AWS Cognito User Pools (CUP) Overview

AWS Cognito User Pools (CUP) provide a serverless database solution for managing web and mobile application users, offering a range of authentication and identity verification features.

Key Features:

• Serverless Database: Simplifies user authentication by allowing users to log in with a username/email and password.
• Password Reset: Users can easily reset their passwords.
• Verification: Supports email and phone number verification.
• Multi-factor Authentication (MFA): Enhances security by enabling MFA.
• Federated Identities: Allows users to log in using Google, Facebook, SAML, or other federated identity providers.
• Credential Protection: Automatically blocks users with credentials compromised elsewhere.
• JWT Tokens: On successful login, users receive a JSON Web Token (JWT) for secure access.

How CUP Works:

• CUP maintains an internal database of users for authentication.
• Supports login from mobile and web applications, returning a JWT upon successful authentication.
• Integrates with third-party identity providers (e.g., Google, Facebook) for social logins and supports SAML and OpenID Connect.

AWS Integrations:

• API Gateway: Users authenticate via CUP to receive a JWT, which is then validated by API Gateway for backend access.
• Application Load Balancer (ALB): Utilizes ALB listeners and rules to authenticate users against CUP, directing authenticated traffic to backend resources (e.g., EC2, Lambda, ECS containers).

Practical Application: