Simplifies authentication and authorization for web apps.
User Pools are all about sign-in/sign-out, while Identity Pools are about temporary IAM roles.
User Poolreturns a JWT token.
Identity Poolfor AWS credentials that map to a IAM role.
After creating the User Pool, you can configure the following:
App Client. We use it to call all the various APIs on our behalf. Make sure
Generate App Client Secretis selected on.
App client settings, set it for
Cognito User Pool, and you'll need to configure the Callback URL and sign-out url.
Allowed OAuth Flows, the demo selected
Authorization code grantand
Implicit grant. The later provides the JWT.
Allowed OAuth Scopes, all the value were selected.
Domain name, a domain is created.
Configuraing the app client is out of scope for this exam.
After all of this was done, the last few things demonstrated:
Users and groups, it was demonstrated how to create groups for what certain users could access.
Identity providers, there was a demonstration of the provider values possible.
In part one, there was a DynamoDB Table and EC2 instance.
In this part, a Cognito Identity Pool and IAM Role are created. It will give access to unauth'd users.
assume-role-with-web-identityis an API provide by STS (Security token service).
assume-role-with-web-identity. For mobile, it is recommended to use Cognito.
Delegate access to resources in different AWS accounts that you own.