Cognito
Owner | |
---|---|
Verification | |
Tags | |
Last edited time |
AWS Cognito
Used for web and mobile application to create User pools - Acts as an identity broker
User pool - directory for sign in & sign up for users (can user FB, google)
Identity pool - limited access to service (like IAM role - uses STS assume role )
Identity Federation
SAML 2.0 Federation - old = use AWS SSO
supports ADFS & MS Active directory , provides CLI, API, Console accessAssumeRoleWIthSAML
Custom Identity Broker
on premisses identity broker connected to AWS
Web Identity Federation
not recommended - use Cognito
can limit user action using IAM Policy