During the development, definition and deployment of a backend you are building, you have to decide how to use user and identity pools as a part of a serverless application.
What statements are correct in this scenario?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
User pools are for authentication (identify verification)
Identity pools are for authorization (access control)
User pools help you track user device, location, and IP address, and adapt to sign-in requests of different risk levels.
Identity pools help you generate temporary AWS credentials for unauthenticated users.
Incorrect Answers:
Options A, C are incorrect because user pools do not deal with AWS credentials to access other AWS services.
Option D is incorrect because Identity pools are for authorization (access control).
References:
https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/User and identity pools are two essential components of AWS Cognito. AWS Cognito is a service that provides user sign-up, sign-in, and access control to AWS resources. User pools and identity pools provide different functionalities and are used in different scenarios.
A user pool is a user directory that manages sign-up, sign-in, and user profiles for your application. User pools allow you to create and manage a set of users, and define authentication flows to control how users sign in to your application. User pools support various authentication flows, such as email and password-based authentication, social identity provider-based authentication, and multi-factor authentication.
Option D is correct: User pools are used for authorization, also called access control. Authorization is the process of verifying that a user has the necessary permissions to access resources. User pools can be used to control access to AWS resources and other resources in your application. User pools allow you to define groups and roles, and you can assign permissions to groups and roles. User pools also allow you to define custom attribute fields to store additional user information.
Option A is incorrect: User pools do not support temporary, limited-privilege AWS credentials to access other AWS services. Instead, AWS Identity and Access Management (IAM) provides temporary credentials that can be used by authenticated users to access other AWS services.
Option B is incorrect: User pools do not track user devices, location, and IP address. Instead, you can use Amazon CloudFront or Amazon API Gateway to track user devices, location, and IP address. Identity pools provide temporary AWS credentials for unauthenticated users. Identity pools are used to grant access to AWS resources for unauthenticated users or users from external identity providers such as Facebook or Google. Identity pools allow you to define authentication providers and map them to IAM roles. When an unauthenticated user logs in, an identity is created for the user, and temporary AWS credentials are generated for the user. The temporary credentials can be used to access AWS resources with the permissions associated with the IAM role.
Option C is incorrect: User pools do not give your users access to AWS resources directly. Instead, user pools are used to authenticate users and control access to AWS resources through IAM roles.
In summary, user pools are used for user authentication and authorization, while identity pools are used to grant temporary AWS credentials to unauthenticated users or users from external identity providers.