AWS Cogneto Flashcards
What is AWS Cognito?
It is an identity service, there are two parts, the user identity pool and the ident pool.
User identity pool is a complete identity services where users can sign up to an application and it manageds the sig up flow, validatyion, security for your application. Even provides SDV for copmmon languages to make integratio with the apoplication easy.
Identity pool is a solution that manages identity with common social media preoviders like Twitter (x), Facebook, etc onbahalf of the application and provides the application with a single common interfaces to have uses use there own social media accounts to sign in to the sapplication.
I am developing a new appliucation requiring OAuth2 with my mobile application, what AWS service could I use to implent OAuth2?
Cognito supports OAuth2 through it ‘Identity Pool’.
Amazon Cognito – Best for OAuth2 Implementation
Amazon Cognito provides:
OAuth2 Authorization Code Flow, Implicit Flow, and Client Credentials Flow. Built-in user pools for user management (sign-up, sign-in, etc.). Integration with federated identity providers (e.g., Google, Facebook, Apple, SAML, OpenID Connect). Hosted UI for OAuth2 login, or you can build your own UI and integrate with Cognito APIs. Token issuance: ID token, access token, refresh token.
I am building a new application in AWS and requir an AWS service supporting OIDC with my new mobile application, what service could I use?
Cognito supports OICD through ‘Identity Pool’.
Why Amazon Cognito?
OIDC Support: Fully supports the OIDC protocol for authentication and authorization. Mobile-Ready: Designed to work easily with iOS, Android, and web applications. User Pools: Manages user sign-up, sign-in, and access control. Federated Identities: Supports identity federation with external OIDC identity providers (like Google, Facebook, or your custom OIDC provider). Secure Token Handling: Issues JWT tokens (ID, access, and refresh tokens) compliant with OIDC. Integration with AWS Services: Seamless IAM role integration via Identity Pools. Hosted UI: Optional pre-built authentication UI that supports OIDC flows like authorization code flow.
I require JWTs with my new AWS mobile application, what AWS service could I use?
Cognito supports JWT through it ‘Identiy Pool’.
Why Amazon Cognito?
User Authentication: It provides user sign-up, sign-in, and access control. JWT Token Issuance: After a successful authentication, Cognito issues JWTs (ID token, access token, and refresh token). Integration: Easily integrates with AWS AppSync, API Gateway, and Lambda. Federated Identities: Supports social identity providers (like Google, Facebook, Apple) and enterprise identity providers via SAML.
Describe what AWS Cognito ‘delegated access’ is? and how can I use AWS Cognito to provide delegated access?
AWS Cognito “delegated access” typically refers to the ability to authorize a user or application to act on behalf of another user—usually through temporary security credentials issued by AWS STS (Security Token Service) after successful authentication via Cognito.
This allows a user authenticated through AWS Cognito to temporarily access AWS services (like S3, DynamoDB, etc.) with scoped permissions defined in IAM roles.
🔍 What is Delegated Access in AWS Cognito?
Delegated access in Cognito involves:
Authentication via Cognito User Pools, Federated Identities or Identity Pools. Authorization using IAM roles with limited permissions. Temporary credentials are provided using AWS STS via Cognito Identity Pools.
This model is useful when:
A user signs in with Cognito, and you want them to access AWS resources (like S3) securely. You want to restrict access to certain resources per user or group. You need cross-account access or federated access (e.g., users signing in via Google, Facebook).
What is OIDC?
Open ID connect
What is JWT?
Java web token
What is in a JWT?
Header
Payload
Signing
What are the two main sections/services in reference to Cognito?
User pools
Identity Pools
I am using AWS and I want to build an application fast and what to offload user UI management like user sign up, pass-reset, etc to service, what options do I have?
Cognito user pools offer this ability
Using AWS services, I am building a web-based application and I would like the ability to have the users use there existing social media accounts, what AWS services can i use?
Cognito identity pools
In AWS when using Cogneto, can I use MFA with AWS Cogneto User Identitie Pool?
Yes 100%
Yes, Amazon Cognito allows you to implement Multi-Factor Authentication (MFA) for user identities within a user pool. MFA enhances security by requiring users to provide additional verification beyond their username and password. Cognito supports several MFA methods:
AWS Documentation+7AWS Documentation+7AWS Documentation+7
AWS Documentation+1AWS Documentation+1
SMS-based MFA: Users receive a one-time code via SMS during sign-in. To enable this, configure Amazon Simple Notification Service (SNS) for your user pool to send SMS messages. AWS Documentation Time-based One-Time Password (TOTP) MFA: Users generate a temporary code using an authenticator app like Google Authenticator. This requires enabling TOTP in your user pool settings. AWS Documentation+6AWS Documentation+6AWS Documentation+6 Email-based MFA: Users receive a one-time code via email. To use this method, your user pool must be in the Essentials or Plus feature plan and configured to send emails through Amazon Simple Email Service (SES). AWS Documentation+2AWS Documentation+2AWS Documentation+2
You can set MFA as required, optional, or disabled in your user pool settings:
AWS Documentation+9AWS Documentation+9AWS Documentation+9
Required: All users must set up and use MFA. AWS Documentation Optional: Users can choose whether to enable MFA. Disabled: MFA is not used.
To configure these settings in the Amazon Cognito console:
AWS Documentation+4AWS Documentation+4AWS Documentation+4
Sign in to the Amazon Cognito console. Choose your user pool. AWS Documentation+10AWS Documentation+10AWS Documentation+10 Navigate to the "Sign-in" tab. AWS Documentation+2AWS Documentation+2AWS Documentation+2 Under "Multi-factor authentication," choose "Edit" to set your preferred MFA options. AWS Documentation+2AWS Documentation+2
Can you customize the user pool user UI interface?
Yes 100%
Can you use identity and user pools at the same time?
Yes 100%
As part of my signup, I require SMS verification and email verification, what is my option if I do not wnat to build it in my app to save time?
You can use Cognito
I wnat to use custom flows to the auth and sign up and even messages in Cognito, is this possible?
Yes 100%, using lambda
What service does Cognito integrate with?
API Gateway
AWS ALB
I have an application that uses ALB and being it is my app in an autoscaling group, I have been asked to add OAUTH authorization, how cna I do this?
The ALB has the ability to integrate with Cognito and Cognito supports OAUTH, So you have Cogneto preform the oTHUH for the user and provide the token to the ALB.
I have an application that uses API with s my app in an autoscaling group, I have been asked to add OAUTH authorization, how cna I do this?
The API has the ability to integrate with Cognito and Cognito supports OAUTH, So you have Cogneto preform the oTHUH for the user and provide the token to the API GW.
I have a mobile application, I intend to use a SynamoDBtable for each user to enable the user to store information but I need that ability to authorise again DynamoDB, what is my best option?
Cogneto can be used, Cognito will auth thet user and retrieve an STS token that cna be used to call other AWS services.
When using user identity in Cogneto, what MFA types are supported MFA?
- sms
When Cognito is used to sign in from, say google account, what is returned by AWS Cognito?
STS access key and secret key
When Cognito is used to sign in from, say google account, what is returned by AWS Cognito?
STS access key and secret key
How would I secure AWS Cognito?
Using the AWS WAF.
