Amazon provides identity and access management services, under the product name of Cognito.

“Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.”

Amazon Website

Functionality Key Facts

  • Cognito User Pools – secure and scaleable user directory; a managed service directory capable of scaling to millions of entries
  • Social & Enterprise Federation – bring your own identity from social providers such as Google, Facebook and of course Amazon, as well as enterprise services such as Active Directory via an outbound SAML connection
  • Standards Based Authentication – support for the table stakes protocols such as OAuth2, OpenID Connect and SAML2
  • Security Compliance – looking to attract organisations with compliance needs, with support for the likes of PCI-DSS, HIPAA, ISO27001 and ISO9001
  • Centralised AWS Access Management – look to control access to AWS resources via attribute and role based access control
  • Rapid Integration Options – accelerate service integration to client applications with customised user interface options


Public Case Studies

9 public case studies appear from the AWS website case studies micro-site, that focus on Cognito. The below are some that explicitly call out the use of Cognito within their projects:

  • Siemens Junelight Smart Battery – smart battery technology researched in 2016 and looking for a rapid prototype go-to-market. Leveraged AWS IoT and API security features along with Cognito for user management. Major benefit being rapid time to value and startup times, to allow for quick testing of the new solution.
  • Avazu Internet Advertising – mobile and distributed advertising agency. The parent company, leveraged Cognito for mobile registration and login for their apps, in order to provide BYOI social identity integration use cases. Over 200 apps integrated.
  • Concrete Software – mobile games software developer. Used Cognito to save user data and perform cross device state replication, without having to build the infrastructure themselves

Release Note Changes 2018-2020

Cognito is a SaaS service, which could indicate frequent roll outs of new functionality, bug fixes and features. AWS is also relatively new (launched in 2014), so it would be expected that big leaps in use case completion would occur.

The following is a brief review of changes to the service between 2018 and February 2020, as taken from the developer notes document change history:

ChangeDescriptionDate
Username case insensitivity updateAdded recommendation about enabling username case insensitivity before creating a user pool.February 11, 2020
New information about AWS AmplifyAdded information about integrating Amazon Cognito with your web or mobile app by using AWS Amplify SDKs and libraries. Removed information about using the Amazon Cognito SDKs that preceded AWS Amplify.November 22, 2019
New attribute for user pool triggersAmazon Cognito now includes a clientMetadata parameter in the event information that it passes to the AWS Lambda functions for most user pool triggers. You can use this parameter to enhance your custom authentication workflow with additional data.October 4, 2019
Updated limitThe throttling limit for the ListUsers API action is updated. For more information, see Limits in Amazon Cognito.June 25, 2019
New limitThe soft limits for user pools now include a limit for the number of users. For more information, see Limits in Amazon Cognito.June 17, 2019
Amazon SES email settings for Amazon Cognito user poolsYou can configure a user pool so that Amazon Cognito emails your users by using your Amazon SES configuration. This setting allows Amazon Cognito to send email with a higher delivery volume than is otherwise possible. For more information, see Email Settings for Amazon Cognito User Pools.April 8, 2019
Tagging supportAdded information about tagging Amazon Cognito resources.March 26, 2019
Change the certificate for a custom domainIf you use a custom domain to host the Amazon Cognito hosted UI, you can change the SSL certificate for this domain as needed. For more information, see Changing the SSL Certificate for Your Custom Domain.December 19, 2018
New limitA new limit is added for the maximum number of groups that each user can belong to. For more information, see Limits in Amazon Cognito.December 14, 2018
Updated limitsThe soft limits for user pools are updated. For more information, see Limits in Amazon Cognito.December 11, 2018
Documentation update for verifying email addresses and phone numbersAdded information about configuring your user pool to require email or phone verification when a user signs up in your app. For more information, see Verifying Contact Information at Sign-Up.November 20, 2018
Documentation update for testing emailsAdded guidance for initiating emails from Amazon Cognito while you test your app. For more information, see Sending Emails While Testing Your App.November 13, 2018
Amazon Cognito Advanced SecurityAdded new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against compromised credentials, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt.June 14, 2018
Custom Domains for Amazon Cognito Hosted UIAllow developers to use their own fully custom domain for the hosted UI in Amazon Cognito User Pools.June 4, 2018
Amazon Cognito User Pools OIDC Identity ProviderAdded user pool sign-in through an OpenID Connect (OIDC) identity provider such as Salesforce or Ping Identity.May 17, 2018
Amazon Cognito Developer Guide UpdateAdded top level “What is Amazon Cognito” and “Getting Started with Amazon Cognito”. Also added common scenarios and reorganized the user pools TOC. Added a new “Getting Started with Amazon Cognito User Pools” section.April 6, 2018
Amazon Cognito Lambda Migration TriggerAdded pages covering the Lambda Migration Trigger featureFebruary 8, 2018

Leave a Reply

Your email address will not be published. Required fields are marked *