Tracking quotas and usage in CloudWatch and Service Quotas - Amazon Cognito

Tracking quotas and usage in CloudWatch and Service Quotas

You can monitor Amazon Cognito user pools using Amazon CloudWatch or using Service Quotas. CloudWatch collects raw data and processes it into readable, near-real-time metrics. In CloudWatch, you can set alarms that watch for certain thresholds and send notifications or take actions when those thresholds are met. To create a CloudWatch alarm for a service quota, see Create a CloudWatch alarm. Amazon Cognito metrics are available at five minute intervals. For more information about retention periods in CloudWatch, visit the Amazon CloudWatch FAQ page.

You can use Service Quotas to view and manage your Amazon Cognito User Pools quota usage. The Service Quotas console has three features, view service quotas, request a service quota increase, and view current utilization. You can use the first feature to view quotas and see whether the quota is adjustable. You can use the second feature to request a Service Quotas increase. You can use the last feature to view quota utilization. This feature is only available after your account has been active for awhile. For more information on viewing quotas in the Service Quotas console, see View your Service Quotas utilization.

Note

Amazon Cognito metrics are available at 5 minute intervals. For more information about retention periods in CloudWatch, visit the Amazon CloudWatch FAQ page.

Metrics for Amazon Cognito User Pools

The following table lists the metrics available for Amazon Cognito user pools.

Note

Metrics that haven't had any new data points in the past two weeks don't appear in the console. They also don't appear when you enter their metric name or dimension names in the search box in the All metrics tab in the console. In addition, they are not returned in the results of a list-metrics command. The best way to retrieve these metrics is with the get-metric-data or get-metric-statistics commands in the AWS CLI.

Metric Description
SignUpSuccesses

Provides the total number of successful user registration requests made to the Amazon Cognito user pool. A successful user registration request produces a value of 1, whereas an unsuccessful request produces a value of 0. A throttled request is also considered as an unsuccessful request, and hence a throttled request will also produce a count of 0.

To find the percentage of successful user registration requests, use the Average statistic on this metric. To count the total number of user registration requests, use the Sample Count statistic on this metric. To count the total number of successful user registration requests, use the Sum statistic on this metric. To count the total number of failed user registration requests, use the CloudWatch Math expression and subtract the Sum statistic from the Sample Count statistic.

This metric is published for each user pool for each user pool client. In case when the user registration is performed by an admin, the metric is published with the user pool client as Admin.

Note that this metric is not emitted for User Import and User Migration cases.

Metric dimension: UserPool, UserPoolClient

Units: Count

SignUpThrottles

Provides the total number of throttled user registration requests made to the Amazon Cognito user pool. A count of 1 is published whenever a user registration request is throttled.

To count the total number of throttled user registration requests, use the Sum statistic for this metric.

This metric is published for each user pool for each client. In case when the request that was throttled was made by an administrator, the metric is published with user pool client as Admin.

Metric dimension: UserPool, UserPoolClient

Units: Count

SignInSuccesses

Provides the total number of successful user authentication requests made to the Amazon Cognito user pool. A user authentication is considered successful when authentication token is issued to the user. A successful authentication produces a value of 1, whereas an unsuccessful request produces a value of 0. A throttled request is also considered as an unsuccessful request, and hence a throttled request will also produce a count of 0.

To find the percentage of successful user authentication requests, use the Average statistic on this metric. To count the total number of user authentication requests, use the Sample Count statistic on this metric. To count the total number of successful user authentication requests, use the Sum statistic on this metric. To count the total number of failed user authentication requests, use the CloudWatch Math expression and subtract the Sum statistic from the Sample Count statistic.

This metric is published for each user pool for each client. In case an invalid user pool client is provided with a request, the corresponding user pool client value in the metric contains a fixed value Invalid instead of the actual invalid value sent in the request.

Note that requests to refresh the Amazon Cognito token is not included in this metric. There is a separate metric for providing Refresh token statistics.

Metric dimension: UserPool, UserPoolClient

Units: Count

SignInThrottles

Provides the total number of throttled user authentication requests made to the Amazon Cognito user pool. A count of 1 is published whenever an authentication request is throttled.

To count the total number of throttled user authentication requests, use the Sum statistic for this metric.

This metric is published for each user pool for each client. In case an invalid user pool client is provided with a request, the corresponding user pool client value in the metric contains a fixed value Invalid instead of the actual invalid value sent in the request.

Requests to refresh Amazon Cognito token is not included in this metric. There is a separate metric for providing Refresh token statistics.

Metric dimension: UserPool, UserPoolClient

Units: Count

TokenRefreshSuccesses

Provides the total number of successful requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. A successful refresh Amazon Cognito token request produces a value of 1, whereas an unsuccessful request produces a value of 0. A throttled request is also considered as an unsuccessful request, and hence a throttled request will also produce a count of 0.

To find the percentage of successful requests to refresh an Amazon Cognito token, use the Average statistic on this metric. To count the total number of requests to refresh an Amazon Cognito token, use the Sample Count statistic on this metric. To count the total number of successful requests to refresh an Amazon Cognito token, use the Sum statistic on this metric. To count the total number of failed requests to refresh an Amazon Cognito token, use the CloudWatch Math expression and subtract the Sum statistic from the Sample Count statistic.

This metric is published per each user pool client. If an invalid user pool client is in a request, the user pool client value contains a fixed value of Invalid..

Metric dimension: UserPool, UserPoolClient

Units: Count

TokenRefreshThrottles

Provides the total number of throttled requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. A count of 1 is published whenever a refresh Amazon Cognito token request is throttled.

To count the total number of throttled requests to refresh an Amazon Cognito token, use the Sum statistic for this metric.

This metric is published for each user pool for each client. In case an invalid user pool client is provided with a request, corresponding user pool client value in the metric contains a fixed value Invalid instead of the actual invalid value sent in the request.

Metric dimension: UserPool, UserPoolClient

Units: Count

FederationSuccesses

Provides the total number of successful identity federation requests to the Amazon Cognito user pool. A successful identity federation request produces a value of 1, whereas an unsuccessful request produces a value of 0. A throttled request is also considered as an unsuccessful request, and hence a throttled request will also produce a count of 0.

To find the percentage of successful identity federation requests, use the Average statistic on this metric. To count the total number of identity federation requests, use the Sample Count statistic on this metric. To count the total number of successful identity federation requests, use the Sum statistic on this metric. To count the total number of failed identity federation requests, use the CloudWatch Math expression and subtract the Sum statistic from the Sample Count statistic.

Metric dimension: UserPool, UserPoolClient, IdentityProvider

Units: Count

FederationThrottles

Provides the total number of throttled identity federation requests to the Amazon Cognito user pool. A count of 1 is published whenever an identity federation request is throttled.

To count the total number of throttled identity federation requests, use the Sum statistic for this metric.

Metric dimension: UserPool, UserPoolClient, IdentityProvider

Units: Count

CallCount

Provides the total number of calls customers made related to a category. This metric includes all the calls, such as throttled calls, failed calls, and successful calls.

This metric is available in the Usage nameSpace.

The category quota is enforced for each AWS account across all user pools in an account and Region.

You can count the total number of calls in a category using the Sum statistic for this metric.

Metric dimension: Service, Type, Resource, Class

Units: Count

ThrottleCount

Provides the total number of throttled calls related to a category.

This metric is available in the Usage nameSpace.

This metric is published at the account level.

You can count the total number of calls in a category, using the Sum statistic for this metric.

Metric dimension: Service, Type, Resource, Class

Units: Count

Dimensions for Amazon Cognito User Pools

The following dimensions are used to refine the usage metrics that are published by Amazon Cognito. The dimensions only apply to CallCount and ThrottleCount metrics.

Dimension Description

Service

The name of the AWS service containing the resource. For Amazon Cognito usage metrics, the value for this dimension is Cognito user pool.

Type

The type of entity that is being reported. The only valid value for Amazon Cognito usage metrics is API.

Resource

The type of resource that is running. The only valid value is category name.

Class

The class of resource being tracked. Amazon Cognito doesn't use the class dimension.

Use the Service Quotas console to track metrics

Amazon Cognito User Pools is integrated with Service Quotas, which is a service that enables you to view and manage your quotas from a central location. You can use the Service Quotas console to view details about a specific quota, monitor quota utilization, request a quota increase, and create a CloudWatch alarm to track your quota utilization.

To view Amazon Cognito User Pools service quotas utilization, complete the following steps.

  1. Open the Service Quotas console.

  2. In the navigation pane, choose AWS services.

  3. From the AWS services list, enter Amazon Cognito User Pools in the search field. The service quota page appears.

  4. Scroll down to Monitoring.

  5. In Monitoring you can view current service quota utilization in the graph.

  6. In Monitoring select either one hour, three hours, twelve hours, one day, three days, or one week.

  7. Select any area inside of the graph to view the service quota utilization percentage. From here, you can add the graph to your dashboard or use the action menu to select View in metrics, which will take you to the related metrics in the CloudWatch console.

Use the CloudWatch console to track metrics

You can track and collect Amazon Cognito User Pools metrics using CloudWatch. The CloudWatch dashboard will display metrics about every AWS service you use. You can use CloudWatch to create metric alarms. The alarms can be setup to send you notifications or make a change to a specific resource that you are monitoring. To view service quota metrics in CloudWatch, complete the following steps.

  1. Open the CloudWatch console.

  2. In the navigation pane, choose Metrics.

  3. In All metrics select a metric and a dimension.

  4. Select the check box next to a metric. The metrics will appear in the graph.

Note

Metrics that haven't had any new data points in the past two weeks don't appear in the console. They also don't appear when you enter their metric name or dimension names in the search box in the All metrics tab in the console, and they are not returned in the results of a list-metrics command. The best way to retrieve these metrics is with the get-metric-data or get-metric-statistics commands in the AWS CLI.