Amazon Cognito Documentation

Amazon Cognito is designed to let you add user sign-up, sign-in, and access control to your web and mobile apps. Amazon Cognito scales to millions of users and supports sign-in with social identity providers and enterprise identity providers.

An identity store for all your apps and users

Amazon Cognito User Pools provide a secure identity store that can be set up without provisioning any infrastructure. User Pools store user profiles and support authentication for users who sign up directly and for federated users who sign in with social and enterprise identity providers.

Built-in customizable user interface to sign in users

Amazon Cognito provides a built-in and customizable user interface for user sign-up and sign-in.

Advanced security features to protect your users

Using advanced security features for Amazon Cognito may help you protect access to user accounts in your applications. These advanced security features provide risk-based adaptive authentication and protection from the use of compromised credentials.

Social and enterprise identity federation

Amazon Cognito is designed to enable your users to sign-in through social identity providers and through enterprise identity providers.

Access control for AWS resources

Amazon Cognito provides solutions to control access to AWS resources from your app. You can define roles and map users to different roles so your app can access only the resources that are authorized for each user. Alternatively, you can use attributes from identity providers in AWS Identity and Access Management permission policies, so you can control access to resources to users who meet specific attribute conditions.

Standards-based authentication

Amazon Cognito uses common identity management standards.

Adaptive authentication

Using advanced security features for Amazon Cognito to add adaptive authentication to your applications may help protect your applications’ user accounts and user experience. When Amazon Cognito detects unusual sign-in activity, such as sign-in attempts from new locations and devices, it assigns a risk score to the activity and lets you choose to either prompt users for additional verification or block the sign-in request. Users can verify their identities using SMS or a Time-based One-time Password (TOTP) generator.

Protection from compromised credentials

Advanced security features for Amazon Cognito are designed to help protect your application users from unauthorized access to their accounts using compromised credentials. When Amazon Cognito detects users have entered credentials that have been compromised elsewhere, it prompts them to change their password.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at, or other agreement between you and AWS governing your use of AWS’s services.