Cognito

Question 1

What is Cognito?

Answer 1

is a simple user identity and data synchronization service that helps you give our users an identity so that they can interact with our application

Question 2

What is Cognito User Pools?

Answer 2

User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP).

Question 3

What is Cognito Identity Pools (Federated Identity)?

Answer 3

Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. It provides identities for “users” so they obtain temporary AWS credentials

Question 4

What is Cognito Sync?

Answer 4

is an AWS service and client library that enables cross-device syncing of application-related user data
(Deprecated by AppSync)

Question 5

What extra features are providen by Cognito User Pools to enhance security?

Answer 5

email / phone verification, MFA

Question 6

What is returned by Cognito User Pools?

Answer 6

A JSON Web Token (JWT)

Question 7

What is required by Cognito Sync?

Answer 7

Cognito Identity Pools (not User Pool)

Question 8

What is the difference between Cognito User Pools and Cognito Identity Pools?

Answer 8

User pools are for authentication (identify verification). Identity pools are for authorization (access control)

Question 9

How can you create a serverless database of user for your web & mobile apps?

Answer 9

Cognito User Pools

Question 10

What features have Cognito User Pools?

Answer 10

• Simple login: Username (or email) / password combination
• Password reset
• Federated Identities: users from Facebook, Google, SAML…
• Feature: block users if their credentials are compromised elsewhere

Question 11

What AWS services are integrated to Cognito User Pools?

Answer 11

API Gateway and ALB

Question 12

How can you define triggers in Cognito User Pools?

Answer 12

CUP can invoke a Lambda function synchronously on triggers

Question 13

What are main triggers in Cognito User Pools?

Answer 13

Authentication events:
•	Pre Auth 
•	Post Auth
•	Pre Token generation
Sign-Up 
•	Pre Sign-Up 
•	Post Confirmation 
•	Migrate User 
Messages
•	Custom Message 
Token Creation
•	Pre Token Generation

Question 14

What is used for Cognito User Pool Pre Authentication trigger?

Answer 14

Custom validation to accept or deny the sign-in request

Question 15

What is used for Cognito User Pool Post Authentication trigger?

Answer 15

Event logging for custom analytics

Question 16

What is used for Cognito User Pool Pre Token Generation Authentication Event trigger?

Answer 16

Augment or suppress token claims

Question 17

What is used for Cognito User Pool Pre Sign-up trigger?

Answer 17

Custom validation to accept or deny the sign-up request

Question 18

What is used for Cognito User Pool Post Confirmation trigger?

Answer 18

Custom welcome messages or event logging for custom analytics

Question 19

What is used for Cognito User Pool Migrate User trigger?

Answer 19

Migrate a user from an existing user directory to user pools

Question 20

What is used for Cognito User Pool Custom Message trigger?

Answer 20

Advanced customization and localization of messages

Question 21

What is used for Cognito User Pool Pre Token Generation Token Creation trigger?

Answer 21

Add or remove attributes in Id tokens

Question 22

What feature does have Cognito User Pool to help you with authentication?

Answer 22

Cognito has a hosted authentication UI that you can add to your app to handle signup and sign-in workflows.
Using the hosted UI, you have a foundation for integration with social logins, OIDC or SAML

Question 23

What can you do when you use Cognito User Pool hosted authentication UI?

Answer 23

You can customize logo and CSS

Question 24

What are Cognito Identity Pools authentication methods?

Answer 24

o Public Providers (Login with Amazon, Facebook, Google, Apple)
o Users in a Cognito User Pool
o OpenID Connect Providers & SAML Identity Providers
o Developer Authenticated Identities (custom login server)
o Cognito Identity Pools allow for unauthenticated (guest) access

Question 25

What uses Cognito Identity Pools to provide temporary AWS services access?

Answer 25

IAM credentials are obtained by Cognito Identity Pools through STS

Question 26

How can you get a fine grained control in Cognito Identity Pools?

Answer 26

Customizing the IAM policies based on the user_id

Question 27

What about roles in Cognito Identity Pools?

Answer 27

• Default IAM roles, one for authenticated and one for guest users
• Define rules to choose the role for each user based on the user’s ID

Question 28

What are Cognito Identity Pools policy variables?

Answer 28

You can partition your users’ access using policy variables

Question 29

How is access to permissions managed by Cognito Identity Pools?

Answer 29

Access to permissions is controlled by a role’s trust relationships

Question 30

What is Cognito Push Sync?

Answer 30

silently notify across all devices when identity data changes

Question 31

What is Cognito Stream?

Answer 31

stream data from Cognito into Kinesis

Question 32

What is Cognito Events?

Answer 32

execute Lambda functions in response to events

Question 33

How many datasets can you have in Cognito Sync?

Answer 33

up to 20 datasets to synchronize

Question 34

Where is data stored in Cognito Sync?

Answer 34

Store data in datasets (up to 1MB),