Create a user pool with AWS Cognito

Overview

Amazon Cognito not only lets you add user sign-up, authorization, sign-in, and access control to your web and mobile apps quickly and easily but also scales to millions of users. Moreover, your users can sign in through a third party such as Facebook, Amazon, or Google and enterprise identity providers via SAML 2.0.

Two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. What’s more, it also recorded all the users from your Web or application. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.

Scenario

Ｗith this lab, you will create your user pool use built-in webpages available for signing up and signing in your users. Amazon Cognito hosted UI is the foundation for other features such as the ability to sign in directly to your user poor thorough third party as well as through OpenID Connect(OIDC) and SAML identity providers.

Step by Step

Build a static web hosting

You will set up static web hosting on S3.

1. Download index.html.

2. On the service menu, choose S3.

3. Click create bucket and Create.

   • Bucket name: cognitoyourname.

4. Type your bucket name in the field of Search for buckets, then choose your bucket.

1. Click upload, select index.html and upload.

2. Choose Permissions tab and public access settings.

   • edit and unclick four option and save.

1. Enter confirm in the field and Confirm.

   

2. Select your index.html and click tab Permissions.

   • Select everyone and Read Object and save.

9. Return to the previous page.

1. Select Properties tab and choose static website hosting.

1. Select Use this bucket to host a website, input index.html and save.

   

Adding an App client

Create a client pool to log in your website.

1. Under Service menu, choose Cognito.

2. Choose left one Manage User Pools and Create a user pool storing user’s information.

3. Enter UserPool_yourname for Pool name and click Step through settings.

4. On the left panel, choose App clients and click add an app client.

5. Enter myclient_yourname on App client name, unclick Generate client secret and create.

   

6. Click Return to pool details and click Create pool.

7. On Enabled Identity Providers click Select All.

8. Enter S3 bucket's Object URL in Callback URL(s)

   • Go to S3 console and select your bucket and click index.html and copy Object URL.

   

9. Click Save changes and Choose domain name.

10. Enter yourname in your domain name or webpages you are willing to protect and click check availability to make sure your name is usable and Save changes.

Test your website

Login to your webpage

Log in to your web using AWS Cognito.

1. Open a new tab, enter
   

https://<your domain>/login?response_type=code&client_id=<your_app_client_id>&redirect_uri=<your_callback_url>

You can find your_domain on the left panel App integration and click Domain name.

You can find your_app_cleient_id, your_callback_url on the left panel App integration and click App client setting.

For example：

https://yourname.auth.yourregion.amazoncognito.com/login?response_type=token&client_id=1234xxxxxx123xxxx78x93x80x&redirect_uri=https://s3.amazonaws.com/yourbucketname/index.html

1. You can log in or register.

1. Sign up for an account.

1. Receive a verification email.

1. Login to your webpage sees this webpage.

1. Back to Cognito, you can check the account you registered.

Furthermore

User Pools

A user pool is a user directory in Amazon Cognito. Your users can sign in to your web or mobile app through Amazon Cognito, or federate through a third-party identity provider (IdP). No matter which one user chooses to log in, you can see all the member information in your AWS Cognito.

Identity Pools

With an identity pool, your users can obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB. I

Conclusion

You have learned how to write a login webpages with AWS Cognito. You can log in to webpages and register a new account. All the information will show on the AWS Cognito user pool.

Now you can try to create your own login webpages or application with AWS Cognito. Authentication, authorization, and user management for your web and mobile apps become a more and more important issue. Therefore, you should try AWS Cognito to protect your webpages.

Reference

1. AWS Cognito : here

2. AWS Cognito document: here