Using the Amazon Cognito domain for the hosted UI - Amazon Cognito

Using the Amazon Cognito domain for the hosted UI

After setting up an app client, you can configure the address for your sign-up and sign-in webpages. You can use the hosted Amazon Cognito domain with your own domain prefix.

Note

To augment the security of your Amazon Cognito applications, the parent domains of user pool endpoints are registered in the Public Suffix List (PSL). The PSL helps your users' web browsers establish a consistent understanding of your user pool endpoints and the cookies they set.

User pool endpoint parent domains take the following formats.

auth.Region.amazoncognito.com auth-fips.Region.amazoncognito.com

To add an app client and an Amazon Cognito hosted domain with the AWS Management Console, see Creating an app client.

Prerequisites

Before you begin, you need:

Step 1: Configure a hosted user pool domain

You can use either the AWS Management Console or the AWS CLI or API to configure a user pool domain.

Amazon Cognito console
Configure a domain
  1. Navigate to the App integration tab for your user pool.

  2. Next to Domain, choose Actions and select Create custom domain or Create Amazon Cognito domain. If you have already configured a user pool domain, choose Delete Amazon Cognito domain or Delete custom domain before creating your new custom domain.

  3. Enter an available domain prefix to use with a Amazon Cognito domain. For information on setting up a Custom domain, see Using your own Domain for the hosted UI

  4. Choose Create.

CLI/API

Use the following commands to create a domain prefix and assign it to your user pool.

To configure a user pool domain
  • AWS CLI: aws cognito-idp create-user-pool-domain

    Example: aws cognito-idp create-user-pool-domain --user-pool-id <user_pool_id> --domain <domain_name>

  • AWS API: CreateUserPoolDomain

To get information about a domain
  • AWS CLI: aws cognito-idp describe-user-pool-domain

    Example: aws cognito-idp describe-user-pool-domain --domain <domain_name>

  • AWS API: DescribeUserPoolDomain

To delete a domain
  • AWS CLI: aws cognito-idp delete-user-pool-domain

    Example: aws cognito-idp delete-user-pool-domain --domain <domain_name>

  • AWS API: DeleteUserPoolDomain

Step 2: Verify your sign-in page

  • Verify that the sign-in page is available from your Amazon Cognito hosted domain.

    https://<your_domain>/login?response_type=code&client_id=<your_app_client_id>&redirect_uri=<your_callback_url>

Your domain is shown on the Domain name page of the Amazon Cognito console. Your app client ID and callback URL are shown on the App client settings page.