Amazon Cognito Overview & Its Features

Amazon Cognito is a simple user identity and data synchronization service that helps you securely manage and synchronize application data for your users across their devices. (mobiles, tablets, etc)

In this blog post, we will know more about Amazon Cognito in detail.

Topics we will cover :

• Overview Of Amazon Cognito
• Benefits
• Features
  
• User Pools
• Identity Pools
• Passwordless Authentication with Amazon Cognito
• Duo MFA with Amazon Cognito
• Role-Based Access Control Using Amazon Cognito
• Amazon Cognito Pricing
• Frequently Asked Questions

Overview Of Amazon Cognito

When you are building an application, you know that your users have probably more than one device. Being able to sync your user’s profile information whether save game data or any other kind of information is really important, so the users can have a great experience with your application whenever and wherever they use regardless of which device they use.  But building the back end you need to support that kind of storage and synchronization is a lot of work as you have to build it, deploy it and manage the infrastructure that runs on. Wouldn’t it be great if you could stay focused on riding your app without having to build your own back end just to support syncing and storing user’s data. That is where Amazon Cognito comes into the picture, which makes it really easy for you to manage user data for your apps across multiple mobiles or connected devices.

Benefits

• You can create identities for users of your app using the public login providers like Google, Facebook
• The service also supports unauthenticated identities and users can start off trying your app without logging in and then when they do create a profile using one of the public login providers, their profile data is seamlessly transferred.
• You can use Amazon Cognito to save any kind of user data and key-value pairs whether that is app preferences, game state, or anything that make sense for your app
• With Amazon Cognito, you do not have to worry about running your own back-end servers and dealing with identity network state, storage, or sync issues. you just save the user data using Amazon Cognito API and sync it. the user’s data is securely synced and stored in AWS Cloud.
• If you are using other AWS services, Amazon Cognito provides you with even more benefits like delivering temporary credentials with limited privileges that users can use to access database resources to save having to worry about credential management
• With AWS free tier, you will get 10 GB of storage and 1 million syncs per month for free for your first 12 months.

Also Read: Our Blog on AWS SNS

Features 

• Directory for all your apps and users: With Amazon Cognito, you get a directory known as User Pools which is a secure user directory that scales to millions of users. It is a fully managed service. User Pools are easy to configure and you need not panic about server infrastructure. User Pools provide user profiles and authentication tokens for users who sign up directly and users who sign in with public login providers.
• Built-in customizable UI to sign-in users: Amazon Cognito also let you have a built-in and customizable UI for user sign-up and sign-in. You can use any software to add user sign-up and sign-in pages to your applications like Android, iOS, and JavaScript SDKs for Amazon Cognito.
• Advanced security features to protect your users: You can use advanced security features for Amazon Cognito that will help you to authorize access to user accounts in your apps. These advanced security features provide risk-based adaptive authentication and protection from the use of compromised credentials. You can easily enable the security features for your Amazon Cognito User Pools.
• Standards-based authentication: Amazon Cognito uses common identity management standards including OpenID Connect, OAuth 2.0, and SAML 2.0.

Also Check: Our blog post on AWS lambda.

User Pools

User Pools are user directories used to manage the actions for the web and mobile apps such as Sign-up, Sign-in, Account recovery, and Account Confirmation.

• Allows users to sign in directly to the User pool, or using Web Identity Federation.
• Uses AWS Cognito as the Identity broker between AWS and the Identity Provider.
• Successful user authentication generates a JSON Web Token (JWT’s)
• User Pools can be thought of as the account used to access the system i.e. email addresses and passwords
• User Pools are each created in one AWS region and they store the user profile data in that region only. You can send user data to different AWS Regions also.

Check Out: Our Blog on AWS Storage

Identity Pools

Identity Pools provide temporary AWS- credentials to access services for example S3, and DynamoDB. Identity pools can be thought of as the actual mechanism authorizing access to AWS resources.

• In order to save user profile information, you need to integrate your Identity Pool with your User Pool.
• Identity Pools provides a unique identifier and AWS credentials for those users who do not authenticate with an identity provider thereby supporting unauthenticated identities.
• IAM roles that you create control the permissions for authenticated and non-authenticated users.
• Identity Pools support anonymous guest users as well.
• If you have an OpenID connect token, you can exchange this for temporary AWS credentials in AWS Security Token Service (STS) using the AssumeRoleWithWebIdentity API call.

Also Read: Our Blog post on AWS Secrets Manager

Passwordless Authentication with Amazon Cognito 

For password-less authentication with Amazon Cognito, you have to allow physical security keys or platform authentication to be used as the authentication factor for your applications that are using Amazon Cognito user pools for authentication. Check the flow diagram for user registration flow.

Read More:  About AWS database migration service.

Duo MFA with Amazon Cognito 

Adding Multi-factor authentication reduces the risk of unauthorized access to your account. For providing frictionless sign-in exposure, you also need to offer MFA options that support various devices and users. Duo Web offers a software development kit to make it easier for you to integrate your web applications with Duo MFA. You need an account with Duo and an application to protect. Check the authentication flow diagram to get more insights.

Check Out: Our Previous Blog On AWS Certificate Manager

Role-Based Access Control Using Amazon Cognito

Amazon Cognito simplifies the development process by helping you manage identities for your customer-facing applications. As your application grows, some of your enterprise customers may ask you to integrate with their own Identity Provider (IdP) so that their users can sign on to your app using their company’s identity, and have role-based access control (RBAC) based on their company’s directory group membership.

Amazon Cognito Pricing 

Using Amazon Cognito, you only pay according to your usage. There are no minimum fees and no upfront commitments. You only get charged for the management of identities and synchronization of data. You pay on your monthly active users (MAU’s) if you are using Cognito Identity to create user pools. In the free tier, the User  Pool feature lets 50,000 MAU’s sign indirectly and 50 MAU’s for federated users using SAML 2.0 based identity providers. to know the detailed prices per MAU in different regions, please click here

Frequently Asked Questions

1.) Who should use Amazon Cognito?

Answer: Amazon Cognito is designed for developers who want to add user management and sync functionality to their mobile and web apps. Developers can use Cognito Identity to add sign-up and sign-in to their apps and to enable their users to securely access their app’s resources. Cognito also enables developers to sync data across devices, platforms, and applications.

2.) Does Amazon Cognito expose server-side APIs?

Answer: Yes. Cognito exposes server-side APIs. You can create your own custom interface to Cognito by calling these APIs directly. The server-side APIs are described in the Developer Guide.

3.) Which platforms does Amazon Cognito support?

Answer: Support for Cognito is included in the optional AWS Mobile SDK, which is available for iOS, Android, Unity, and Kindle Fire. Cognito is also available in the AWS SDK for JavaScript. Cognito Your User Pools is currently supported in the AWS Mobile SDKs for iOS and Android and in the JavaScript AWS SDK for Cognito

Related Links/References

• Overview of Amazon Web Services & Concepts
• How to Create a free tier Account in AWS
• AWS Management Console Walkthrough
• AWS Solution Architect Certification [SAA-C03] 
• AWS Certificate Manager: Overview, Features and How it Works?
• AWS Database Services – Amazon RDS, Aurora, DynamoDB, ElastiCache

Next Task For You

Begin your journey towards becoming an AWS Certified Developer Associate and earning a lot more in 2021 by joining our Free Class.

The post Amazon Cognito Overview & Its Features appeared first on Cloud Training Program.