When to use

Userpools can be used almost anytime your application needs to authenticate and authorize users.

Advantages

• Pay-per-MAU - You pay for Monthly Active Users.
• Free-tier - There's a free tier of 50,000 MAUs for users who sign in directly to Cognito User Pools (not using SAML or OIDC federation).
• Serverless - You can seamlessly scale your userbase almost indefinitely.
• Secure by default - Your users are securely stored by AWS.
• Compliant - With userpools, you are HIPAA eligible and PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant by default.

Disadvantages

• Not cheap for large user bases - When you have more than 50,000 MAUs or many users with SAML or OIDC federation, can get expensive.
• Not easy to understand - Similarly to almost everything related to authentication or OAUTH, understanding user pool authentication flows can be complicated.

Basic usage

• Example: Lambda function connected to HTTP API Gateway with authorizer that allows only users authenticated using myUserPool to access the configured path.

resources:
  createPost:
    type: function
    properties:
      packageConfig:
        filePath: src/index.ts
      events:
        - type: http-api-gateway
          properties:
            httpApiGatewayName: myGateway
            path: /post/create
            method: POST
            authorizer:
              type: cognito
              properties:
                userPoolName: myUserPool

  myUserPool:
    type: user-auth-pool
    properties:
      userVerificationType: email-code
      passwordPolicy:
        minimumLength: 8

API reference