Cognito
To allow users to sign up or sign in to your web and mobile apps using Amazon Cognito SDK, you only need to write a few lines. Amazon Cognito also offers many other top features. Let’s take a look at some of the most unique.
1. Secure and scalable identity store
Amazon Cognito User Pools is a secure identity store that can scale to millions of users. The Cognito User Pools are easier to configure without the need for infrastructure. You can also use the Software Development Kit SDK to control the directory profile for all users in the user pool. User Pools
Store user-profiles
Support authentication for users signing up direct
Support authentication federated users signing into using enterprise and social identity providers to log in
2. Federation for enterprise and social identity
Your users can sign in quickly using social identity providers such as Amazon Cognito, Google, Facebook, Twitter, and Google. They can also sign in using enterprise identity providers such as SAML or OpenID Connect.
3. Standard-based authentication
Amazon Cognito User Pools are a standards-based Identity Provider that supports access management standards such as SAML 2.0, OAuth 2.0, and OpenID Connect.
4. Security for your apps, users and devices
Amazon Cognito supports multi-factor authentication, data-at-rest encryption, and in-transit encryption. This is also,
HIPAA compliant and eligible for PCI DSS SOC, ISO/IEC 27001 and ISO/IEC 27017.
Advanced security features are used to protect user accounts within your applications. These features provide risk-based adaptive authentication and security against the use of hacked credentials. These advanced security features can be enabled for Amazon Cognito User Pools in just minutes. It also has the ability to,
First, look out for unusual sign-in activity such as sign-in attempts from unknown locations or devices
Second, assigning a risk score for the activity
Thirdly, you can choose to prompt users for additional verification, or to block the sign-in request.
Lastly, users can verify their identities via SMS or a Time Based One-time Password (TOTP), such as Google Authenticator.
5. Access control for AWS resources
Amazon Cognito provides solutions to control access to AWS resources via your app. You can now define roles and assign users to different roles, so your app can only access the resources that are authorized. You can also restrict access to resources to users who meet certain attributes using AWS Identity and Access Management permissions policies.
6. Integration with your app is easy
Amazon Cognito can be easily combined to add user sign-in, sign up, and access control to an app. With the built-in interface and easy configuration for connecting identity providers, you can integrate. You can also customize the interface to display your company branding at the forefront of all user interactions.
7. Sign in using the built-in customizable user interface
Amazon Cognito offers a customized and built-in UI for user sign-ups and sign-in. This can be used with Android and iOS, as well as JavaScript SDKs from Amazon Cognito to add sign-up and sign in pages to your apps.
Common scenarios of Amazon Cognito
Amazon Cognito can be used in six scenarios.
1. Authenticating with a User pool
Source: AWS
Users of your app can log into their account either through a user pool, or by federation with an IdP.
The third aspect is that the user pool handles the overhead of handling tokens returned from social sign-in services like Facebook, Google, Amazon and Apple as well as OpenID Connect and SAML IdPs.
After authentication is successful, your web or app will receive user pool tokens via Amazon Cognito.
These tokens can also be used to retrieve AWS credentials that will allow your app access to additional AWS services. You can also use them