What's the difference between Amazon Cognito user pools and identity pools?
Last updated: 2019-04-19
User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP).
Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access other AWS services.
User pool use cases
Use a user pool when you need to:
- Design sign-up and sign-in webpages for your app.
- Access and manage user data.
- Track user device, location, and IP address, and adapt to sign-in requests of different risk levels.
- Use a custom authentication flow for your app.
Identity pool use cases
Use an identity pool when you need to:
- Give your users access to AWS resources, such as an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon DynamoDB table.
- Generate temporary AWS credentials for unauthenticated users.
For more example use cases, see Common Amazon Cognito Scenarios.