Amazon Cognito : When traffic comes in, identity verification must be done first to confirm access to AWS cloud resources.

Save the registration step for users, and eliminate registration concerns by using existing social logins.

Authentication

Communicate with social software through User Pool to complete user authentication and obtain permissions.

User Pool

Login via social identity providers (Google, Facebook, Amazon, Apple) and SAML identity providers (Ping One).

Authorization

Convert permissions to AWS credentials and use Identity Pool to determine which AWS resources the user can access.

Identity Pool

Provides short-term credentials for users to access AWS resources.