AWS Cognito - user pool vs identity pool

AWS & Typescript Masterclass - 7. Securing APIs with AWS Cognito

• stores user data
• basic authentication - JWT tokens
• -> authenticated - yes or no

AWS & Typescript Masterclass - 8. AWS Cognito Identity pools

• fine grained access control - user assumes an identity
• can directly call AWS SDK commands

---

User Pools

(1) Get Auth Token User -> Cognito

• username
• password

<- response–

• session object
  • JWT token
  • …

(2) Get data User –> Secured API

• JWT token

<-response–

• data

---

Identity Pools

(1) Get Auth Token User -> Cognito

• username
• password

<- response–

• session object
  • JWT token
  • …

(2) assume IAM role User –> IAM

• JWT token

<-response–

• assume role

(3) Get data User –> Secured S3 bucket

• temporary security credentials

{
Access key: ...
Secret access key: ...
Session ID: ...
}

<-response–

• data

(src: Course: AWS & Typescript Masterclass - CDK, Serverless, React)

Backlinks

• AWS & Typescript Masterclass - 7. Securing APIs with AWS Cognito
• AWS & Typescript Masterclass - 8. AWS Cognito Identity pools
• Course: AWS & Typescript Masterclass - CDK, Serverless, React