AWS Cognito and IAM Identity Center

AWS Cognito

AWS Cognito is designed to handle user authentication and authorization for web and mobile applications. Cognito and STS serve related but distinct purposes for authentication and authorization. Cognito mainly handles user sign-up, sign-in, and access control for web and mobile applications. It allows the application to outsource user identity management, including features like social login with Facebook or Google, which applications can leverage.

In contrast, STS focuses specifically on providing temporary security credentials to access AWS services and resources. It enables delegation of access without handing out long-term credentials. Common use cases for STS include allowing third parties short-term access for tasks or allowing resources in one AWS account to be accessed by users federated from another account.

Cognito has three main components:

• User pools provide sign-up and sign-in options for our app users.
• Identity pools allow us to grant our application users temporary, limited-privilege AWS credentials to access services.
• Sync enables app data to be synchronized across devices.

Let’s look at each of these components in detail.