Document history for Amazon Cognito - Amazon Cognito

Document history for Amazon Cognito

The following table describes important additions to the documentation for Amazon Cognito. We also make frequent minor updates to the documentation in response to the feedback that you send. To submit feedback, locate the Feedback link at the bottom of any page in Amazon Cognito documentation.

ChangeDescriptionDate

Added login_hint parameter.

You can now add a username hint to authorization requests for the hosted UI, OIDC IdPs, and Google IdPs.

October 3, 2024

New advanced security features for email MFA.

You can now send multi-factor authentication (MFA) codes by email message with advanced security features.

September 12, 2024

New content and page changes.

Modified titles, removed unneeded content, added scenario-based intros, moved user pools OIDC & hosted UI endpoints reference to user pools section.

September 9, 2024

Updated information about AmazonCognitoUnAuthedIdentitiesSessionPolicy.

The AWS managed policy for scope-down of unauthenticated identities in identity pools now pe rmits Amazon Location Service.

August 9, 2024

New threat prevention for custom authentication with Lambda triggers and enhanced threat detection.

You can now analyze custom authentication sign-in with threat protection and apply adaptive authentication responses. Threat protection also now analyzes sign-in traffic for impossible geographical distance between attempts.

August 8, 2024

New advanced security features for password reuse prevention and user-activity log export.

You can now export user activity logs and set a password-history policy with advanced security features in Amazon Cognito user pools.

August 6, 2024

Amazon Cognito is now available in the Canada West (Calgary) and Asia Pacific (Hong Kong) AWS Regions.

You can now create Amazon Cognito resources in the Canada West (Calgary)and Asia Pacific (Hong Kong) Regions.

July 9, 2024

Improved description of application behavior for advanced security

Updated information about device context data for advanced security adaptive authentication.

June 10, 2024

Added support for complex objects in pre token Lambda trigger

You can now add arrays and JSON objects to ID and access token claims.

May 30, 2024

Updated information about Verified Permissions and Amazon Cognito.

Amazon Verified Permissions now has more direct integration with Amazon Cognito.

May 15, 2024

Multi-Region Amazon SES verified identities.

In some AWS Regions without Amazon SES, Amazon Cognito user pools load balance email between two remote Regions.

May 10, 2024

Added information about M2M authorization and managing costs.

Learn how to use client credentials grants for machine-to-machine (M2M) use cases with Amazon Cognito user pools.

May 9, 2024

Amazon Cognito is now available in the Europe (Spain) and Asia Pacific (Hyderabad) AWS Regions.

You can now create Amazon Cognito resources in the Europe (Spain) and Asia Pacific (Hyderabad) Regions.

April 15, 2024

Amazon Cognito is now available in the Asia Pacific (Melbourne) AWS Region.

You can now create Amazon Cognito resources in the Asia Pacific (Melbourne) Region.

April 4, 2024

Added an example Android app in Flutter for Amazon Cognito user pools.

You can build a starter mobile app for Amazon Cognito from an example Flutter application on GitHub.

April 4, 2024

New getting-started content

Expanded content for getting started, common scenarios, multi-tenant best practices, and accessing resources after sign-in.

April 1, 2024

Amazon Cognito is now available in the Europe (Zurich) AWS Region.

You can now create Amazon Cognito resources in the Europe (Zurich) Region.

March 14, 2024

Amazon Cognito is now available in the Middle East (UAE) AWS Region.

You can now create Amazon Cognito resources in the Middle East (UAE) Region.

March 8, 2024

New SAML features and improved content.

You can now sign SAML requests, encrypt SAML responses, and set up IdP-initiated SAML SSO.

February 1, 2024

Quota increases available.

You can now purchase additional capacity for Amazon Cognito request-rate quotas.

January 25, 2024

Amazon Cognito identity pools support request rates in Service Quotas.

You can now monitor requests-per-second (RPS) quotas for Amazon Cognito identity pools and request increase in the Service Quotas console.

December 19, 2023

Added a new feature for customization of the contents of access tokens.

You can now add, modify, and remove claims and scopes in user pool access tokens.

December 12, 2023

Improved content about app clients and OAuth scopes.

Clarity edits and corrections to Application-specific settings with app clients and Scopes, M2M, and APIs with resource servers. Removed legacy console instructions.

November 14, 2023

Improved content about devices and device authentication.

New content about the use of device keys and device SRP authentication.

October 18, 2023

Updated AWS Management Console guidance.

Removed user pools console reference and redistributed topics within related subjects, and added guidance to tab-based organization in Amazon Cognito console.

August 30, 2023

De-emphasized direct access to LOGIN endpoint.

Added a visual overview of the user pool Login endpoint and emphasized starting authentication with Authorize endpoint.

August 30, 2023

Amazon Cognito is now available in the Asia Pacific (Osaka) and Israel (Tel Aviv) AWS Regions.

You can now create Amazon Cognito resources in the Asia Pacific (Osaka) and Israel (Tel Aviv) Regions.

August 30, 2023

Introduced information about authorization for Amazon Cognito with Amazon Verified Permissions.

In your app, you can invoke the Verified Permissions API to produce access decisions from a central authority.

August 1, 2023

Added a new feature for logging user pool detailed user activity to Amazon CloudWatch Logs.

You can now log email and SMS message delivery errors to CloudWatch log groups.

August 1, 2023

Updated information about AWS managed policy for identity pool guest users.

Permissions scope-down for identity pool guest users now includes both an inline session policy and an AWS managed session policy.

May 16, 2023

Content improvement and new console instructions for Amazon Cognito identity pools.

Added new console walkthroughs to reflect the new console experience, improved code integration details for identity pools.

May 16, 2023

Additions and improvements to service homepage and user pools homepage.

Updated overview pages for Amazon Cognito and user pools.

May 16, 2023

General improvements to user pool token documentation.

Updated example tokens, added new information about verifying tokens.

February 16, 2023

You can now log Amazon Cognito identity pools data events in AWS CloudTrail.

CloudTrail supports the selection of Amazon Cognito identity pools high-volume API operations in trails that log data events.

February 15, 2023

Updated Lambda trigger examples and descriptions.

Lambda trigger examples are updated to JavaScript version 3. You can now directly correlate Lambda triggers to API actions.

January 31, 2023

Amazon Cognito identity pools apply an AWS managed policy to unauthenticated sessions.

Identity pool users who authenticate using the enhanced flow now have an additional AWS managed policy applied to their session.

January 31, 2023

Added code examples.

This guide now includes example code for your Amazon Cognito app in a variety of programming langages.

January 23, 2023

Added information about API models and authentication with Amazon Cognito user pools.

Amazon Cognito user pools have multiple API interfaces and formats for request authorization.

December 15, 2022

Amazon Cognito is now available in the Europe (Milan) AWS Region.

You can now create Amazon Cognito user pools in the Europe (Milan) Region.

December 6, 2022

Added information about user pool deletion protection.

When you create a new user pool with the AWS Management Console, it's now protected against deletion by default.

October 20, 2022

Added a user guide for the hosted UI, and information about TOTP MFA in the hosted UI.

Your users can now register a TOTP MFA device in the Amazon Cognito hosted UI. You can now preview the default hosted UI.

September 8, 2022

Added information about AWS WAF and Amazon Cognito.

You can now associate a AWS WAF web ACL with a Amazon Cognito user pool.

August 3, 2022

Added more example AWS CloudTrail events.

Amazon Cognito now logs federation and hosted UI requests to your trail.

June 15, 2022

Added information about two-step attribute verification.

You can now choose whether your user must verify a new email address or phone number before they can sign in with it.

June 9, 2022

Updated federation documentation. New IP address propagation feature.

Updated walkthroughs for setting up user pool social IdPs. Added information about federated user profiles and attribute mapping. Added new information about device fingerprints for advanced security.

May 31, 2022

Sign in federated users without interaction with the hosted UI

Added a new page about how to bookmark applications so that Amazon Cognito silently directs users to federated sign-in.

May 29, 2022

In-Region SMS and email messaging for Amazon Cognito user pools

You can now use Amazon Simple Notification Service for SMS messages and Amazon Simple Email Service for email messages in the same AWS Region as your user pool.

March 14, 2022

Updates to quotas page

Added and clarified resource and request-rate quotas.

January 10, 2022

New Amazon Cognito user pools console experience

Updated instructions to create and manage user pools in the updated Amazon Cognito console.

November 18, 2021

RevokeToken API and Revocation Endpoint

You can use the RevokeToken operation to revoke a refresh token for a user.

June 10, 2021

Multi-tenant best practices

Added best practices for multi-tenant applications.

March 4, 2021

Attributes for access control

Amazon Cognito Identity Pools provide attributes for access control (AFAC) as a way for customers to grant users access to AWS resources. Authorization can be done based on users' attributes from the identity provider which they used to federate with Amazon Cognito.

January 15, 2021

Custom SMS Sender Lambda Trigger and Custom Email Sender Lambda Trigger

The Custom SMS Sender Lambda Trigger and Custom Email Sender Lambda Trigger allow you to enable a third-party provider to send email and SMS notifications to your users from within your Lambda function code.

November 30, 2020

Amazon Cognito token updates

Updated expiration information was added to Access, ID, and Refresh tokens.

October 29, 2020

Amazon Cognito Service Quotas

Service Quotas are available for Amazon Cognito category quotas. You can use the Service Quotas console to view quota usage, request a quota increase, and create CloudWatch alarms to monitor your quota usage. As part of this change the Available CloudWatch Metrics for Amazon Cognito User Pools section was updated to reflect the new information. The new section name is: Tracking quotas and usage in CloudWatch and Service Quotas

October 29, 2020

Amazon Cognito quota categorization

Quota categories are available to help you monitor quota usage and request an increase. The quotas are grouped into categories based on common use cases.

August 17, 2020

Amazon Cognito supported in US AWS GovCLoud

Amazon Cognito is now supported in the AWS GovCloud (US) Region.

May 13, 2020

Amazon Cognito Pinpoint document updates

New service-linked role was added. Instructions were updated on "Using Amazon Pinpoint Analytics with Amazon Cognito User Pools".

May 13, 2020

New Amazon Cognito dedicated security chapter

The Security chapter can help your organization get in-depth information about both the built-in and the configurable security of AWS services. Our new chapters provide information about the security of the cloud and in the cloud.

April 30, 2020

Amazon Cognito Identity Pools now supports Sign in with Apple

Sign in with Apple is available in all regions where Amazon Cognito operates, except cn-north-1 region.

April 7, 2020

New Facebook API Versioning

Added version selection to Facebook API.

April 3, 2020

Username case insensitivity update

Added recommendation about enabling username case insensitivity before creating a user pool.

February 11, 2020

New information about AWS Amplify

Added information about integrating Amazon Cognito with your web or mobile app by using AWS Amplify SDKs and libraries. Removed information about using the Amazon Cognito SDKs that preceded AWS Amplify.

November 22, 2019

New attribute for user pool triggers

Amazon Cognito now includes a clientMetadata parameter in the event information that it passes to the AWS Lambda functions for most user pool triggers. You can use this parameter to enhance your custom authentication workflow with additional data.

October 4, 2019

Updated limit

The throttling limit for the ListUsers API action is updated.

June 25, 2019

New limit

The soft limits for user pools now include a limit for the number of users.

June 17, 2019

Amazon SES email settings for Amazon Cognito user pools

You can configure a user pool so that Amazon Cognito emails your users by using your Amazon SES configuration. This setting allows Amazon Cognito to send email with a higher delivery volume than is otherwise possible.

April 8, 2019

Tagging support

Added information about tagging Amazon Cognito resources.

March 26, 2019

Change the certificate for a custom domain

If you use a custom domain to host the Amazon Cognito hosted UI, you can change the SSL certificate for this domain as needed.

December 19, 2018

New limit

A new limit is added for the maximum number of groups that each user can belong to.

December 14, 2018

Updated limits

The soft limits for user pools are updated.

December 11, 2018

Documentation update for verifying email addresses and phone numbers

Added information about configuring your user pool to require email or phone verification when a user signs up in your app.

November 20, 2018

Documentation update for testing emails

Added guidance for initiating emails from Amazon Cognito while you test your app.

November 13, 2018

Amazon Cognito Advanced Security

Added new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against compromised credentials, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt.

June 14, 2018

Custom Domains for Amazon Cognito Hosted UI

Allow developers to use their own fully custom domain for the hosted UI in Amazon Cognito User Pools.

June 4, 2018

Amazon Cognito User Pools OIDC Identity Provider

Added user pool sign-in through an OpenID Connect (OIDC) identity provider such as Salesforce or Ping Identity.

May 17, 2018

Amazon Cognito Lambda Migration Trigger

Added pages covering the Lambda Migration Trigger feature

April 8, 2018

Amazon Cognito Developer Guide Update

Added top level "What is Amazon Cognito" and "Getting Started with Amazon Cognito". Also added common scenarios and reorganized the user pools TOC. Added a new "Getting Started with Amazon Cognito user pools" section.

April 6, 2018

Amazon Cognito Advanced Security Beta

Added new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against credentials in the wild that have been compromised elsewhere on the internet, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt.

November 28, 2017

Amazon Pinpoint integration

Added the ability to use Amazon Pinpoint to provide analytics for your Amazon Cognito User Pools apps and to enrich the user data for Amazon Pinpoint campaigns.

September 26, 2017

Federation and built-in app UI features of Amazon Cognito user pools

Added the ability to allow your users to sign in to your user pool through Facebook, Google, Login with Amazon, or a SAML identity provider. Added a customizable built-in app UI and OAuth 2.0 support with custom claims.

August 10, 2017

HIPAA and PCI compliance-related feature changes

Added the ability to allow your users to use a phone number or email address as their user name.

July 6, 2017

User groups and role-based access control features

Added administrative capability to create and manage user groups. Administrators can assign IAM roles to users based on group membership and administrator-created rules.

December 15, 2016

Documentation update

Updated examples that show how to use AWS Lambda triggers with user pools.

November 27, 2016

Documentation update

Updated iOS code examples.

November 18, 2016

Documentation update

Added information about confirmation flow for user accounts.

November 9, 2016

Create user accounts feature

Added administrative capability to create user accounts through the Amazon Cognito console and the API.

October 6, 2016

User import feature

Added bulk import capability for Cognito User Pools. Use this feature to migrate users from your existing identity provider to an Amazon Cognito user pool.

September 1, 2016

General availability of Cognito User Pools

Added the Cognito User Pools feature. Use this feature to create and maintain a user directory and add sign-up and sign-in to your mobile app or web application using user pools.

July 28, 2016

SAML support

Added support for authentication with identity providers through Security Assertion Markup Language 2.0 (SAML 2.0).

June 23, 2016

CloudTrail integration

Added integration with AWS CloudTrail.

February 18, 2016

Integration of events with Lambda

Enables you to execute an AWS Lambda function in response to important events in Amazon Cognito.

April 9, 2015

Data stream to Amazon Kinesis

Provides control and insight into your data streams.

March 4, 2015

OpenID Connect support

Enables support for OpenID Connect providers.

November 23, 2014

Push synchronization

Enables support for silent push synchronization.

November 6, 2014

Developer-authenticated identities support added

Enables developers who own their own authentication and identity management systems to be treated as an identity provider in Amazon Cognito.

September 29, 2014

Amazon Cognito general availability

July 10, 2014