Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Developer Certification > Cognito > Flashcards

Cognito Flashcards

1
Q

What are some keywords that indicate Cognito should be used and not IAM?

A
  • Hundreds of users
  • Mobile users
  • Authenticate with SAML
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between Cognito and IAM?

A

Cognito is to provide external users an identity to interact with a web or mobile application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of Cognito Identity Pools?

A

Provide temporary AWS credentials to users to they can access AWS resources directly
- Integrate with Cognito User Pools as an Identity Provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the two main paths of access via Cognito User Pools (CUP)

A

On login the user receives a JWT - JSON Web Token. The JWT is passed to API Gateway (which then evaluates the token against CUP), and then provides backend access.

The second flow is similar to above, except an ALB authenticates the user against CUP, and then forwards the user to the backend.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is it called when users are allowed to log in using Google, Facebook etc.?

A

Federation through Third Party Identity Provider (IdP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How can you create a hosted UI custom domain?

A

For a custom domain, you must create an ACM certificate in us-east-1, and define the domain within the ‘App integration’ section

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is adaptive authentication?

A

Block sign-ins or require MFA if the login appears suspicious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you authenticate users with an ALB?

A

Load balancer authenticates users either through an IdP (that is OpenID Connect compliant), or through Cognito User Pools (federated such as Facebook, Google or corporate identities such as SAML)
-> Must use an HTTPS listener to set authenticate-oidc & authenticate-cognito rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a basic flow for getting AWS access via Cognito Identity Pools?

A
  1. Login and get token (using an IdP or CUP)
  2. Exchange token with Cognito Identity Pools (token is validated against IdP or CUP)
  3. If validation successful, Cognito Identity Pools gets temp credentials from STS (security token service) and passes these back to application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you control IAM access for users with Cognito Identity Pools?

A

Define default IAM roles for authenticated and guest users
- Define rules to choose the role for each user based on the User’s ID
- Can define a policy variable on an AWS resource to provide access only under certain conditions (e.g., an S3 bucket that has a prefix of the user’s ID)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the difference between Cognito User Pools vs Identity Pools?

A
  • CUP is for authentication, i.e., identity verification
  • CIP is for authorization, i.e., access control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS Developer Certification (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions