Amazon Cognito
Developer Guide (Version Last Updated: 07/28/2016)

What is Amazon Cognito?

Amazon Cognito lets you easily add user sign-up and sign-in and manage permissions for your mobile and web apps. You can create your own user directory within Amazon Cognito, or you can authenticate users through social identity providers such as Facebook, Twitter, or Amazon; with SAML identity solutions; or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users' devices, allowing your applications to work even when the devices are offline. You can then synchronize data across users' devices so that their app experience remains consistent regardless of the device they use.

With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across devices.

Features of Amazon Cognito

Amazon Cognito Your User Pools: You can create and maintain a user directory and add sign-up and sign-in to your mobile app or web application using Amazon Cognito User Pools. User pools scale to hundreds of millions of users and provide simple, secure, and low-cost options for you as a developer. You can also implement enhanced security features, such as email and phone number verification, and multi-factor authentication. In addition, Amazon Cognito User Pools lets you customize workflows through AWS Lambda, for example by adding app-specific logic to user registration for fraud detection and user validation.

For more information, see Creating and Managing User Pools.

Amazon Cognito Federated Identities: Amazon Cognito Federated Identities enable you to create unique identities for your users and authenticate them with federated identity providers. With a federated identity, you can obtain temporary, limited-privilege AWS credentials to synchronize data with Amazon Cognito Sync or to securely access other AWS services such as Amazon DynamoDB, Amazon S3, and Amazon API Gateway. Amazon Cognito Federated Identities support federated identity providers—including Amazon, Facebook, Google, Twitter, OpenID Connect providers, and SAML identity providers—as well as unauthenticated identities. This feature also supports developer authenticated identities, which let you register and authenticate users via your own back-end authentication systems.

For more information, see Using Federated Identities.

Amazon Cognito Sync: Amazon Cognito Sync is an AWS service that supports offline access and cross-device syncing of application-related user data. You can use Amazon Cognito Sync to synchronize user profile data across mobile devices and the web without requiring your own back end. The client libraries cache data locally so your app can read and write data regardless of device connectivity status. When the device is online, you can synchronize data, and if you set up push sync, notify other devices immediately that an update is available.

For more information, see Amazon Cognito Sync.

Accessing Amazon Cognito

Amazon Cognito can be accessed using the Amazon Cognito console, the AWS Command Line Interface, and the Amazon Cognito APIs.

Are You a First-Time Amazon Cognito User?

If you are a first-time user of Amazon Cognito, we recommend that you begin by reading the Getting Started guide.

You can also find information and links to videos, articles, documentation, and sample apps on our Developer Resources Page.

Pricing for Amazon Cognito

For information on Amazon Cognito pricing, see the Amazon Cognito Pricing Page.