How to set up User Pool in Amazon Cognito

Go to AWS Management Console. where you will find Amazon Cognito service under Security, Identity & Compliance section.

On the home page of Amazon Cognito, you will find two buttons 1. Manage User Pool, 2. Manage Identity Pool. Click on Manage User Pool.

In the Amazon Cognito user pool section, there is one button named Create User Pool. After clicking on that button, you can see a different section for the creation of the User Pool.

First section: Name where you need to enter the name of your user pool in Pool Name. From the first section, you can directly create a user pool with default settings for this you need to click on Review defaults or if you want to go through every step, click on Step through settings. In this tutorial, I will go through Step through settings.

Second section: Attributes, where you can provide attributes, by using those attributes user will Sign in or Sign up.

How do you want your end-users to sign in?

There are two sections 1. Username 2. Email address or Phone number.

1.Username

Users can use a username and optionally multiple alternatives to sign up and sign in.

· Sign in with verified email address

· Sign in with verified phone number

· Sign in with preferred username (a username that your users can change).

Here, the meaning of the above is that the user could sign in with username as well as with their email or phone which is provided by user at the sign-up time.

2.Email address or Phone number

Users can use an email address or phone number as their “username” to sign up and sign in.

· Email addresses

· Phone numbers

· Both email addresses and phone numbers (users can choose one).

Here mean of above is User could sign in with email or phone number as their username.

Note: Must enable case insensitivity for username input this is recommended.

In Which standard attributes do you want to require?

In this part, there are all standard attributes can be used for to make user profile, but here the attributes you checked will be required for sign-up.

Note: You won’t able to change any attributes once you have created user pool.

In Do you want to add custom attributes?

If you want to add some other attributes or custom attributes then you can add from this part.

Here just you need to select type String or Number, Name of Attribute, Min and Max length, and Mutable or not.

Then click on Next Step.

Third section, you can set up different policies like password policy, user can sign up by themselves, etc.

In What password strength do you want to required?

In this part, set your password policy according to your requirements.

In Do you want to allow users to sign themselves up?

If you want only allow admin to add user, then check “Only allow administrators to create users”. Or Allow users to sign up themselves.

In How quickly should temporary password set by administrators expire if not used?

Set no. of days how long until a temporary password set by an administrator expires if the password is not used.

Then click on Next Step.

Fourth section, in this section you can configure MFA, recover of account if user forgot their password, and verification of attributes, and permissions.

In MFA

Set Option, if you want to individual users can have MFA enabled.

Set Require, if you want every user must use MFA.

Note: Separate charges apply for sending text messages.

In Recover their account

When a user forgets their password, they can have a code sent to their verified email or verified phone to recover their account.

Select one option out of five according to your requirement.

In Permission

Select IAM role to allow send text message.

Then click on Next Step.

Fifth section, this section is regarding messages and text configuration and customization for verification purpose.

In Do you want to customize your email address

If you want to send mail from your particular email address for verification mail.

In Send emails through your Amazon SES Configuration

If there is need to send mail from SES, enable SES in this part and must add ARN in FROM email address in above section.

In Customize email

You can verify user email through Verification Code or Link, select Code or Link according to your requirement.

And you can customize message using HTML tags, but must include {####}.

In Customize text SMS

Same as above.

Then click on Next Step.

Sixth section, add tag as Key and Value to user pool.

Then click on Next Step.

Seventh section, here you can configure to track and remember user’s device. This feature enables developers to remember the devices on which end users sign in to their application. In addition, you can build custom functionality using the notion of remembered devices. For example, with a content distribution application (e.g., video streaming), you can limit the number of devices from which an end user can stream their content.

In Do you want to remember your user’s devices

There two options:

1. Always

a. By selecting this option, every device used by your application’s users is remembered.

2. Use Opt-In

a. By selecting this option, your user’s device is remembered only if that user opts to remember the device. This configuration option enables your users to decide whether your application should remember the devices they use to sign in, though keep in mind that all devices are tracked regardless.

3. No (default)

a. By selecting this option, devices are neither remembered nor tracked.

More details

Tracking and Remembering Devices Using Amazon Cognito Your User Pools | Amazon Web Services

Then click on Next Step

Eighth section, this is regarding app client to access user pool.

In Which app client will have access to this user pool

To create app client, click on Add an app client.

· Enter App client name, according to you require.

· Set Refresh token expiration, Access token expiration, and ID token expiration time as you need. These all tokens mean, Cognito will give token to your application to access aws resources.

· If you use JavaScript SDK with Cognito to authenticate, at that time must uncheck “Generate Client Secret” because JavaScript SDK does not support client secret. Otherwise leave it to default.

· Under Auth Flow Configuration leaves it to default or Check or Uncheck as your requirement.

· In Security Configuration leave it to default.

To set which attributes of Cognito will be read or write by your application, click on Set attribute read and write permission

Check and Uncheck attributes under Readable Attributes and Writeable attributes according to your requirements.

Then click on Next Step.

Nine section, you can configure some Lambda functions on different events. This is optional.

Click on Save Changes to review all configurations of the Amazon Cognito User Pool.

On the Review tab click on Create Pool.

You can check videos also for this.

More content at plainenglish.io