Techso FR

AWS, going further with Cognito


There is a lot of services offered by AWS, but most people use only S3 (file storage), EC2 (virtual machine) or RDS (database). In this article, we will discover AWS Cognito, a simple but yet powerful authentication system.

Cognito is an authentication system offered by AWS. It allows you to register/authenticate your users using social networks, Google/Apple account, Github, LDAP or simply by username/password. The service can be divided into two parts: UserPool and IdentityPool. The first one is a user group, this is where all the users of saved, the second one allows unauthenticated users (Guest) to access your product.

The main advantage of using AWS Cognito is that you don’t have to manage login security and your user’s privacy, Cognito is doing it for you! In addition, it also offers you the possibility of letting your users use an SSO (Single Sign-On) from an X provider such as Twitter, Facebook, Google, etc. And finally, Cognito is very configurable.

When we say configurable, we mean it. If you don’t have a server to store your user’s details Cognito can do it for you. By default, you can ask the users their physical address, email, phone number, name, etc. but you can also go further by defining your field that will be stored in the Cognito system. So yes, Cognito is a solution that can be used with a serverless product.

Like we said above, Cognito offers multiple authentication methods, if you choose to authenticate your users using a username/password or a temporary password (password sent to the user by email or SMS each time it wishes to login), your users will receive messages from Cognito. By default, these messages are in English and completely neutral but you can customize them using AWS Lambda. Each action on Cognito will create an event that can will trigger a Lambda, allowing you to add more logic in your system or when it’s sending a message, allowing you to customize it!

Finally, there is one last thing important to say. As of today the security of your products and systems is a day to day concern for your users. And this is not because someone knows the right password linked to the right username that they are who they say. So to add another layer of security, AWS Cognito allows you to enable Multi-Factor Authentication (MFA or 2FA) by SMS or TOTP (Time-Based One Time Password).

Let’s do a quick recap of the advantages of using AWS Cognito:

  • it is faster to set up than a homemade solution
  • it’s offering various choices of authentication methods like using a Google/Apple account, using SMS, social networks or simply username/password
  • you can customize the messages sent to the user easily
  • it supports multi-factor authentication (MFA)

The list above is only a part of what is offered by Cognito so be curious! Hope to have made you want to discover AWS Cognito for your projects.