AWS Cognito - user pool vs identity pool
September 15th, 2022
stores user data
basic authentication - JWT tokens
-> authenticated - yes or no
fine grained access control - user assumes an identity
can directly call AWS SDK commands
User Pools
(1) Get Auth Token
User -> Cognito
username
password
<- response--
session object
JWT token
...
(2) Get data
User --> Secured API
JWT token
<-response--
data
Identity Pools
(1) Get Auth Token
User -> Cognito
username
password
<- response--
session object
JWT token
...
(2) assume IAM role
User --> IAM
JWT token
<-response--
assume role
(3) Get data
User --> Secured S3 bucket
temporary security credentials
{
Access key: ...
Secret access key: ...
Session ID: ...
}
<-response--
data
(src: Course: AWS & Typescript Masterclass - CDK, Serverless, React)