Cognito User Pool Vs Identity Pool

User pools are user directories that provide sign up and sign in options for your web and mobile app users.

Cognito user pool vs identity pool.

Cognito user pools or identity pools depending on your needs common use cases. To enable users in your user pool to access aws resources you can configure an identity pool to exchange user pool tokens for aws credentials. User pools are for authentication identify verification. Amazon cognito user pool is a service that helps manage your users and the sign up and sign in functionality for your mobile or web app.

Cognito identity pool or cognito federated identities is a service that uses identity providers like google facebook or cognito user pool to secure access to other aws resources. This diagram shows how authentication is handled with cognito user pools. For more information see accessing aws services using an identity pool after sign in and getting started with amazon cognito identity pools federated identities. Identity pools provide aws credentials to grant your users access to other aws services.

Say you wanted to allow a user to have access to your s3 bucket so that they could upload a file. Identity pools does not consume providers within the cognito user pool you can create federated indentity to access to your web or mobile app using fb google etc. You can see below some common scenarios where you could be hesitating about which service suits your needs. Cognito identity pool or cognito federated identities on the other hand is a way to authorize your users to use the various aws services.

Identity pool is used when you need to grant permission to user access directly your aws resources such as dynamodb or give access to an s3 bucket through iam roles with policies attached. If what you re aiming for is using aws as sort of a backend as as service you should use cid. I d like to access aws services directly from my mobile app. You could specify that while creating an identity pool.

Cognito federated identities or identity pool. Users send authentication requests to cognito user pools. Additionally cognito can integrate with any identity provider that implements the saml or oauth2 protocols. Since a cognito user pool is itself an identity provider you can configure your identity pool to use your app s own user pool as one of its identity providers.

With a user pool your app users can sign in through the user pool or federate through a third party identity provider idp. Identity pools are for authorization access control. The cognito user pool verifies the identity of the user or sends the request to identity providers such as facebook google amazon or saml authentication with microsoft ad. You can use identity pools to create unique identities for users and give them access to other aws services.