Configuring Email or Phone Verification - Amazon Cognito

Configuring Email or Phone Verification

You can choose settings for email or phone verification in the MFA and verifications tab. For more information on MFA,see SMS Text Message MFA

Amazon Cognito can automatically verify email addresses or mobile phone numbers by sending a verification code—or, for email, a verification link. For email addresses, the code or link is sent in an email message. For phone numbers, the code is sent in an SMS text message.

Verification of a phone or email is necessary to automatically confirm users and enable recovery from forgotten passwords. Alternatively, you can automatically confirm users with the pre-sign up Lambda trigger or by using the AdminConfirmSignUp API. For more information, see Signing Up and Confirming User Accounts.

The verification code or link is valid for 24 hours.

If verification is selected as required for email or phone, the verification code or link is automatically sent when a user signs up.

  • Use of SMS text messaging for verifying phone numbers is charged separately by Amazon SNS. (There is no charge for sending verification codes to email addresses.) For information about Amazon SNS pricing, see Worldwide SMS Pricing. For the current list of countries where SMS messaging is available, see Supported Regions and Countries.

  • When you test actions in your app that initiate emails from Amazon Cognito, use a real email address that Amazon Cognito can send to without incurring hard bounces. For more information, see Sending Emails While Testing Your App.

  • The forgotten password flow requires either the user's email or the user's phone number to be verified.


If a user signs up with both a phone number and an email address, and your user pool settings require verification of both attributes, a verification code is sent via SMS to the phone. The email address is not verified, so your app needs to call GetUser to see if an email address is awaiting verification. If it is, the app should call GetUserAttributeVerificationCode to initiate the email verification flow and then submit the verification code by calling VerifyUserAttribute.

Spend limits can be specified for an AWS account and for individual messages, and the limits apply only to the cost of sending SMS messages. For more information, see Amazon SNS FAQs.

Authorizing Amazon Cognito to Send SMS Messages on Your Behalf

To send SMS messages to your users on your behalf, Amazon Cognito needs your permission. To grant that permission, you can create an AWS Identity and Access Management (IAM) role in the MFA and verifications tab of the Amazon Cognito console by choosing Create role.