AWS::Cognito::IdentityPool

• Creates an identity pool (Federated Identities)
• Takes all your identity providers and puts them together (federates them)

• With the Federated Identities the users are managed externally

• Let external users assume temporary roles for accessing AWS resources by means of STS

Properties

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html

CognitoIdentityProviders

• SAML 2.0: the client exchange a saml token for an sts token
• Custom Identity Broker: the IdP talks directly to the sts and give the token to the user
• Web Identity Federation: login on fb, google, etc
• SSO
• AD: database of objects (users, files, printers, etc)