I'm starting to use Amazon Cognito, and I'm not sure whether I should use user pools or identity pools for my business applications. What's the difference?
User pools are for authentication (identity verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP).
Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
Use a user pool when you need to:
Use an identity pool when you need to:
For more example use cases, see Common Amazon Cognito Scenarios.
Features of Amazon Cognito
Identity pools concepts (federated identities)
Identity pools (federated identities) authentication flow