AWS Auth
AWS Cognito
Amazon Cognito user pools
A user pool adds layers of additional features for security, identity federation, app integration, and customization of the user experience. You can, for example, verify that your users' sessions are from trusted sources. You can combine the Amazon Cognito directory with an external identity provider.
Amazon Cognito identity pools
Amazon Cognito identity pools provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. An identity pool is a store of user identity data specific to your account.
User pools vs Identity pools
User pools are for authentication. Your app users can sign in through the user pool, or federate through a third-party identity provider (IdP). Identity pools are for authorization. You can use identity pools to create unique identities for users, and give them access to other AWS services.
User cases
User pools
- Design sign-up and sign-in webpages for your app.
- Access and manage user data.
- Track your user device, location, and IP address, and adapt to sign-in requests of different risk levels.
- Use a custom authentication flow for your app.
Identity pools
- Give your users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table.
- Generate temporary AWS credentials for unauthenticated users.
来源
- Amazon Cognito user pools: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html
- Using identity pools (federated identities): https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html
- What's the difference between Amazon Cognito user pools and identity pools?: https://repost.aws/knowledge-center/cognito-user-pools-identity-pools