One of the best and easiest to understand explanations of AWS user pools and identity pools out there so far. I can highly recommend for beginners starting out in that area as well as more experienced folks who want to re-validate their existing knowledge or want to get a differt POV. Again, excellent material. Thanks 🙇♂️
Hello Manish, thanks a million for your comment. This video is part of our podcast session (also available as audio only). For this reason we intentionally kept it more high level and conversational. If you want to look at something a bit more hands on, you could look at our series of live coding sessions called "Building a File Transfer application on AWS" ua-cam.com/video/EfRElTYilyY/v-deo.html . In this series we also make heavy use of Cognito (in particular User Pools) and we even extend it support the OIDC Device flow to connect to Cognito using a CLI application. Let us know if this is something you'd enjoy seeing more and if you have other ideas for live coding sessions.
Thank you for introducing (to me) some of the concepts of Cognito. I am still left trying to understand the different scenarios and use cases in which users and organisations implement this. For example, are the users the 'Joe Public' who sign up to a service? Are they members within an organisation who will access the services which is not public? Does it even matter? I am looking at the latter case which also involves a third-party vendor whose services should be accessible within our organisation. Us - Vendor - AWS. It can be a little hard to define who are the users and who are the providers especially when tasked to build a workflow within our organisation.
Good point! we try to keep our editing to the minimum (so the content works well also for an audio-only podcast), but maybe next time we can consider linking more visual resources in our show notes. Thanks a lot for the suggestion
Great talk lads! helped to ground my understanding of Cognito user and identity pools ... as we enter challenging times not least for tech startups would love to see more talks comparing the _costs_ of choosing one solution over the corresponding AWS option ( e.g. Auth0 vs. Cognito ) - usually I think we see both options as more or less equally feature rich with differences being largely 'paradigmatic' - it would mean a bit more time (and cost!) in researching the topic - but I really think thats where the interest is - what do you think ?
Hello Diarmud! We are glad to hear you found this episode insightful! Thanks also for the brilliant suggestion, indeed a topic worth exploring more! Added to our list of ideas!
Really well explained. My developer is asking a lot of questions, so this will clear it up for both of us. Question: Do you know where we could get some .net examples for Identity pools. Everything seems to be for JS examples?
Hello Killian. Thanks a lot for your comment. We haven't done much .NET with Cognito unfortunately, but the concepts should translate quite seamlessly if you use the .NET AWS SDK. Here's some documentation that might be a good starting point. docs.aws.amazon.com/sdk-for-net/v3/developer-guide/cognito-apis-intro.html Feel free to ask more questions if needed and we'll try our best to answer them.
It would be great if somebody described how to behave with cognito and the local development environment. How can it be integrated to keep tests workable and workable on many developers' machines?
Are you trying to simulate Cognito locally (using Localstack) or using remote AWS Cognito pools? Using real AWS resources is probably the better option. Then, you can create every resource separately for each development environment or go for a shared approach, where each developer uses the same pools and client. The shared approach can be challenging for frontend integration.
@@AWSBites On the current project we have a few stages. All developers work in the same environment at the moment. Now we do not have significant issues. But I understand that the shared development environments affect the whole team at once. That is why I am investigating the question. The solution I see is to make an abstraction to be easily mocked to work without 3-party services at all. But this approach also requires some skills. I am looking at how to adjust it properly in the future. That is why I wouldn't say I like AWS's third-party service, but I agree that they simplify the work well and increase almost all application quality. parameters. That is why I am investigating it to find the golden middle. But it also would be great from you to hear some real solutions and technics.
Thanks for episode on this! Question: Cognito Federated Identities supports "Unauthenticated identities (guest users)". What is the use case for those? Won't it require to make those particular resources / endpoints as public? Does guest user equal public access (im a bit confused on this)? Thanks :)
Good question Iurii. in some cases you still might want to capture data from anonymous users who have not signed in yet or serve content to them. It's like having a public API with no authorisation. Imagine you have a stock image website and offer the capacity to browse some images for free. You could pull those images from S3 using minimal IAM policies that are less than your authenticated users. Typically, the access allowed to anonymous users will be minimal. Does that help?
Terms are used without introduction and without explanation, for example API gateway, load balancer, Cognito authoriser, groups, principle, .... Rather confusing video.
Hey, thanks for your feedback! We will definitely take into account for the next episodes. It's always a bit tricky to find the right level of detail for everyone in the audience. Hopefully some of our episodes in this podcast can help with providing more context where needed. If there's a particular topic you'd like to be explored at a more entry level, please let us know :)
Came here from AWS skillbuilder, and this explanation is way better.
One of the best and easiest to understand explanations of AWS user pools and identity pools out there so far.
I can highly recommend for beginners starting out in that area as well as more experienced folks who want to re-validate their existing knowledge or want to get a differt POV.
Again, excellent material. Thanks 🙇♂️
Thank you very much, Andreas! Great to hear you found this episode valuable!
Thank you both..you cleared my confusion specifically when to use what...!!!!
This is actually an excellent explanation!
Great concise summary, as always !!
Thanks.👍👍
Thanks for following us, Nicolas!
Its Okay for discussion but it would be more beneficial if you walkthrough with aws services in the UI with some examples/architecture
Hello Manish, thanks a million for your comment.
This video is part of our podcast session (also available as audio only). For this reason we intentionally kept it more high level and conversational.
If you want to look at something a bit more hands on, you could look at our series of live coding sessions called "Building a File Transfer application on AWS" ua-cam.com/video/EfRElTYilyY/v-deo.html . In this series we also make heavy use of Cognito (in particular User Pools) and we even extend it support the OIDC Device flow to connect to Cognito using a CLI application.
Let us know if this is something you'd enjoy seeing more and if you have other ideas for live coding sessions.
Thank you. cleared my confusion on these two concepts.
That's great to hear! We should probably do more content about Cognito!
Excellent content as usual - keep the great work!
It's so nice to hear this - thank you!
Excellent explanation
Glad it was helpful!
Thank you for this interesting lesson
Glad you liked it!
thanks for sharing!
Thank you for introducing (to me) some of the concepts of Cognito. I am still left trying to understand the different scenarios and use cases in which users and organisations implement this. For example, are the users the 'Joe Public' who sign up to a service? Are they members within an organisation who will access the services which is not public? Does it even matter? I am looking at the latter case which also involves a third-party vendor whose services should be accessible within our organisation. Us - Vendor - AWS. It can be a little hard to define who are the users and who are the providers especially when tasked to build a workflow within our organisation.
it would be nice if you add screenshots or diagrams :)
Good point! we try to keep our editing to the minimum (so the content works well also for an audio-only podcast), but maybe next time we can consider linking more visual resources in our show notes. Thanks a lot for the suggestion
great video, but a code example of how to create an IAM user from an identity pool would be really useful
Hello Nick. Thanks for your comment. Could you expand a bit more of what you are trying to achieve?
Great talk lads! helped to ground my understanding of Cognito user and identity pools ... as we enter challenging times not least for tech startups would love to see more talks comparing the _costs_ of choosing one solution over the corresponding AWS option ( e.g. Auth0 vs. Cognito ) - usually I think we see both options as more or less equally feature rich with differences being largely 'paradigmatic' - it would mean a bit more time (and cost!) in researching the topic - but I really think thats where the interest is - what do you think ?
Hello Diarmud! We are glad to hear you found this episode insightful!
Thanks also for the brilliant suggestion, indeed a topic worth exploring more! Added to our list of ideas!
Great that you are tuning in Diarmuid! Brilliant suggestion too. We definitely hope to cover cost comparisons following your suggestion.
Really well explained. My developer is asking a lot of questions, so this will clear it up for both of us. Question: Do you know where we could get some .net examples for Identity pools. Everything seems to be for JS examples?
Hello Killian. Thanks a lot for your comment. We haven't done much .NET with Cognito unfortunately, but the concepts should translate quite seamlessly if you use the .NET AWS SDK. Here's some documentation that might be a good starting point. docs.aws.amazon.com/sdk-for-net/v3/developer-guide/cognito-apis-intro.html
Feel free to ask more questions if needed and we'll try our best to answer them.
It would be great if somebody described how to behave with cognito and the local development environment. How can it be integrated to keep tests workable and workable on many developers' machines?
Are you trying to simulate Cognito locally (using Localstack) or using remote AWS Cognito pools? Using real AWS resources is probably the better option. Then, you can create every resource separately for each development environment or go for a shared approach, where each developer uses the same pools and client. The shared approach can be challenging for frontend integration.
@@AWSBites On the current project we have a few stages. All developers work in the same environment at the moment. Now we do not have significant issues. But I understand that the shared development environments affect the whole team at once. That is why I am investigating the question. The solution I see is to make an abstraction to be easily mocked to work without 3-party services at all. But this approach also requires some skills. I am looking at how to adjust it properly in the future. That is why I wouldn't say I like AWS's third-party service, but I agree that they simplify the work well and increase almost all application quality. parameters. That is why I am investigating it to find the golden middle. But it also would be great from you to hear some real solutions and technics.
Thanks for episode on this! Question: Cognito Federated Identities supports "Unauthenticated identities (guest users)". What is the use case for those? Won't it require to make those particular resources / endpoints as public? Does guest user equal public access (im a bit confused on this)? Thanks :)
Good question Iurii. in some cases you still might want to capture data from anonymous users who have not signed in yet or serve content to them. It's like having a public API with no authorisation. Imagine you have a stock image website and offer the capacity to browse some images for free. You could pull those images from S3 using minimal IAM policies that are less than your authenticated users. Typically, the access allowed to anonymous users will be minimal. Does that help?
@@eoinsha it does! Thanks for answering!
Terms are used without introduction and without explanation, for example API gateway, load balancer, Cognito authoriser, groups, principle, .... Rather confusing video.
Hey, thanks for your feedback! We will definitely take into account for the next episodes. It's always a bit tricky to find the right level of detail for everyone in the audience. Hopefully some of our episodes in this podcast can help with providing more context where needed.
If there's a particular topic you'd like to be explored at a more entry level, please let us know :)