Identity & Access

AWS Cognito

Amazon Cognito — Identity & Access Management Service

Amazon Cognito handles user sign-up, sign-in, and access control for web and mobile applications. It scales to millions of users and supports social identity providers like Google, Facebook, and Apple.

Overview

What is Amazon Cognito?

Cognito provides identity, authentication, and authorization for your applications without requiring custom backend code.

Introduction

Amazon Cognito is made up of two main components: User Pools and Identity Pools. User Pools handle sign-up and sign-in, while Identity Pools grant temporary AWS credentials to access services like S3 and DynamoDB.

Cognito supports multi-factor authentication (MFA), adaptive authentication, custom workflows via Lambda triggers, and it integrates with API Gateway for securing APIs. It is PCI DSS, HIPAA, and SOC compliant, making it suitable for regulated industries.

Architecture

How Cognito Works

End-to-end authentication flow using Cognito User Pools.

1 User Signs Up Creates account with email & password
2 Email Verification Cognito sends 6-digit code via email
3 Cognito User Pool User is stored securely in the directory
4 JWT Tokens Cognito issues ID, Access & Refresh tokens
5 Access Granted User is logged in and can use the app
Features

Key Features

Everything you need to add authentication to your app.

User Pools

Fully managed user directory that scales to millions of users. Supports sign-up, sign-in, and profile management.

Social Login

Let users sign in with Google, Facebook, Amazon, or Apple. Also supports SAML and OIDC identity providers.

Multi-Factor Auth

Add an extra layer of security with SMS or TOTP-based multi-factor authentication.

Lambda Triggers

Customize authentication flows with Lambda functions — custom validation, post-confirmation, pre-token generation, and more.

Identity Pools

Grant temporary AWS credentials to authenticated users so they can access S3, DynamoDB, and other services.

Adaptive Auth

Advanced security features that block suspicious sign-in attempts and require additional verification based on risk.

Use Cases

Real-World Examples

Cognito powers authentication for millions of users across industries.

Disney+ Hotstar

Disney+ Hotstar uses Cognito to manage millions of subscriber accounts, handling sign-ups, password resets, and social login via Google and Facebook.

Airbnb

Airbnb uses Cognito for guest and host authentication, including multi-factor authentication for high-value accounts and property managers.

Electronic Arts (EA)

EA uses Cognito to authenticate players across their gaming platforms, handling millions of concurrent sign-in requests during game launches.

Pricing

Cognito Pricing

Free Tier includes 50,000 MAUs (Monthly Active Users). After that, affordable per-user pricing.

50K
Free MAUs / month
$0.0055
per MAU (next 100K)
$0.0025
per MAU (100K+)
Social
Login Supported