This is an old revision of the document!
Table of Contents
Cognito
| Identity Pool alias Federated Identities | Identity pools allow you to grant users authenticated by third parties (e.g. login with Google) temporary IAM credentials to use you AWS resources in a limited way. Identity pools are free of cost and you only pay for the resources your users use via the IAM credentials. See the federation tokes, which are given to users from “User pool”. |
| User pool | User pools allow you to store your own users, they can sign up directly to the user pool and not have to use a third party provider like Google or Facebook. Confusingly user pools also have a 'federation' option (Identity providers) but this will actually create externally federated users in the pool. User pools provide OpenID tokens (access, id, refresh), not IAM credentials, which you can use with your own endpoints (ec2, fargate, api-gateway). User pools have costs associated with them based on the active users per month. |
| Federation tokens | Are provided in the Identity pool. At the end, they are associated with an IAM role and get access to AWS resources |
| Federated Identities > External Identity Providers | Apps on Facebook, Google+ or other platforms may be added to use Cognito API, in order to access AWS resources. Supported protocols: SAML, OpenID |
Difference User Pools > Identity providers and Federated Identities > Authentication providers
Identity pools (Federated identities) allow you to grant users authenticated by third parties (e.g. login with Google) temporary IAM credentials to use you AWS resources in a limited way. Identity pools are free of cost and you only pay for the resources your users use via the IAM credentials.
User pools allow you to store your own users, they can sign up directly to the user pool and not have to use a third party provider like Google or Facebook. Confusingly user pools also have a 'federation' option (Identity providers) but this will actually create externally federated users in the pool. User pools provide OpenID tokens (access, id, refresh), not IAM credentials, which you can use with your own endpoints (ec2, fargate, api-gateway). User pools have costs associated with them based on the active users per month.