Authentication

1. Clients authenticate againts web identity providers, customer broker or Cognito

2. Cognito exchanges or provides the token

3. STS (Security Token Service) provides a temporary security credential

4. The role based on the temporary security credential is assumed

5. Clients can access the AWS resources