Cognito Flashcards
Cognito is used when
we want to give our users an identity so they can interact with our servers and our application.
Cognito is different products
- Cognito User Pools
- Cognito Identity Pools (Federated Identity)
- Cognito Sync
Cognito User Pools
- sign in functionality for app users
Cognito Identity Pools (Federated Identity Pools)
- provide AWS credentials to users so they can access AWS resources directly
- provide direct access to our AWS environment from the client side.
- integrate with Cognito User Pools as an identity provider
Cognito Sync
synchronize data from device to Cognito
probably deprecated and replaced by AppSync. But still on exam
AppSync is currently out of scope for the exam,
Cognito User Pools - what can you do
- create a serverless database of users for your mobile apps.
- simple login: username or email and pwd
- possibility to verify emails, phone numbers and add MFA
- can enable Federated Identiites (Facebook, Google, SAML)
- sends back a JSON Web Token, can be used to verify
the identity of someone. So can be integrated with API Gateway for authentication
Cognito User Pools -how
- We have our app and it wants to authenticate to CUP.
- It’s going to register our login using a password,
- CUP, after verifying the login, says, “Okay here is a JWT or JSON Web Token.”
Cognito Identity Pools (Federated Identity Pools) how
- we log into a Federated Identity Provider, or we can choose to remain anonymous.
- And, from this we get temporary AWS credentials
back from the Federated Identity Pool. - And, then these credentials come with an IAM policy attached to it, and so we can do stuff based on this IAM policy.
Cognito Identity Pools (Federated Identity Pools) use case
we wanted to provide temporary access to write to an S3 bucket using a Facebook login.
Cognito Identity Pools (Federated Identity Pools) how internally
- our app is able to login to an identity provider. The identity provider can be whatever you want. It an be Google, Facebook, Twitter, SAML, OpenID. And, even the Cognito User Pools
- from there our app gets to login and gets a token.
- using this token, we are going to pass it on to our Federated Identity Pool.
- we authenticate using that token to our FIP, and it will verify the token with our identity provider just to make sure we are who we say we are.
- Once the token has been verified, the Federated Identity will talk to the STS service to get temporary credentials for AWS.
- Once it has that, it will pass on the temporary credentials back to our application, and now that our application has these temporary AWS credentials,
it is, for example, able to interact directly with our S3 bucket. we have an IAM policy which allows us to do certain things and not do other things.
Cognito Sync lets you
store user preferences, configuration, and the state of our application, and it has a cross device synchronization capability.
Any platform, could be iOS, Android, etc. You can do offline stuff.
So, if you were to change your preferences offline and then you go back online, then they’re synchronized automatically.
Cognito Sync - to have it working well,
you need to use Federate Identity Pools in Cognito not User Pools.
The data is stored in data sets, and each data set could be up to one megabyte, and we can have up to 20 data sets to synchronize.
SAM
Serverless Application Model
framework for developing and deploying serverless applications
is going to be done in YAML code.
through SAM you can configure
your Lambda functions, your DynamoDB tables, your API Gateway, your Cognito User Pools,
and SAM will help you deploy that automatically to the AWS Cloud
SAM allows you to quickly deploy your Lambda functions using the integration with Code Deploy.
SAM locally
SAM can help you run your Lambda functions, your API Gateway, and your DynamoDB tables locally on your computer so you can do some debugging.
