Which AWS service represents an identity platform for web and mobile applications, providing a user directory, an authentication server, and an authorization service for OAuth 2.0 access tokens and AWS credentials?
Cognito
Which AWS service is designed for authentication, authorization, and user management for web and mobile applications?
Cognito
What are the two main components of Cognito for managing users and identities?
User Pools and Identity Pools
What functionality is provided by Cognito User Pools?
They handle user sign-up, sign-in, JSON Web Token (JWT) generation, and user directory management
Do Cognito User Pools allow access to AWS services?
No, they do not grant access to AWS services
Which functionality is provided by Cognito User Pools?
- User directory management
- Sign-in, sign-up, including external IDPs
- Customizable web UI
- MFA and other security features
What resources can be accessed using the JWT token from Cognito User Pools?
Self-managed server-based resources and API Gateway
What is the core functionality provided by Cognito Identity Pools?
To provide temporary AWS credentials
Which functionality is provided by Cognito Identity Pools?
- Grant unauthenticated identities direct access to AWS resources
- Enable Identity Federation by exchanging external IDP credentials (e.g., Google, Facebook, SAML 2.0, or User Pools) for temporary AWS credentials
Where are IAM Roles for a Cognito Identity Pool configured?
Directly within the Identity Pool
What types of IAM roles, at minimum, should be configured for a Cognito Identity Pool?
At a minimum two roles:
- One role for authenticated identities
- One for unauthenticated identities
How does a Cognito Identity pool provide temporary AWS credentials?
- User Pool JWT token or external IDP token passed to Identity Pool
- Cognito assumes the IAM Role defined in the Identity Pool
- Cognito generates temporary AWS Credentials, and returns them to the client
- Client uses credentials to access AWS Services
How are Cognito User Pools and Identity Pools typically used together?
User Pools handle user authentication and identity management, while Identity Pools exchange User Pool JWT tokens for temporary AWS credentials
What is Web Identity Federation?
It’s the process of exchanging an IDP-provided token (e.g., Google, Facebook, or SAML) for AWS credentials
How are multiple rules evaluated in an AWS Cognito Identity Pool for role mapping?
Rules are evaluated in sequential order, and the IAM role for the first matching rule is applied
Adding a CustomRoleArn attribute can modify this behavior
Which AWS service provides cross-device syncing of user-related application data?
AWS Cognito Sync
Which MFA options are supported by AWS Cognito?
- Time-based one-time (TOTP) password service
- SMS authentication code
-
IAM39
-
STS9
-
Organizations14
-
CloudTrail16
-
KMS14
-
S3128
-
EBS61
-
EFS14
-
VPC104
-
Hybrid Networking66
-
EC2152
-
Route 5336
-
RDS59
-
AWS Backup8
-
ELB44
-
SSM11
-
ECS12
-
ECR11
-
EKS7
-
ASG43
-
Lambda66
-
EventBridge11
-
SNS11
-
Step Functions15
-
API Gateway25
-
SQS41
-
Kinesis45
-
Cognito17
-
Glue13
-
MQ9
-
AppFlow6
-
ACM13
-
CloudFront75
-
Global Accelerator8
-
Storage Gateway58
-
CloudWatch65
-
CloudFormation110
-
Snow Family8
-
Directory Service17
-
DataSync12
-
FSx for Windows File Server13
-
FSx for Lustre15
-
Transfer Family15
-
Code*44
-
Elastic Beanstalk45
-
X-Ray27
-
DynamoDB97
-
ElastiCache19
-
Secrets Manager11
-
Systems Manager12
-
Web Application Firewall30
-
Shield17
-
CloudHSM11
-
Macie14
-
Inspector15
-
GuardDuty8
-
Athena8
-
Redshift12
-
Comprehend3
-
Kendra5
-
Lex4
-
Polly6
-
Rekognition4
-
Textract5
-
Transcribe5
-
Translate6
-
Forecast3
-
Fraund Detector3
-
SageMaker5
-
Local Zones6
