Using the Amazon Cognito console

You can use the Amazon Cognito console to create and manage user pools and identity pools.

This guide provides step-by-step walkthroughs for common Amazon Cognito user pool tasks in the Amazon Cognito console.

To use the Amazon Cognito console

1. To use Amazon Cognito, you need to sign up for an AWS account.

2. Go to the Amazon Cognito console. You might be prompted for your AWS credentials.

3. To create or edit a user pool, choose User Pools from the left navigation pane.

   For more information, see Getting started with user pools.

4. To create or edit an identity pool, choose Identity pools. You will be directed to the original console for Amazon Cognito identity pools.

   For more information, see Getting started with Amazon Cognito identity pools.

The Amazon Cognito console is a part of the AWS Management Console, which provides information about your account and billing. For more information, see Working with the AWS Management Console.

The user pools console

From the User pools view in the Amazon Cognito console, choose a user pool from the list to view details. In the detailed view, the User pool overview at the top of the console contains basic information about your user pool. The following tabs organize your user pool configuration into related functions.

Users

The Users tab contains information about users and user imports from CSV files. You can add, remove, and edit users in this tab.

References

• Managing users in your user pool

• Importing users into user pools from a CSV file

Groups

The Groups tab contains information about user groups. You can add, modify, and change membership in groups, and change the IAM roles that are associated with groups for identity-pool integration.

References

• Adding groups to a user pool

Sign-in experience

The Sign-in experience tab contains information about how users sign in to your user pool. In this tab are third-party identity providers, username options, the password policy, multi-factor authentication (MFA) configuration, forgot-password behavior, and device remembering. You can add and modify identity providers, and change the overall sign-in behavior of your user pool.

References

• Adding user pool sign-in through a third party

• Customizing sign-in attributes

• Adding user pool password requirements

• Adding MFA to a user pool

• Passwords, password recovery, and password policies

• Working with user devices in your user pool

Sign-up experience

The Sign-up experience tab contains information about self-service sign-up, required attributes, verifying phone numbers and email addresses, and custom attributes.

References

• Signing up and confirming user accounts

• Working with user attributes

• Verifying contact information at sign-up

Messaging

The Messaging tab contains information about the AWS services that you want to use to send email and SMS messages to your users, and the format of the messages that you want to send them.

References

• Email settings for Amazon Cognito user pools

• SMS message settings for Amazon Cognito user pools

• Configuring verification and invitation messages

App integration

The App integration tab contains information about user pool app clients, the domain that you assign to your user pool service endpoints, API resource servers, the hosted UI, and advanced security. You can drill down into each app client to configure the following.

1. Token settings

2. Callback URLs

3. Authentication flows

4. Attribute permissions

5. App-specific advanced security and hosted UI settings

6. Amazon Pinpoint analytics

References

• Application-specific settings with app clients

• Managing the hosted UI and authorization server

• Configuring a user pool domain

• Scopes, M2M, and APIs with resource servers

• Using Amazon Pinpoint for user pool analytics

Advanced security

The Advanced security tab contains information about advanced security threat protection and other advanced security features.

References

• User pool advanced security features

User pool properties

The User pool properties tab contains information about user pool configuration not directly related to users: Lambda triggers, AWS WAF web ACL protection, deletion protection, and resource tags.

References

• Customizing user pool workflows with Lambda triggers

• Associating an AWS WAF web ACL with a user pool

• User pool deletion protection

• Tagging your AWS resources

The identity pools console

From the Identity pools view in the Amazon Cognito console, choose an identity pool from the list to view details. In the detailed view, the Identity pool overview at the top of the console contains basic information about your user pool. The following tabs organize your user pool configuration into related functions.

User statistics

The User statistics tab displays statistical information about the users who have generated identities in your identity pool. You can't configure any identity pool settings in this tab.

Identity browser

The Identity browser tab contains information about the individual identities that users have generated in your identity pool. You can view and delete identities.

References

• Getting started with Amazon Cognito identity pools

User access

The User access tab contains information about the identity providers you've linked to your identity pool, developer providers, the default IAM roles assigned to identities, and unauthenticated guest access configuration. You can drill down into each identity provider to configure the following.

1. Role-based access control with IAM Role selection

2. Attribute-based access control with Attributes for access control

References

• Identity pools third-party identity providers

• IAM roles

• Authenticated and unauthenticated identities

• Developer-authenticated identities

• Using role-based access control

• Using attributes for access control

Identity pool properties

The Identity pool properties tab contains information about miscellaneous identity pool configuration: basic (classic) authentication and resource tags.

• Identity pools authentication flow

• Tagging your AWS resources