Menu
Sign In to the Console
Amazon Cognito
Developer Guide (Version Last Updated: 07/28/2016)

Setting Up Amazon Cognito

You can obtain an identity, get credentials, and start syncing data or interacting with other AWS services from your app with a few steps.

Topics

Sign Up for AWS

To use Amazon Cognito, you need an AWS account. If you don't already have one, use the following procedure to sign up:

To sign up for an AWS account

  1. Open https://aws.amazon.com/, and then choose Create an AWS Account.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.

Creating a Pool in Amazon Cognito

You must create a user pool or an identity pool to obtain AWS credentials using Amazon Cognito Identity as your credential provider. Using a credential provider allows your application to access AWS services without having to embed your private credentials in your application. This also allows you to set permissions to control which AWS services your users have access to.

Amazon Cognito offers two options for managing user credentials: you can create Your User Pool using Amazon Cognito Identity, or you can create an identity pool using Federated Identities, such as a Facebook or Google login provider.

User pools use Amazon Cognito Identity to scale to hundreds of millions of users and provide simple, secure, and low-cost options for you as a developer. For more information see Creating and Managing User Pools.

To create a new user pool for your application

  1. Sign in to the Amazon Cognito console and choose Manage your User Pools.

  2. Follow the steps in the wizard.

    For more information, see Creating and Managing User Pools.

Identity pools use external identity providers such as Facebook, Amazon.com, Google, or Twitter/Digits. An identity pool is a store of user identity data specific to your account. Every identity pool has configurable IAM roles that you can use to specify which AWS services your application’s users can access. Typically, a developer will use one identity pool per application. For more information, see Identity Pools.

To create a new identity pool for your application

  1. Sign in to the Amazon Cognito console, choose Manage Federated Identities, and then choose Create new identity pool.

  2. Type a name for your identity pool, select Enable access to unauthenticated identities, and then choose Create Pool.

  3. Choose Allow to create the two default roles associated with your identity pool–one for unauthenticated users and one for authenticated users. These default roles provide your identity pool access to Amazon Cognito Sync. You can modify the roles associated with your identity pool in the IAM console. For additional instructions on working with the Amazon Cognito console, see Using the Amazon Cognito Console.

After you have set up your identity pool, see Amazon Cognito Identity: Using Federated Identities.

Install the Mobile SDK

To use Amazon Cognito, you must install and configure the AWS Mobile SDK. For more information, see the following topics: