Amazon Cognito
Developer Guide (Version Last Updated: 07/28/2016)

What is Amazon Cognito?

Amazon Cognito lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps. You can create your own user directory within Amazon Cognito, or you can authenticate users through social identity providers such as Facebook, Twitter, or Amazon; with SAML identity solutions; or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users' devices, allowing your applications to work even when the devices are offline. You can then synchronize data across users' devices so that their app experience remains consistent regardless of the device they use.

With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across devices.

What's New

App integration and federation for Amazon Cognito User Pools is in beta release. This new feature enables you to integrate SAML identity providers directly with a user pool, without using an identity pool. For more information, see Amazon Cognito User Pools App Integration and Federation Beta Release.

Features of Amazon Cognito

Amazon Cognito User Pools: You can create and maintain a user directory and add sign-up and sign-in to your mobile app or web application using Amazon Cognito User Pools. User pools scale to hundreds of millions of users and provide simple, secure, and low-cost options for you as a developer. You can also implement enhanced security features, such as email and phone number verification, and multi-factor authentication. In addition, Amazon Cognito User Pools lets you customize workflows through AWS Lambda, for example by adding app-specific logic to user registration for fraud detection and user validation.

For more information, see Amazon Cognito User Pools.

Amazon Cognito Federated Identities: Amazon Cognito Federated Identities enable you to create unique identities for your users and authenticate them with federated identity providers. With a federated identity, you can obtain temporary, limited-privilege AWS credentials to synchronize data with Amazon Cognito Sync or to securely access other AWS services such as Amazon DynamoDB, Amazon S3, and Amazon API Gateway. Amazon Cognito Federated Identities support federated identity providers—including Amazon, Facebook, Google, Twitter, OpenID Connect providers, and SAML identity providers—as well as unauthenticated identities. This feature also supports developer authenticated identities, which let you register and authenticate users via your own back-end authentication systems.

For more information, see Amazon Cognito Federated Identities.

Amazon Cognito Sync: Amazon Cognito Sync is an AWS service that supports offline access and cross-device syncing of application-related user data. You can use Amazon Cognito Sync to synchronize user profile data across mobile devices and the web without requiring your own back end. The client libraries cache data locally so your app can read and write data regardless of device connectivity status. When the device is online, you can synchronize data, and if you set up push sync, notify other devices immediately that an update is available.

For more information, see Amazon Cognito Sync.

Accessing Amazon Cognito

Amazon Cognito can be accessed using the Amazon Cognito console, the AWS Command Line Interface, and the Amazon Cognito APIs.

Are You a First-Time Amazon Cognito User?

If you are a first-time user of Amazon Cognito, we recommend that you begin by reading the Getting Started Guide guide.

You can also find information and links to videos, articles, documentation, and sample apps on our Developer Resources Page.

Pricing for Amazon Cognito

For information on Amazon Cognito pricing, see the Amazon Cognito Pricing Page.

SDKs for Amazon Cognito

There are two types of SDKs for Amazon Cognito user pools. We have higher-level client SDKs for iOS, Android, and JavaScript, and the standard AWS SDKs that cover a wider array of languages including Java, C#, and Ruby. The standard SDKs cover all of the APIs of the service, while the higher-level SDKs provide additional features that make it easier to perform some functions. One of the key differences between the two types of SDKs is in signing in users. Amazon Cognito uses a Secure Remote Password (SRP) protocol, which requires some calculations and a couple of requests between the client and the service APIs. In the higher-level SDKs, that process is taken care of for you. The standard SDKs expose the underlying APIs, but they currently do not include built-in support for SRP. To learn more about authentication options, see the Amazon Cognito User Pool Authentication Flow page.

Follow the links below to the SDKs for Cognito user pools.


For links to the SDKs and samples for app integration and federation, see Where to Find the SDKs and Sample Apps for This Beta Release.

Standard AWS SDKs

You can download all the SDKs and find documentation here.