Amazon Cognito allows developers to set up customer identity and access management (CIAM) capabilities, allowing users to sign-up, sign-in, and access customer-facing applications, web portals, or digital services for your organization.
Here you will find technical materials that describe how to accomplish a specific tasks with code samples you can re-use in your app. The first set of guides below teach you the essentials for Amazon Cognito user pools, Amazon Cognito identity pools, and AWS AppSync development.
Amazon Cognito user pools
Amazon Cognito user pools makes it easy to create and maintain a user directory and add sign-up (user on-boarding) and sign-in to your mobile or web application for authentication, authorization, and resource access and control.
Amazon Cognito identity pools
With Amazon Cognito identity pools, you can create unique identities and assign permissions for users. You can also sign in users through social identity providers, such as Facebook, Google, or Apple, or through corporate identity providers with SAML or OIDC and control access to your backend resources.
If you're new to Amazon Cognito Sync, use AWS AppSync. Like Amazon Cognito Sync, AWS AppSync is a service for synchronizing application data across devices.
It enables user data like app preferences or game state to be synchronized. It also extends these capabilities by allowing multiple users to synchronize and collaborate in real time on shared data.
AWS AppSync simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources. AppSync is a managed service that uses GraphQL to make it easy for applications to get exactly the data they need.
Amazon Cognito Workshop
In this workshop, we will deep dive into Cognito and build out an authentication solution for a sample retail store. We will be working with Amazon Cognito user pools for API Authentication for a Hosted UI, Amazon Cognito user pools SDK with AWS Amplify, and the Amazon Cognito identity pools SDK.
Sample pet store application
This sample web application demonstrates authentication and policy-based authorization of different user types to an imaginary pet store web application. This application uses Amazon Cognito for authentication and uses Amazon Verified Permissions for policy-based authorization, the application uses AWS Amplify platform to accelerate deployment and provisioning of backend resources.
Implement password-less authentication with Amazon Cognito
Password-less authentication improves security, reduces friction and provides better user experience for end-users of customer facing applications. Amazon Cognito provides features to implement custom authentication flows, which can be used to expand authentication factors for your application.
This solution demonstrates several patterns to support password-less authentication and provides reference implementations for these methods:
- FIDO2: AKA WebAuthn; sign in with Face, Touch, YubiKey, etc.
- Magic link sign-in: sign in with a one-time-use secret link that's emailed to you (and works across browsers).
- SMS-based step-up authentication: let an already signed-in user verify their identity again with a SMS One-Time-Password (OTP) without requiring them to type in their password.
The reference implementation of each of these authentication methods uses several AWS resources. This solution contains both CDK code (TypeScript) for the back end, as well as front-end code (TypeScript) to use in Web, React and React Native to help developers understand the building blocks needed and expand and adjust the solution as necessary.
Provides an overview and steps of Amazon Cognito identity pools for creating identities or setup user authentication with federated social or SAML-based identity providers.
Set up a sample app: iOS | Android
Connect your users and apps to other AWS services.
If you're new to Amazon Cognito Sync, use AWS AppSync. AWS AppSync is a service for synchronizing application data across devices. It enables user data like app preferences or game state to be synchronized. It also extends these capabilities by allowing multiple users to synchronize and collaborate in real time on shared data. For existing customers of Cognito Sync, here is a reference to get started with Amazon Cognito Sync.
Get answers to commonly asked questions and use helpful articles to troubleshoot Amazon Cognito capabilities, such as account recovery, OIDC tokens, security settings, and more.
Developer tools and SDKs
Amazon Cognito user pools: