AWS::Cognito::IdentityPool

• Creates an identity pool (Federated Identities)
• Takes all your identity providers and puts them together (federates them)

• With the Federated Identities the users are managed externally

• Let external users assume temporary roles for accessing AWS resources by means of STS

Properties

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html

Type: AWS::Cognito::IdentityPool
Properties:
  AllowClassicFlow: Boolean
  AllowUnauthenticatedIdentities: Boolean
  CognitoEvents: Json
  CognitoIdentityProviders:
    - CognitoIdentityProvider
  CognitoStreams:
    CognitoStreams
  DeveloperProviderName: String
  IdentityPoolName: String
  IdentityPoolTags:
    - Tag
  OpenIdConnectProviderARNs:
    - String
  PushSync:
    PushSync
  SamlProviderARNs:
    - String
  SupportedLoginProviders: Json

CognitoIdentityProviders

• SAML 2.0: the client exchange a saml token for an sts token
• Custom Identity Broker: the IdP talks directly to the sts and give the token to the user
• Web Identity Federation: login on fb, google, etc
• SSO
• AD: database of objects (users, files, printers, etc)