AWScloud~30 mins

Cognito for user authentication in AWS - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Cognito for user authentication

📖 Scenario: You are building a simple web application that needs user login and registration. To manage users securely, you will use AWS Cognito, a service that handles user authentication and user pools.

🎯 Goal: Create an AWS Cognito User Pool with basic settings to enable user sign-up and sign-in.

📋 What You'll Learn

Create a Cognito User Pool named exactly MyUserPool

Set the User Pool to allow email as a sign-in alias

Enable self sign-up for users

Configure password policy to require a minimum length of 8 characters

Add an app client named exactly MyUserPoolClient without generating a client secret

💡 Why This Matters

🌍 Real World

AWS Cognito is widely used to manage user authentication securely without building your own login system.

💼 Career

Understanding how to configure Cognito user pools is essential for cloud engineers and developers working on secure web and mobile applications.

Progress0 / 4 steps

Create the Cognito User Pool resource

Create an AWS Cognito User Pool resource named MyUserPool using AWS CloudFormation syntax. Set the pool name to MyUserPool.

AWS

# Define the AWS::Cognito::UserPool resource named MyUserPool
# Your code here

Need a hint?

Use AWS CloudFormation syntax to define a resource of type AWS::Cognito::UserPool with the name MyUserPool.

Configure sign-in aliases and enable self sign-up

Add properties to the MyUserPool resource to allow users to sign in using their email address. Also enable self sign-up by setting AllowAdminCreateUserOnly to false.

AWS

Resources:
  MyUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: MyUserPool
      # Add sign-in aliases and self sign-up settings here
      # Your code here

Need a hint?

Set UsernameAttributes and AutoVerifiedAttributes to email. To enable self sign-up, set AllowAdminCreateUserOnly to false under AdminCreateUserConfig.

Set password policy for the user pool

Add a password policy to the MyUserPool resource that requires a minimum password length of 8 characters.

AWS

Resources:
  MyUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: MyUserPool
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: false
      # Add password policy here
      # Your code here

Need a hint?

Under Policies, add PasswordPolicy with MinimumLength set to 8.

Create an app client for the user pool

Create an AWS Cognito User Pool Client resource named MyUserPoolClient linked to the MyUserPool. Do not generate a client secret.

AWS

Resources:
  MyUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UserPoolName: MyUserPool
      UsernameAttributes:
        - email
      AutoVerifiedAttributes:
        - email
      AdminCreateUserConfig:
        AllowAdminCreateUserOnly: false
      Policies:
        PasswordPolicy:
          MinimumLength: 8
  # Define the User Pool Client MyUserPoolClient here
  # Your code here

Need a hint?

Define a resource of type AWS::Cognito::UserPoolClient named MyUserPoolClient. Set UserPoolId to reference MyUserPool and GenerateSecret to false.