What is AWS Cognito | Amazon Cognito
Amazon Cognito gives authentication, authorization, and user management for your web and mobile applications. Your clients can sign in legitimately with a user name and password, or through a third party, for example, Facebook, Amazon, Google, or Apple.
The two fundamental parts of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your application clients. Identity pools empower you to give your clients access to different AWS services. You can utilize identity pools and user pools independently or together.
An Amazon Cognito user pool and identity pool used together
See the diagram for a typical Amazon Cognito scenario. Here the objective is to verify your client and afterward award your client access to another AWS service.
- In the initial step your application user signs in through a user pool and gets user pool tokens after a successful verification.
- Next, your application trades the user pool tokens for AWS credentials through an identity pool.
- At last, your application client would then be able to utilize those AWS credentials to get to different AWS services, for example, Amazon S3 or DynamoDB.
Amazon Cognito is compliant with SOC 1-3, PCI DSS, ISO 27001, and is HIPAA-BAA eligible.
Secure and scalable user directory
Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. As a fully managed service, User Pools are easy to set up without any worries about standing up server infrastructure.
Social and enterprise identity federation
With Amazon Cognito, your users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML.
Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards, such as Oauth 2.0, SAML 2.0, and OpenID Connect.
Security for your apps and users
Amazon Cognito supports multi-factor authentication and encryption of data-at-rest and in-transit. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant.
Access control for AWS resources
Amazon Cognito provides solutions to control access to backend resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user.
Easy integration with your app
With a built-in UI and easy configuration for federating identity providers, you can integrate Amazon Cognito to add user sign-in, sign-up, and access control to your app in minutes. You can customize the UI to put your company branding front and center for all user interactions.
With the Amazon Cognito SDK, you just write a few lines of code to enable your users to sign-up and sign-in to your mobile and web apps.
A directory for all your apps and users
Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. As a fully managed service, User Pools are easy to set up without any worries about server infrastructure. User Pools provide user-profiles and authentication tokens for users who sign up directly and for federated users who sign in with social and enterprise identity providers.
Built-in customizable UI to sign in users
Advanced security features to protect your users
Using advanced security features for Amazon Cognito helps you protect access to user accounts in your applications. These advanced security features provide risk-based adaptive authentication and protection from the use of compromised credentials. With just a few clicks, you can enable these advanced security features for your Amazon Cognito User Pools.