AWScloud~5 mins

Cognito for user authentication in AWS - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you build an app, you often need to check who is using it. Cognito helps you manage users and their sign-in securely without building everything yourself.

When you want users to sign up and sign in to your app easily.

When you need to keep user passwords safe without handling them directly.

When you want to add social login like Google or Facebook without extra coding.

When you want to control who can access your app with simple rules.

When you want to track user sessions and keep them logged in securely.

Config File - cognito-user-pool.json

cognito-user-pool.json

{
  "UserPoolName": "example-user-pool",
  "Policies": {
    "PasswordPolicy": {
      "MinimumLength": 8,
      "RequireUppercase": true,
      "RequireLowercase": true,
      "RequireNumbers": true,
      "RequireSymbols": false
    }
  },
  "AutoVerifiedAttributes": ["email"],
  "UsernameAttributes": ["email"],
  "MfaConfiguration": "OFF",
  "Schema": [
    {
      "Name": "email",
      "AttributeDataType": "String",
      "Required": true,
      "Mutable": true
    }
  ]
}

This JSON file defines a Cognito User Pool named example-user-pool. It sets password rules requiring at least 8 characters with uppercase, lowercase, and numbers. It uses email as the username and verifies email automatically. Multi-factor authentication is off for simplicity. The schema requires the email attribute for each user.

Commands

This command creates a new user pool in AWS Cognito using the settings from the JSON file. It sets up the user directory and rules for your app.

Terminal

aws cognito-idp create-user-pool --cli-input-json file://cognito-user-pool.json

Expected OutputExpected

{ "UserPool": { "Id": "us-east-1_Abc123XYZ", "Name": "example-user-pool", "Status": "Enabled", "LastModifiedDate": 1686000000.0, "CreationDate": 1686000000.0 } }

→

--cli-input-json - Specifies the JSON file with user pool configuration

This command lists up to 10 user pools in your AWS account to verify that the new user pool was created successfully.

Terminal

aws cognito-idp list-user-pools --max-results 10

Expected OutputExpected

{ "UserPools": [ { "Id": "us-east-1_Abc123XYZ", "Name": "example-user-pool" } ] }

→

--max-results - Limits the number of user pools returned

This command shows detailed information about the user pool you created, confirming its settings and status.

Terminal

aws cognito-idp describe-user-pool --user-pool-id us-east-1_Abc123XYZ

Expected OutputExpected

{ "UserPool": { "Id": "us-east-1_Abc123XYZ", "Name": "example-user-pool", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireUppercase": true, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": false } }, "AutoVerifiedAttributes": ["email"], "MfaConfiguration": "OFF" } }

→

--user-pool-id - Specifies which user pool to describe

Key Concept

If you remember nothing else from this pattern, remember: Cognito user pools let you manage user sign-up and sign-in securely without building your own system.

Common Mistakes

Not specifying the correct JSON file path in the create-user-pool command.

The command fails because it cannot find the configuration to create the user pool.

Use the full path or correct relative path with file:// prefix, like file://cognito-user-pool.json.

Using an incorrect user pool ID when describing or managing the pool.

AWS returns an error because the user pool ID does not exist or is mistyped.

Copy the user pool ID exactly from the create or list command output.

Not verifying the user pool after creation.

You might think the pool was created but it could have failed silently or with errors.

Always run list-user-pools or describe-user-pool to confirm creation and settings.

Summary

Create a Cognito user pool with a JSON config file defining user and password rules.

Use AWS CLI commands to create, list, and describe the user pool to confirm it is ready.

This setup lets your app securely manage user sign-up and sign-in without building your own system.