This document discusses identity federation with AWS Cognito. It aims to share knowledge and learnings about single sign-on, IAM policies, and securing tokens. It outlines challenges like securing temporary credentials and attaching resource policies to authenticated identities. It then describes solutions like adding Auth0 as an IAM identity provider and creating a Cognito identity pool mapped to IAM roles. Temporary credentials from Cognito are passed to the front-end via Lambda to access AWS resources securely. Auto renewal of tokens ensures credentials do not expire while the user is active.