Web Identity Federation

Web Identity Federation lets you give your users access to AWS resources after theyh have successfully authenticated with a web-based identity provider like Amazon, Facebook, or Google.

Following successful authentication, the user receives an authentication code from the Web ID provider, which they can trade for temporary AWS scurity credentials.

Amazon Cognito

Amazon Cognito provides Web Identity Federation with the following features:

Sign-up and sign-in to your apps
Access for guest users
Acts as an Identity Broker between your appliction and Web ID providers, so you don't need to write any additional code
Synchronizes user data for multiple devices
Recommended for all mobile applications which run on AWS Services

Amazon Cognito Use Cases

The reccommended approach for Web Identity Federation using social media accounts like Facebook, Google, and also Amazon.

Cognity brokers between the app and Facebook or Google to provide temporary credentials which map to an IAM role allowing access to the required resources

No need for the application to embed or store AWS credentials locally on the device and it gives users a seamless experience across all mobile devices.

Web Identity Federation Exam Tips

Federation allows users to authenticate with a Web IDentity PRovider (Google, Facebook, Amazon)
The user authenticates first witht he Web ID Provider and receives an authentication token, which is exchanged for temporary AWS credentials allowing them to assume an IAM role.
Cognity is an Identity Broker which handles interaction between your applications and the Web ID provider (You don't need to write your own code to do this).
- Provides sign-up, sign-in, and guest user access
- Syncs user data for a seamless experience across your devices
- Cognity is the AWS recommended approach for Web ID Federation particularly for mobile apps