Amazon Cognito resources

Overview

Amazon Cognito allows developers to set up customer identity and access management (CIAM) capabilities, allowing users to sign-up, sign-in, and access customer-facing applications, web portals, or digital services for your organization.

Here you will find technical materials that describe how to accomplish a specific tasks with code samples you can re-use in your app. The first set of guides below teach you the essentials for Amazon Cognito user pools, Amazon Cognito identity pools, and AWS AppSync development.  

Getting started

Amazon Cognito user pools makes it easy to create and maintain a user directory and add sign-up (user on-boarding) and sign-in to your mobile or web application for authentication, authorization, and resource access and control.

With Amazon Cognito identity pools, you can create unique identities and assign permissions for users. You can also sign in users through social identity providers, such as Facebook, Google, or Apple, or through corporate identity providers with SAML or OIDC and control access to your backend resources.

If you're new to Amazon Cognito Sync, use AWS AppSync. Like Amazon Cognito Sync, AWS AppSync is a service for synchronizing application data across devices.

It enables user data like app preferences or game state to be synchronized. It also extends these capabilities by allowing multiple users to synchronize and collaborate in real time on shared data.

AWS AppSync simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources. AppSync is a managed service that uses GraphQL to make it easy for applications to get exactly the data they need.

Workshop

Amazon Cognito Workshop
In this workshop, we will deep dive into Cognito and build out an authentication solution for a sample retail store. We will be working with Amazon Cognito user pools for API Authentication for a Hosted UI, Amazon Cognito user pools SDK with AWS Amplify, and the Amazon Cognito identity pools SDK.

Sample Applications

Sample pet store application
This sample web application demonstrates authentication and policy-based authorization of different user types to an imaginary pet store web application. This application uses Amazon Cognito for authentication and uses Amazon Verified Permissions for policy-based authorization, the application uses AWS Amplify platform to accelerate deployment and provisioning of backend resources.

Implement password-less authentication with Amazon Cognito
Password-less authentication improves security, reduces friction and provides better user experience for end-users of customer facing applications. Amazon Cognito provides features to implement custom authentication flows, which can be used to expand authentication factors for your application. 

This solution demonstrates several patterns to support password-less authentication and provides reference implementations for these methods:

  • FIDO2: AKA WebAuthn; sign in with Face, Touch, YubiKey, etc.
  • Magic link sign-in: sign in with a one-time-use secret link that's emailed to you (and works across browsers).
  • SMS-based step-up authentication: let an already signed-in user verify their identity again with a SMS One-Time-Password (OTP) without requiring them to type in their password.

The reference implementation of each of these authentication methods uses several AWS resources. This solution contains both CDK code (TypeScript) for the back end, as well as front-end code (TypeScript) to use in Web, React and React Native to help developers understand the building blocks needed and expand and adjust the solution as necessary. 

Videos

How to create an Amazon Cognito user pool (7:37)
Amazon Cognito user pools deep dive (24:47)
How to create an Amazon Cognito identity pool in new UI (7:25)
How to use Amazon Cognito user pool advanced security features (11:00)
Amazon Cognito support for AWS Web Application Firewall (5:31)
SAML federation, IdP-initiated Login, and SAML Encryption (15:28)
Passwordless authentication with Amazon Cognito (11:41)
Securing your app using Amazon Cognito (27:36)
Managing B2B (multi-tenancy) identity at scale (36:49)
Prepare and protect your applications during the holiday with Amazon Cognito and AWS WAF (48:26)
Fine-grained Access Control with Amazon Cognito Identity Pools (20:20)
Using Amazon Cognito in AWS Amplify (Auth) (13:30)
Beyond authentication with Amazon Cognito (25:53)
A Journey to First-Class, Personalized CIAM, Featuring Neiman Marcus Group (33:20)
Build a CIAM solution in 1 hour (39:10)

Documentation

Amazon Cognito user pools (Developer Guide)

Follow these steps to set up and configure a user pool for the first time with the Amazon Cognito console

Set up the sample app: iOS | Android | JavaScript (Angular 2)

Amazon Cognito identity pools (Developer Guide)

Provides an overview and steps of Amazon Cognito identity pools for creating identities or setup user authentication with federated social or SAML-based identity providers.

Set up a sample app: iOS | Android

Integrate identity pools with user pools (Developer Guide)

Connect your users and apps to other AWS services.

Synchronize application data across devices

If you're new to Amazon Cognito Sync, use AWS AppSync. AWS AppSync is a service for synchronizing application data across devices. It enables user data like app preferences or game state to be synchronized. It also extends these capabilities by allowing multiple users to synchronize and collaborate in real time on shared data. For existing customers of Cognito Sync, here is a reference to get started with Amazon Cognito Sync.

AWS support knowledge center questions for Amazon Cognito

Get answers to commonly asked questions and use helpful articles to troubleshoot Amazon Cognito capabilities, such as account recovery, OIDC tokens, security settings, and more.

What's new

  • Date
No results found
1

Developer tools and SDKs

In addition to using the higher-level mobile and JavaScript SDKs, you can also use the lower-level APIs available via the following AWS SDKs to integrate all Amazon Cognito functionality in your applications.

Blog posts and articles

No blog posts have been found at this time. Please see the AWS Blog for other resources.

1