Amazon Cognito

Table of Contents

Fine-grained user access via IAM
aws-amplify
amazon-cognito-identity-js
amazon-cognito-auth-js

Fine-grained user access via IAM

You can use following variables within IAM policies to specify fine-grained user access:

"${cognito-identity.amazonaws.com:aud}" (identity pool id, like "us-east-1:12345678-abcd-abcd-abcd-123456790ab")
"${cognito-identity.amazonaws.com:sub}" (user id, like "us-east-1:12345678-1234-1234-1234-123456790ab")
"${cognito-identity.amazonaws.com:amr}" (login provider, like "graph.facebook.com")

https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html

aws-amplify

amazon-cognito-identity-js

For managing User Pools, which means that it supports user sign-up, sign-in, changing password, etc.
This has currently become a part of aws-amplify.

https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js

amazon-cognito-auth-js

Supports to use Amazon Cognito as a kind of OAuth2 provider.
In other words, there is no way for users to sign up.
The Domain prefix and Callback, Signoutu URL is used for this service.