AWS service difference between cognito user pool and federated identity

Question

AWS provides Cognito which provides the developers with sign-up and sign-in facilities including federations with OpenId compatible identity providers such as Google, Facebook, etc. There are 2 types of categories in cognito developer console, and these are managing user pool and managing federated identities.

I'm just a little confused because both are very similar even we want to provide our client to login with their Facebook account. The Cognito user pool itself provides federation and the federation identity pool also provide by authentication providers.

The question is that if I want to allow my clients to use their own Facebook account for sign-in, which categories should I use? user pool, or federated identities?

Answer 1

You can go with user pools as sort of a directory which contains user attributes such as name, phone number, email, etc. You can federate users into user pools. Cognito Federated identities let you federate users into AWS and vends AWS credentials that can be used to access the resources you allow in your policy.

For Cognito Federated Identities, you can also have a variety of identity providers that you can configure such as Google, Facebook, and also Cognito User Pools can be an identity provider.

What you want to use totally depends on your use case, If you don't require AWS resources for your app then probably User Pools is all that you need.

Do Check out the AWS Certification Course offered by Intellipaat.