Cognito/Identity Pools

Hi Satyajit,

I believe your question is referring to when do you use AWS Cognito User Pool or Identity Pool. Both are components of Cognito. User Pool is used for authentication with Identity Providers. Identity Pool is used for authorization to other AWS Services using temporary credentials. Example use case:

User Pool - for sign in to your web/mobile apps

Identity Pool - give access to AWS resources like S3 buckets.

Here is a short article that will help you in your understanding of these concepts: https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/

For a more detailed explanation with scenarios, I will recommend this reading: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-scenarios.html

Hello,

A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Google, Facebook, Amazon, or Apple, and through SAML identity providers. Whether your users sign in directly or through a third party, all members of the user pool have a directory profile that you can access through a Software Development Kit (SDK).

Amazon Cognito identity pools (federated identities) enable you to create unique identities for your users and federate them with identity providers. With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services.

Please go through below links to know about their usage.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html

Thanks, Gautam

What if I need to authenticate users from AzureAD within an ELK using Cognito? Do I need to setup both user pool and identity pool OR can I just use one user pool with SAML pointing to a AzureAD Identity provider with the proper schema?

thanks,F