Amazon Cognito
Simple and Secure User Sign-Up, Sign-In, and Access Control
Spend your time creating great apps.
Let Amazon Cognito handle authentication.

Secure and scalable user directory
Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. As a fully managed service, User Pools are easy to set up without any worries about standing up server infrastructure.
Read more about Cognito User Pools

Social and enterprise identity federation
With Amazon Cognito, your users can sign in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML.
Read more about federation

Standards-based authentication
Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards, such as Oauth 2.0, SAML 2.0, and OpenID Connect.
Read more about standards-based authentication

Security for your apps and users
Amazon Cognito supports multi-factor authentication and encryption of data-at-rest and in-transit. Amazon Cognito is HIPAA eligible and PCI DSS, SOC, ISO/EIC 27001, ISO/EIC 27017, ISO/EIC 27018, and ISO 9001 compliant.
Read more about security and compliance

Access control for AWS resources
Amazon Cognito provides solutions to control access to backend resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user.
Read more about controlling access to AWS resources

Easy integration with your app
With a built-in UI and easy configuration for federating identity providers, you can integrate Amazon Cognito to add user sign-in, sign-up, and access control to your app in minutes. You can customize the UI to put your company branding front and center for all user interactions.
See how to quickly integrate Amazon Cognito with your app
It really is this easy
-
iOS Objective C
-
Android
-
iOS Swift
-
Web Apps
-
iOS Objective C
-
Sign in users and get back tokens using the SDKs and a few lines of code.
// iOS Objective-C // AppDelegate.m - (BOOL)application:(UIApplication *)app openURL:(NSURL *)url options:(NSDictionary<UIApplicationOpenURLOptionsKey, id> *)options { return [[AWSCognitoAuth defaultCognitoAuth] application:app openURL:url options:options]; } // ViewController.m AWSCognitoAuth * cognitoAuth = [AWSCognitoAuth defaultCognitoAuth]; [cognitoAuth getSession:self completion:^(AWSCognitoAuthUserSession * _Nullable session, NSError * _Nullable error) { if(error) { NSLog(@"Error: %@", error.userInfo[@"error"]); } else { //Do something with session NSLog(@"Claims: %@", t.result.idToken.claims); } }];
-
Android
-
Sign in users and get back tokens using the SDKs and a few lines of code.
//Android // 1) -- Create an instance of Auth -- Auth.Builder builder = new Auth.Builder() .setAppClientId(getString(R.string.cognito_client_id)); .setAppCognitoWebDomain(getString(R.string.cognito_web_domain)); .setApplicationContext(getApplicationContext()); .setAuthHandler(new callback()); .setSignInRedirect(getString(R.string.app_redirect_signin)); .setSignOutRedirect(getString(R.string.app_redirect_signout)); .setScopes(userScopes); auth = builder.build(); // 2) – Set up url redirect in your app manifest -- <intent-filter> <data android:host="YOUR_REDIRECT_URI_AUTHORITY"android:scheme="YOUR_REDIRECT_SCHEME"/> </intent-filter> // 3) -- Get tokens for your user -- auth.getSession();
-
iOS Swift
-
Sign in users and get back tokens using the SDKs and a few lines of code.
// iOS Swift // AppDelegate.swift func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { return AWSCognitoAuth.default().application(app, open: url, options: options) } // ViewController.swift let cognitoAuth = AWSCognitoAuth.default() cognitoAuth.getSession(self) { (session:AWSCognitoAuthUserSession?, error:Error?) in if(error != nil) { print((error! as NSError).userInfo["error"] as? String) }else { //Do something with session } }
-
Web Apps
-
Sign in users and get back tokens using the SDKs and a few lines of code.
// Add amazon-cognito-auth-js SDK in your application. //1) -- Create an instance of Auth -- var authData = { ClientId : '<add ClientId>', AppWebDomain : '<add App Web Domain>', TokenScopesArray : '<add scope array>', RedirectUriSignIn : '<add redirect url when signed in>', RedirectUriSignOut : '<add redirect url when signed out>' }; var auth = new AWSCognito.CognitoIdentityServiceProvider.CognitoAuth(authData); // 2) -- Get tokens for your user -- auth.getSession();

Trusted by developers



Pay only for what you use. No minimums.
If you are using Amazon Cognito Identity to create a User Pool, you pay based on your monthly active users (MAUs) only. A user is counted as a MAU if, within a calendar month, there is an identity operation related to that user, such as sign-up, sign-in, token refresh, or password change. You are not charged for subsequent sessions or for inactive users within that calendar month.
Pricing Tier (MAUs) | Price per MAU |
First 50,000 | Free |
Next 50,000 | $0.00550 |
Next 900,000 | $0.00460 |
Next 9,000,000 | $0.00325 |
Greater than 10,000,000 | $0.00250 |
For users who sign in through SAML federation, the price above the 50 user free tier is $0.45 per MAU. If you have 10,000 users or more, please contact us to obtain your custom pricing. Using the Federated Identities feature to get AWS credentials for authenticated or guest users is always free with Amazon Cognito. Read more about our pricing here.
Get started with AWS

Start building with AWS