Federation allows users to authenticate with a Web Identity Provider (Google, Facebook, Amazon)
The user authenticates first with the Web ID PRovider and receives an authentication token, which is exchanged for Temporary AWS credentials allowing them to assume an IAM role.
Cognito Exam Tips
Cognito is an IDentity Broker which handles interaction between your applications and the Web ID provider (you don't need to write your own code to do this.)
provides sign-up, sign-in and guest user access
Syncs user data for a seamless experience across your devcies
Cognity is the AWS-recommended approach for Web ID Federation
Cognito uses User Pools to manage user sign-up and sign-in directly, or via Web Identity Providers
Cognito uses Push Synchronization (via SNS)to send a silent push notification of user data updates to multiple device types associated with a user ID
Inline Policies vs Managed Policies vc Custom Policies
Remember the 3 different types of IAM policies:
Managed policy - AWS managed default policies
Customer managed policy - managed by you
Inline policy - managed by you and embedded in a single user, group, or role
In most cases, AWS recommends using Managed Policies over Inline Policies