Amazon Cognito is an access management service that lets you add user sign-up, sign-in and control access to your web and mobile applications easily and quickly. Amazon Cognito supports sign-in with social identity providers such as Google, Facebook, Amazon, and Apple, and enterprise identity providers through SAML 2.0 and OpenID Connect.
There are two main components of Amazon Cognito:
We can use user pools and identity pools together as well as separately.
A user pool is a secured user directory that provides sign-in, and sign-up options for your web and mobile application users. Every user, whether they are signed in directly or using a third-party identity provider, has a profile directory that can be accessed with the use of an SDK. User pools are fully managed services that scale to support hundreds of millions of users.
User pools provide the following:
With Identity Pools, we can grant users temporary access to other AWS services such as DynamoDB, and Amazon S3. The access can be given to anonymous guest users or users who have signed in. Identity pool needs to be integrated with the user pool in order to save user profile information.