Your technical guide to AWS Cognito for serverless user authentication

A step-by-step guide to integrating AWS Cognito into your application as a serverless function

CloudUPDATED ON June 5, 2024

Author

Hero image for blog on AWS Cognito step-by-step setup of user management function for serverless apps

A technical guide to integrating AWS Cognito into your application

This article is a technical guide to using AWS Cognito for User Management in an application that leverages serverless functions.

One of the most common components of web applications is a user management system that facilitates sign up, sign in, creation of a user profile and assigning permissions so the user can securely access appropriate application features and functionalities. Serverless architecture, or using serverless functions as part of a microservices architecture, means you don’t have to code common components like a user management system from scratch but can simply integrate a ready-made function.

In this technical guide, we’ll take you through the step-by-step process of integrating AWS Cognito, the world’s largest cloud and serverless provider’s user management system.

Agile & DevOps teams and consultants

Supercharge your next cloud development project!

Serverless user management components

Regardless of the serverless platform they are native to serverless user management functions are all relatively similar and include the following features:

  • Secure authentication and authorisation of the user (sign up, sign in, forgot-change password flow, multi-factor authorization)
  • Out-of-the-box customizable hosted UI or SDK
  • Identity provider federation (single sign on with existing accounts from Amazon, Google, Facebook, Twitter)
  • User migration
  • Flexible app integration with customized authentication flow if needed
  • Cloud resources secured by configuration only
  • Any other integrated server resources secured via token verification (a short code)
  • Scalable to millions of users without having to change anything
  • Single sign on across multiple Apps (register once, one User profile, use for all apps)

A step-by-step guide to integrating AWS Cognito into your application as a serverless function

Let’s walk through the integration process for the AWS Cognito user management component and you’ll see just how easy it can be to configure.

Step 1

First, log in to your AWS account and select Services from the navigation. You’ll find Cognito under the Security, Identity & Compliance category.

AWS Cognito Step-by-Step Set-Up

Step 2

Select the AWS regions in which you want to instantiate the user management component. You should be aiming for geographically proximity to as many of your users as possible.

AWS Cognito step-by-step adding regions

Step 3

Click on ‘Create a User Pool’ and type in name (like TestAppUserPool)

AWS Cognito step-by-step create user pool

Step 4

Click on the Review defaults and Create Pool button in an opened window. Your User Pool has been created.

AWS Cognito step-by-step user pool created

Step 5

Configure a Client Application that will use this user management component (it can be shared between different applications). Make sure you uncheck the Generate Client checkbox.

AWS Cognito step-by-step Client application

Step 6

Configure Client Application settings to integrate the created App Client with your User Pool. Choose callback URL’s for sign in/sign out requests.

AWS Cognito step-by-step integrate created App client

Step 7

Configure a domain name for your User Pool UI, by selecting App Integration->Domain name and typing domain prefix, check availability and save changes.

AWS Cognito step-by-step Configure domain name for User pool UI

That’s it. You have created and configured your first user management serverless function which you can use now in your web application. You can use it to secure your web/mobile application resources with AWS SDK, AWS Amplify and Serverless Framework.

Now check your browser is going to the address:

https://<DOMAIN_NAME>..auth.<AWS_REGION>.amazoncognito.com/login?response_type=code&client_id=<APP_CLIENT_ID>&redirect_uri=<REDIRECT_URL>

DOMAIN_NAME – from step 7

AWS_REGION – from step 7

APP_CLIENT_ID – from step 5

REDIRECT_URL – from step 6

 Sample: (https://mytestappuserpooldomain.auth.eu-central-1.amazoncognito.com/login?response_type=code&client_id=6ka14g4k7vvkqbubga33c2n0g&redirect_uri=https://localhost:4200)

 You should see an AWS User Management login form which can be easily customized to your needs in the UI Customization settings of your AWS Cognito User Pool.

AWS Cognito step-by-step user management login
AWS Cognito step-by-step complete

Try to sign up to your application and after passing through the registration process, which by default is protected with an email verification code (put a real email during registration to see it), sign in and you’ll be redirected to the URL you have chosen at step 6.

AWS Cognito step-by-step set-up complete
There are a lot of configurations available for your User Pool, from required fields and password strength policies to multi-factor authorization and single sign on with different Identity Providers (Twitter, Facebook).

Alternatives to AWS Cognito

There are many alternatives to AWS Cognito as a serverless User Management function. Other serverless platform providers and 3rd party vendors all offer components with almost identical core features and functionalities. Some examples are:

  • Auth0
  • Google IAM
  • Azure Active Directory

They all share similar features and can be considered if your infrastructure means another choice than AWS Cognito is more appropriate (eg. If using Windows Servers – consider the Azure user management service).

We hope this step-by-step guide to the features and configuration of the AWS Cognito User Management component help demonstrate just how powerful and convenient contemporary Serverless components have become

Can K&C help support your next cloud development project?

From our base in Munich, we have established ourselves as one of Germany and Europe’s most trusted nearshore IT outsourcing providers. With over 20 years of experience working with partners that range from blue-chip multinationals to exciting SMEs and start-ups, our German management and nearshored tech talent offers a perfect blend of communication, quality and price point.

We specialise in web, cloud-native and DevOps technologies and offer nearshore team augmentation, dedicated software development teams, consultants and IT recruitment services. We’d be delighted to hear from you regarding any web, serverless and cloud development projects you may need experienced support for. Just drop us a line!

K&C - Creating Beautiful Technology Solutions For 20+ Years . Can We Be Your Competitive Edge?

Drop us a line to discuss your needs or next project