Using the Amazon Cognito console - Amazon Cognito

Using the Amazon Cognito console

You can use the Amazon Cognito console to create and manage user pools and identity pools.

This guide provides step-by-step walkthroughs for common Amazon Cognito user pool tasks in the Amazon Cognito console.

To use the Amazon Cognito console

  1. To use Amazon Cognito, you need to sign up for an AWS account.

  2. Go to the Amazon Cognito console. You might be prompted for your AWS credentials.

  3. To create or edit a user pool, choose User Pools from the left navigation pane.

    For more information, see Getting started with user pools.

  4. To create or edit an identity pool, choose Identity pools. You will be directed to the original console for Amazon Cognito identity pools.

    For more information, see Getting started with Amazon Cognito identity pools.

The Amazon Cognito console is a part of the AWS Management Console, which provides information about your account and billing. For more information, see Working with the AWS Management Console.

Amazon Cognito console

The user pools console

From the User pools view in the Amazon Cognito console, choose a user pool from the list to view details. In the detailed view, the User pool overview at the top of the console contains basic information about your user pool. The following tabs organize your user pool configuration into related functions.

Users

The Users tab contains information about users and user imports from CSV files. You can add, remove, and edit users in this tab.

Groups

The Groups tab contains information about user groups. You can add, modify, and change membership in groups, and change the IAM roles that are associated with groups for identity-pool integration.

Sign-in experience

The Sign-in experience tab contains information about how users sign in to your user pool. In this tab are third-party identity providers, username options, the password policy, multi-factor authentication (MFA) configuration, forgot-password behavior, and device remembering. You can add and modify identity providers, and change the overall sign-in behavior of your user pool.

Sign-up experience

The Sign-up experience tab contains information about self-service sign-up, required attributes, verifying phone numbers and email addresses, and custom attributes.

Messaging

The Messaging tab contains information about the AWS services that you want to use to send email and SMS messages to your users, and the format of the messages that you want to send them.

App integration

The App integration tab contains information about user pool app clients, the domain that you assign to your user pool service endpoints, API resource servers, the hosted UI, and advanced security. You can drill down into each app client to configure the following.

  1. Token settings

  2. Callback URLs

  3. Authentication flows

  4. Attribute permissions

  5. App-specific advanced security and hosted UI settings

  6. Amazon Pinpoint analytics

Advanced security

The Advanced security tab contains information about advanced security threat protection and other advanced security features.

User pool properties

The User pool properties tab contains information about user pool configuration not directly related to users: Lambda triggers, AWS WAF web ACL protection, deletion protection, and resource tags.

The identity pools console

From the Identity pools view in the Amazon Cognito console, choose an identity pool from the list to view details. In the detailed view, the Identity pool overview at the top of the console contains basic information about your user pool. The following tabs organize your user pool configuration into related functions.

User statistics

The User statistics tab displays statistical information about the users who have generated identities in your identity pool. You can't configure any identity pool settings in this tab.

Identity browser

The Identity browser tab contains information about the individual identities that users have generated in your identity pool. You can view and delete identities.

User access

The User access tab contains information about the identity providers you've linked to your identity pool, developer providers, the default IAM roles assigned to identities, and unauthenticated guest access configuration. You can drill down into each identity provider to configure the following.

  1. Role-based access control with IAM Role selection

  2. Attribute-based access control with Attributes for access control

Identity pool properties

The Identity pool properties tab contains information about miscellaneous identity pool configuration: basic (classic) authentication and resource tags.