- 최신
- 최다 투표
- 가장 많은 댓글
Hi!
As you might know, Amazon Cognito has two main components: User pools and Identity pools. 1) With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. 2) An identity pool is a collection of unique identifiers, or identities, that you assign to your users or guests and authorize to receive temporary AWS credentials for accessing other AWS services. [1]
A key capability of Amazon Cognito user pools is the ability to create and manage groups. Groups enable you to organize users into collections to manage permissions or represent different types of users. For example, you could create 'ADMIN' and 'NORMAL' groups, add users to these groups, and assign each group a distinct set of permissions. Groups allow you to efficiently manage access and authorization for categories of users. [2]
The sub attribute is a unique user identifier within each user pool. Users can change attributes like username and email but sub attribute has a fixed value. [3]
For enhanced security, it is recommended to add multi-factor authentication (MFA) to a user pool to protect the identity of your users.Adding MFA provides an extra layer of protection beyond just a username and password. Users would need to provide an additional piece of identifying information to authenticate.[4] The Amazon Cognito documentation [5] provides guidance on additional security best practices: Data protection in Amazon Cognito, Identity and access management for Amazon Cognito, Logging and monitoring in Amazon Cognito, Compliance validation for Amazon Cognito, Resilience in Amazon Cognito, Infrastructure security in Amazon Cognito, Configuration and vulnerability analysis in Amazon Cognito user pools, AWS managed policies for Amazon Cognito
[1] https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
[2] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html
[3] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
[4] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
[5] https://docs.aws.amazon.com/cognito/latest/developerguide/security.html
관련 콘텐츠
- AWS 공식업데이트됨 4달 전
- AWS 공식업데이트됨 2년 전