Tech Terms Explained Open in the app →

Amazon Cognito

Security · Intermediate · 4 min read

What is it?

Amazon Cognito is a managed service that handles user sign-up, sign-in, and access control for your web and mobile apps.

Explain like I'm 5

Cognito is like outsourcing your app's front-desk security: it handles registering users, checking IDs at login, and issuing badges, so you don't build all that yourself.

Why was it created?

Building secure authentication is hard and risky to get wrong. Cognito was created to provide managed user identity and access for apps.

Where is it used?

  • User sign-up and login
  • Social and federated login
  • Securing APIs
  • Mobile and web app authentication

Why should developers care?

Authentication is needed in most apps, and Cognito is AWS's standard way to add it, so cloud developers commonly use it.

How does it work?

Cognito user pools store and authenticate users, supporting passwords, multi-factor auth, and social/federated logins. On successful login it issues tokens (like JWTs) your app and APIs use to authorize requests. Identity pools can grant temporary AWS credentials.

Real-world example

A mobile app uses Cognito for sign-up and 'log in with Google'; after login it gets tokens that authorize calls to the app's API.

Common use cases

  • App authentication
  • Social/federated login
  • Securing API access with tokens
  • Temporary AWS access for users

Advantages

  • Managed, secure authentication
  • Social and federated login
  • Issues standard tokens
  • Scales to many users

Disadvantages

  • Configuration complexity
  • AWS-specific
  • Customization limits
  • Learning curve for flows

When should you use it?

When you need managed user authentication and access control for an AWS-connected app.

When should you avoid it?

When another identity provider better fits your stack, or for very simple internal auth.

Alternatives

Auth0Firebase AuthenticationSelf-built auth (riskier)

Related terms

OAuthJWTAWS IAMSession

Interview questions

Beginner

  • What does Cognito do?
  • What is user authentication?

Intermediate

  • What is a Cognito user pool?
  • What tokens does it issue?

Senior

  • What's the difference between user pools and identity pools?
  • How does Cognito secure API access?

Common misconceptions

  • "Cognito is the same as IAM" — IAM controls access for AWS resources/admins; Cognito manages your app's end users.
  • "Cognito only does passwords" — it supports MFA and social/federated logins too.

Fun facts

  • User pools manage your app's users; identity pools can hand out temporary AWS credentials.
  • Cognito issues standard tokens (JWTs) used to authorize requests.

Timeline

  • 2014 — Amazon Cognito launches

Learning resources

Quick summary

Amazon Cognito is managed authentication for apps, handling sign-up, login, social/federated identity, and token-based access control.

Cheat sheet

  • Managed user auth for apps
  • User pools store/authenticate users
  • Social + federated login
  • Issues tokens (JWTs)

If you remember only one thing

Cognito handles your app's user sign-up, login, and access tokens so you don't build authentication from scratch.