If you would like to define and manage credentials for your product users instead of your cloud, Amazon Cognito offers up the ability to define roles and map users to them. This means that your app can access only the resources that are authorized for each user. Cognito supports MFA and encryption of data at rest and in-transit. Integrations with OAuth 2.0, SAML 2.0, and OpenID Connect provide federation options with social media and enterprise SSO providers.
Cognito
User pools
In order to implement role management with Cognito, we first need to create a pool for our users, as in the following example:
resource "aws_cognito_user_pool" "pool" {
name = "pool"
}
resource ...