Overview of Amazon Cognito
This lesson provides detail on the AWS Security, Identity, and compliance services relevant to the AWS Certified DevOps Engineer - Professional exam. These services are used to help secure and protect your resources and environment through access control mechanisms and encryption.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Learn what Identity Federation is
- Learn about the AWS services that can be used with it
- Understand how it's implemented
- Understand the benefits of AWS IAM Identity Center and how it can be used to simplify user access at scale
- Create your own authentication mechanisms using Amazon Cognito
- Create your own customized UI for user sign in
- Create a secure user directory for all your applications and users
- Understand what is meant by identity and access management and the difference between authentication, authorization, and access control
- Learn the components of IAM as well as its reporting features
- Understand the core principles of cross-account access using IAM
- How to implement and configure cross-account access
- Define how the Key encryption process works
- Explain the differences between the different key types
- Create and modify Key policies
- Understand how to rotate, delete and reinstate keys
- Define how to import your own Key material
- Learn how AWS Security Hub provides a comprehensive view of your security posture across AWS services
- Understand the use of AWS Resource Access Manager (RAM) to securely share resources across multiple AWS accounts
- Learn about AWS Certificate Manager (ACM) and ACM Private Certificate Authority to secure applications and devices using public and private certificates
- Learn how the AWS Security Token Service (STS) enables you to request temporary, limited-privilege credentials for IAM or federated users
- Understand how the AWS Web Application Firewall (WAF) is used to protect applications and APIs against common web exploits
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 250+ courses relating to cloud computing reaching over 1 million+ students.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.