Home > Glossary > AWS Certified Cloud Practitioner > Amazon Cognito

📖 What is Amazon Cognito?

Amazon Cognito provides authentication, authorization, and user management for web and mobile applications. It allows users to sign in using a password or social identity providers and manages user profiles and access tokens.

🥋 Sensei Says:

"This is the primary tool for 'customer-facing' identity management, whereas IAM is designed for 'internal' AWS resource management."

📚 Certification: AWS Certified Cloud Practitioner (CLF-C02)

🔑 What are the Key Concepts of Amazon Cognito?

▸ User Pools provide a user directory for sign-up and sign-in, managing user profiles and handling authentication via passwords or social identity providers.
▸ Identity Pools enable users to obtain temporary AWS credentials, allowing them to securely access other AWS services like Amazon S3 or DynamoDB.
▸ Federation allows users to sign in using existing accounts from external providers like Google or Facebook, improving user experience and reducing friction.
▸ Cognito scales automatically to support millions of users, eliminating the operational overhead of managing a custom user database and authentication backend.

🎯 How does Amazon Cognito appear on the CLF-C02 Exam?

You may be asked to select the appropriate service for a mobile application that requires a secure sign-in process for external customers using social media accounts like Google or Facebook to reduce registration friction.

A scenario might describe a requirement where a web application needs to grant temporary, limited access to an S3 bucket for guest users to upload files without creating an IAM user.

Expect questions that require you to differentiate between IAM and Cognito when deciding how to manage access for internal employees versus millions of external app users accessing a public-facing website.

❓ Frequently Asked Questions

What is the main difference between User Pools and Identity Pools?

User Pools handle authentication (who are you?) by managing user directories and sign-in. Identity Pools handle authorization (what can you do?) by exchanging those identities for temporary AWS credentials to access resources.

When should I use Cognito instead of IAM?

Use IAM for internal employees and administrators who need to manage AWS infrastructure. Use Cognito for external customers or end-users, as it is designed to scale to millions of identities.

Related Terms from AWS Certified Cloud Practitioner

Amazon VPC Network Access Control Lists (NACLs) AWS Secrets Manager Amazon GuardDuty Amazon Bedrock AWS Web Application Firewall (WAF) Fault Tolerance

📝 Related Study Guides

Study Guide 8 min read

AWS Cloud Practitioner (CLF-C02): Complete 2026 Study Guide

The AWS Cloud Practitioner CLF-C02 certification validates foundational cloud knowledge across four domains: Cloud Concepts, Security and Compliance, Cloud Technology and Services, and Billing and Pricing. Prepare with a 4-week study plan focusing on core AWS services like EC2, S3, IAM, and Lambda, combined with scenario-based practice questions to build exam confidence.

Study Guide 10 min read

AWS Cloud Practitioner (CLF-C02) Study Guide for 2026

The AWS Cloud Practitioner (CLF-C02) exam validates overall understanding of the AWS Cloud platform. To pass, you must master four domains: Cloud Concepts, Security and Compliance, Technology, and Billing and Pricing. A successful strategy combines official AWS documentation with rigorous practice exams to benchmark your knowledge across all service categories.

Deep Dive 8 min read

AWS Support Plans & Pricing: CLF-C02 Exam Guide

AWS offers four support plans—Basic, Developer, Business, and Enterprise—differing by response time, access to engineers, and the inclusion of a Technical Account Manager (TAM). For the CLF-C02 exam, you must distinguish these tiers and understand pricing models like On-Demand, Reserved, Spot, and Savings Plans to optimize cloud costs.