Amazon provides identity and access management services, under the product name of Cognito.
“Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.”
Amazon Website
Functionality Key Facts
- Cognito User Pools – secure and scaleable user directory; a managed service directory capable of scaling to millions of entries
- Social & Enterprise Federation – bring your own identity from social providers such as Google, Facebook and of course Amazon, as well as enterprise services such as Active Directory via an outbound SAML connection
- Standards Based Authentication – support for the table stakes protocols such as OAuth2, OpenID Connect and SAML2
- Security Compliance – looking to attract organisations with compliance needs, with support for the likes of PCI-DSS, HIPAA, ISO27001 and ISO9001
- Centralised AWS Access Management – look to control access to AWS resources via attribute and role based access control
- Rapid Integration Options – accelerate service integration to client applications with customised user interface options
Public Case Studies
9 public case studies appear from the AWS website case studies micro-site, that focus on Cognito. The below are some that explicitly call out the use of Cognito within their projects:
- Siemens Junelight Smart Battery – smart battery technology researched in 2016 and looking for a rapid prototype go-to-market. Leveraged AWS IoT and API security features along with Cognito for user management. Major benefit being rapid time to value and startup times, to allow for quick testing of the new solution.
- Avazu Internet Advertising – mobile and distributed advertising agency. The parent company, leveraged Cognito for mobile registration and login for their apps, in order to provide BYOI social identity integration use cases. Over 200 apps integrated.
- Concrete Software – mobile games software developer. Used Cognito to save user data and perform cross device state replication, without having to build the infrastructure themselves
Release Note Changes 2018-2020
Cognito is a SaaS service, which could indicate frequent roll outs of new functionality, bug fixes and features. AWS is also relatively new (launched in 2014), so it would be expected that big leaps in use case completion would occur.
The following is a brief review of changes to the service between 2018 and February 2020, as taken from the developer notes document change history:
Change | Description | Date |
---|---|---|
Username case insensitivity update | Added recommendation about enabling username case insensitivity before creating a user pool. | February 11, 2020 |
New information about AWS Amplify | Added information about integrating Amazon Cognito with your web or mobile app by using AWS Amplify SDKs and libraries. Removed information about using the Amazon Cognito SDKs that preceded AWS Amplify. | November 22, 2019 |
New attribute for user pool triggers | Amazon Cognito now includes a clientMetadata parameter in the event information that it passes to the AWS Lambda functions for most user pool triggers. You can use this parameter to enhance your custom authentication workflow with additional data. | October 4, 2019 |
Updated limit | The throttling limit for the ListUsers API action is updated. For more information, see Limits in Amazon Cognito. | June 25, 2019 |
New limit | The soft limits for user pools now include a limit for the number of users. For more information, see Limits in Amazon Cognito. | June 17, 2019 |
Amazon SES email settings for Amazon Cognito user pools | You can configure a user pool so that Amazon Cognito emails your users by using your Amazon SES configuration. This setting allows Amazon Cognito to send email with a higher delivery volume than is otherwise possible. For more information, see Email Settings for Amazon Cognito User Pools. | April 8, 2019 |
Tagging support | Added information about tagging Amazon Cognito resources. | March 26, 2019 |
Change the certificate for a custom domain | If you use a custom domain to host the Amazon Cognito hosted UI, you can change the SSL certificate for this domain as needed. For more information, see Changing the SSL Certificate for Your Custom Domain. | December 19, 2018 |
New limit | A new limit is added for the maximum number of groups that each user can belong to. For more information, see Limits in Amazon Cognito. | December 14, 2018 |
Updated limits | The soft limits for user pools are updated. For more information, see Limits in Amazon Cognito. | December 11, 2018 |
Documentation update for verifying email addresses and phone numbers | Added information about configuring your user pool to require email or phone verification when a user signs up in your app. For more information, see Verifying Contact Information at Sign-Up. | November 20, 2018 |
Documentation update for testing emails | Added guidance for initiating emails from Amazon Cognito while you test your app. For more information, see Sending Emails While Testing Your App. | November 13, 2018 |
Amazon Cognito Advanced Security | Added new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against compromised credentials, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt. | June 14, 2018 |
Custom Domains for Amazon Cognito Hosted UI | Allow developers to use their own fully custom domain for the hosted UI in Amazon Cognito User Pools. | June 4, 2018 |
Amazon Cognito User Pools OIDC Identity Provider | Added user pool sign-in through an OpenID Connect (OIDC) identity provider such as Salesforce or Ping Identity. | May 17, 2018 |
Amazon Cognito Developer Guide Update | Added top level “What is Amazon Cognito” and “Getting Started with Amazon Cognito”. Also added common scenarios and reorganized the user pools TOC. Added a new “Getting Started with Amazon Cognito User Pools” section. | April 6, 2018 |
Amazon Cognito Lambda Migration Trigger | Added pages covering the Lambda Migration Trigger feature | February 8, 2018 |