Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a username and password, or through a third party such as Facebook, Amazon, Google, or Apple.

There are two main components of amazon Cognito

In this article, we will guide you on how to create a user pool in Cognito using the AWS console.

Table of Content :

Go to the Amazon Cognito console.



Choose User Pools.

In the top-right corner of the page, choose to Create a user pool to start the user pool creation wizard.

Click on Manage User Pools.



Click on the right-hand side button called ad Create a user pool.

please choose Cognito user pool sign-in options. as User name Email Phone number, you can select all as well.



we can configure Amazon Cognito in such a way that users can sign in with their email, phone, or user name. If you enable sign-in with a user name, you can set a "preferred user name" attribute (preferred_username) which will work as an alternate value for the username attribute (username).

In the User name requirements, you can select Allow users to sign in with a preferred user name or Make user name case sensitive, or both as well.




Then select next. in Password policy, you can choose Cognito defaults mode or Custom Use password requirements that you define.





We select it as custom and we entered the password minimum length as 12.

We entered Temporary passwords set by administrators expiring in 7 days.

MFA methods

Multi-factor authentication section, we select Require MFA - Recommended Users must provide an additional authentication factor when signing in. as MFA enforcement.

In the MFA methods section, we selected Authenticator apps.

User Account Recovery Section

In the User account recovery section, we selected Email if available, otherwise SMS. means id user email is the available password reset instruction set on the email else it will be sent on mobile.




Then select next.

In Configure sign-up experience section, Select Enable self-registration.

In Cognito-assisted verification and confirmation, Select Allow Cognito to automatically send messages to verify and confirm.

Attribute verification and user account confirmation

In the Attribute verification and user account confirmation section, select Allow Cognito to automatically send messages to verify and confirm.




In the Attributes to verify section, select Send email message, verify the email address.

Verifying attribute Change

In Verifying attribute change section. uncheck Keep the original attribute value active when an update is pending.

then select required attribute Required attributes from the dropdown.

We have added status country department and officeCode as custom attributes.



you can add custom attributes using AWS CLI as well.

aws cognito-idp add-custom-attributes --user-pool-id us-east-2_iWukNNeMU --custom-attributes Name="officeCode",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,Mutable=true,StringAttributeConstraints="{MinLength=1,MaxLength=15}" Name="profileType",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,Mutable=true,StringAttributeConstraints="{MinLength=1,MaxLength=256}" Name="administrator",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,Mutable=true,StringAttributeConstraints="{MinLength=1,MaxLength=15}" Name="status",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,Mutable=true,StringAttributeConstraints="{MinLength=1,MaxLength=256}" Name="externalUserId",AttributeDataType="String",DeveloperOnlyAttribute=false,Required=false,Mutable=true,StringAttributeConstraints="{MinLength=1,MaxLength=256}"

you can add more attributes as given above.


Configure Message Delivery

In configure message delivery section

Configure message delivery- select from emailID




Create a new IAM role

In the SMS section select Create a new IAM role, and add the name as EmployeeAppSMSRole




Then Select Next.

Enter pool name as employee-app-pool.


Initial App Client SettingInitial App Client Setting

Then enter the Initial app client name as

employee-app-client

In Client secret, select Generate a client secret.





in the Advanced app client settings and Attribute read and write permissions section, keep all values as default.



Then select Next.

In the Review and create a section, verify all the things and Click on Create user pool.



We have successfully created a Cognito user pool.

Create a User in AWS Cognito User Pool

Now we can create users inside a user pool.

Go to the Users Pool section, and select employee-app-pool pool.



Then select Create user.

Add username and email. Select mark as verified. or not do it.



When the user is created, it is in for change password state, follow the article to reset the user password.



In this article, we have seen how to Create a Cognito user pool in AWS Console and add a new user into the Cognito pool.