1

I am trying to set up different user groups in the AWS user pool and grant them access to AWS resources based on the group they belong to I have two options.

Create two user groups in the user pool and associate respective roles to it. I can assume role using STS and get access to given AWS resources, something like this. https://aws.amazon.com/premiumsupport/knowledge-center/cognito-user-pool-group/

Another option is two use Amazon Identity Pool for the same which internally uses STS. what advantages I will get if I use the identity pool, given that sts is free and identify pool has a price associated with it.

I am confused about what should be the right approach to solve it?

code_code
  • 119
  • 2
  • 11

1 Answers1

0

Cognito is prices based on your monthly active users. Since you are going to be using user pool in both cases you will be charged the same regardless of what approach you take. But the first 50,000 monthly active users are free so you might get away with it on a smaller application.

Since pricing isn't a concern, you should just go with Identity pool since they have been made to work well with each other.

Ninad Gaikwad
  • 4,272
  • 2
  • 13
  • 23