Cognito Flashcards
What is Cognito?
is a simple user identity and data synchronization service that helps you give our users an identity so that they can interact with our application
What is Cognito User Pools?
User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP).
What is Cognito Identity Pools (Federated Identity)?
Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. It provides identities for “users” so they obtain temporary AWS credentials
What is Cognito Sync?
is an AWS service and client library that enables cross-device syncing of application-related user data
(Deprecated by AppSync)
What extra features are providen by Cognito User Pools to enhance security?
email / phone verification, MFA
What is returned by Cognito User Pools?
A JSON Web Token (JWT)
What is required by Cognito Sync?
Cognito Identity Pools (not User Pool)
What is the difference between Cognito User Pools and Cognito Identity Pools?
User pools are for authentication (identify verification). Identity pools are for authorization (access control)
How can you create a serverless database of user for your web & mobile apps?
Cognito User Pools
What features have Cognito User Pools?
- Simple login: Username (or email) / password combination
- Password reset
- Federated Identities: users from Facebook, Google, SAML…
- Feature: block users if their credentials are compromised elsewhere
What AWS services are integrated to Cognito User Pools?
API Gateway and ALB
How can you define triggers in Cognito User Pools?
CUP can invoke a Lambda function synchronously on triggers
What are main triggers in Cognito User Pools?
Authentication events: • Pre Auth • Post Auth • Pre Token generation Sign-Up • Pre Sign-Up • Post Confirmation • Migrate User Messages • Custom Message Token Creation • Pre Token Generation
What is used for Cognito User Pool Pre Authentication trigger?
Custom validation to accept or deny the sign-in request
What is used for Cognito User Pool Post Authentication trigger?
Event logging for custom analytics
What is used for Cognito User Pool Pre Token Generation Authentication Event trigger?
Augment or suppress token claims
What is used for Cognito User Pool Pre Sign-up trigger?
Custom validation to accept or deny the sign-up request
What is used for Cognito User Pool Post Confirmation trigger?
Custom welcome messages or event logging for custom analytics
What is used for Cognito User Pool Migrate User trigger?
Migrate a user from an existing user directory to user pools
What is used for Cognito User Pool Custom Message trigger?
Advanced customization and localization of messages
What is used for Cognito User Pool Pre Token Generation Token Creation trigger?
Add or remove attributes in Id tokens
What feature does have Cognito User Pool to help you with authentication?
Cognito has a hosted authentication UI that you can add to your app to handle signup and sign-in workflows.
Using the hosted UI, you have a foundation for integration with social logins, OIDC or SAML
What can you do when you use Cognito User Pool hosted authentication UI?
You can customize logo and CSS
What are Cognito Identity Pools authentication methods?
o Public Providers (Login with Amazon, Facebook, Google, Apple)
o Users in a Cognito User Pool
o OpenID Connect Providers & SAML Identity Providers
o Developer Authenticated Identities (custom login server)
o Cognito Identity Pools allow for unauthenticated (guest) access
What uses Cognito Identity Pools to provide temporary AWS services access?
IAM credentials are obtained by Cognito Identity Pools through STS
How can you get a fine grained control in Cognito Identity Pools?
Customizing the IAM policies based on the user_id
What about roles in Cognito Identity Pools?
- Default IAM roles, one for authenticated and one for guest users
- Define rules to choose the role for each user based on the user’s ID
What are Cognito Identity Pools policy variables?
You can partition your users’ access using policy variables
How is access to permissions managed by Cognito Identity Pools?
Access to permissions is controlled by a role’s trust relationships
What is Cognito Push Sync?
silently notify across all devices when identity data changes
What is Cognito Stream?
stream data from Cognito into Kinesis
What is Cognito Events?
execute Lambda functions in response to events
How many datasets can you have in Cognito Sync?
up to 20 datasets to synchronize
Where is data stored in Cognito Sync?
Store data in datasets (up to 1MB),