Why This Cheat Sheet Matters for DVA-C02
This cheat sheet covers the most important Amazon Cognito concepts tested on the DVA-C02 (AWS Developer Associate) certification exam. It contains 3 sections with 15 key points that you should memorize before exam day. Implement user authentication and authorization with Cognito User Pools, Identity Pools, hosted UI, OAuth 2.0 / OIDC flows, MFA, custom attributes, and triggers. Use this as a quick-reference guide during your final review sessions.
3Sections
15Key Points
User Pools
- User Pool = user directory for sign-up and sign-in. Issues JWT tokens (ID, access, refresh).
- Supports username/password, email, phone, social identity providers (Google, Facebook, Apple), SAML, OIDC.
- MFA: SMS or TOTP. Can be required, optional, or off.
- Hosted UI provides a pre-built sign-in/sign-up page with OAuth 2.0 / OIDC support.
- Custom attributes: up to 50 per User Pool. Cannot be removed after creation.
Identity Pools
- Identity Pool = federated identities. Exchanges tokens for temporary AWS credentials via STS.
- Supports Cognito User Pool tokens, social providers, SAML, OpenID Connect, and custom developers.
- Authenticated and unauthenticated (guest) roles can be configured.
- Attribute-based access control (ABAC): map claims to session tags for fine-grained IAM policies.
Lambda Triggers
- Pre sign-up: validate, auto-confirm, or auto-verify users before registration.
- Pre authentication: add custom validation before sign-in.
- Post confirmation: send welcome emails, log events after sign-up confirmation.
- Pre token generation: add, suppress, or modify claims in the JWT before it is issued.
- Custom message: customize verification/MFA messages and email subjects.
- Migrate user: import users from a legacy system on first sign-in.
Practice Cognito Questions
Put your knowledge to the test with practice questions.