With the Amazon Cognito SDK, you just write a few lines of code to enable your users to sign-up and sign-in to your mobile and web apps.
Cognito-SI-CI-IMG_details_userpool
A directory for all your apps and users

Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. As a fully managed service, User Pools are easy to set up without any worries about server infrastructure. User Pools provide user profiles and authentication tokens for users who sign up directly and for federated users who sign in with social and enterprise identity providers.

Cognito-SI-CI-IMG_details_customui
Built-in customizable UI to sign in users

Amazon Cognito provides a built-in and customizable UI for user sign-up and sign-in. You can use Android, iOS, and JavaScript SDKs for Amazon Cognito to add user sign-up and sign-in pages to your apps.

Cognito security shield
Advanced security features to protect your users (Beta)

Using advanced security features for Amazon Cognito helps you protect access to user accounts in your applications. These advanced security features provide risk-based adaptive authentication and protection from the use of compromised credentials. With just a few clicks, you can enable these advanced security features for your Amazon Cognito User Pools.

Now it's easier and faster to create better, more secure apps

Social and enterprise identity federation

With Amazon Cognito, your users can sign-in through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory using SAML

Access control for AWS resources

Amazon Cognito provides solutions to control access to AWS resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user.

Standards-based authentication

Amazon Cognito uses common identity management standards including OpenID Connect, OAuth 2.0, and SAML 2.0. 

Amazon Cognito Sync - user data synchronization across devices

Amazon Cognito Sync service and client library enables cross-device syncing of applications-related user data. You can use it to synchronize user profile data across mobile devices and the web without requiring your own backend. The client libraries cache data locally so your app can read and write data whether or not the device is online. When the device is online, you can synchronize data, and, if you set up push sync, notify other devices immediately that an update is available.

Adaptive authentication (Beta)

Using advanced security features for Amazon Cognito to add adaptive authentication to your applications helps protect your applications’ user accounts and user experience. When Amazon Cognito detects unusual sign-in activity, such as sign-in attempts from new locations and devices, it assigns a risk score to the activity and lets you choose to either prompt users for additional verification or block the sign-in request. Users can verify their identities using SMS or a Time-based One-time Password (TOTP) generator, such as Google Authenticator.

Protection from compromised credentials (Beta)

Advanced security features for Amazon Cognito helps protect your application users from unauthorized access to their accounts using compromised credentials. When Amazon Cognito detects users have entered credentials that have been compromised elsewhere, it prompts them to change their password.

HIPAA Eligible and PCI DSS Compliant

Amazon Cognito is HIPAA Eligible and PCI DSS Compliant, so healthcare companies and merchants can use Amazon Cognito for sensitive personal and financial payment information.