Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-AWS Cloud Solutions Architects Associate > Amazon Cognito User Pools vs Identity Pools > Flashcards

Amazon Cognito User Pools vs Identity Pools Flashcards

1
Q

Introduction

A

With the proliferation of smartphones in our connected world, more and more developers are quickly deploying their applications on the cloud

One of the first challenges in developing applications is allowing users to log in and authenticate on your applications

There are multiple stages involved in user verification and most of these are not visible from the end user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

User Identity verification is at the core of Amazon Cognito

It provides solutions for three key areas of user identification

A

Authentication - Provides users sign up and sign in options

Enables support for federation with Enterprise Identities (Microsoft AD), Social Identities (amazon, facebook, google)

Authorization - sets of permission or operations allowed for a user

It provides fine grained access control to resources

User Management - allows management of user life cycles, such as importing users, on-boarding users, disabling users and storing and managing user profiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Amazon Cognito User Pools

A

This is used for authentication

To verify your users identity, you will want to have a way for them to login using username/passwords or federated login using Identity Providers such as Amazon, Facebook, Google, or a SAML support authentication such as Microsoft AD

You can configure these Identity Providers on Cognito and it will handle the interactions with these providers so you only have to worry about handling the Authentication tokens on your app

With Cognito User Pools, you can provide sign up and sign in functionality for your mobile web app users

You dont have to build or maintain any server infrastructure on which users will authenticate

  1. Users send authentication requests to Cognito User Pools
  2. The Cognito user pool verifies the identity of the user or sends the request to Identity Providers such as Facebook, Google, Amazon, or SAML authentication (with Microsoft AD)
  3. The Cognito User Pool Token is sent back to the user
  4. The person can then use this token to access your backend APIs hosted on your EC2 clusters or in API Gateway and Lambda
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Amazon Cognito Identity Pools

A

This provides different functionality compared to User Pools

Identity Pools are used for User Authorization

You can create unique idneities for your users and federate them with your identity providers

Using identity pools, users can obtain temporary AWS credentials to access other AWS services

Identity Pools can be thought of as the actual mechanism authorizing access to AWS resources

When you create Identity Pools, think of it as defining who is allowed to get AWS credentials and use those credentials to access AWS resources

  1. The web app or mobile app sends its authentication token to Cognito Identity Pools. The token can come from a valid Identity Provider, like Cognito user Pools, Amazon or Facebook
  2. Cognito Identity Pool exchanges the user authentication token for temporary AWS credentials to access resources such as S3 or DynamoDB. AWS Credentials are sent back to the user
  3. The temporary AWS credentials will be used to access AWS resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ag-AWS Cloud Solutions Architects Associate (42 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions