AWS Cognito

Status: Scaffold — content in progress

AWS Cognito provides user authentication and identity federation for customer-facing applications.

Components

Component	Function
User Pool	User directory — stores users, handles sign-up/sign-in, MFA
Identity Pool	Federation — maps authenticated identities to AWS roles (IAM credentials)

Unauthenticated identities in Identity Pools → AWS credentials (often over-privileged)
Cognito user pool misconfiguration → self-registration open to anyone
Client ID / secret leakage in mobile apps

Topic	Link
AWS IAM Overview	aws-iam-overview