Our notes app needs to handle user accounts and authentication in a secure and reliable way. To do this we are going to use Amazon Cognito.
Amazon Cognito User Pool makes it easy for developers to add sign-up and sign-in functionality to web and mobile applications. It serves as your own identity provider to maintain a user directory. It supports user registration and sign-in, as well as provisioning identity tokens for signed-in users.
In this chapter, we are going to create a User Pool for our notes app.
Create User Pool
From your AWS Console, select Cognito from the list of services.
Select Manage your User Pools.
Select Create a User Pool.
Enter Pool name and select Review defaults.
Select Choose username attributes....
And select Email address or phone numbers and Allow email addresses. This is telling Cognito User Pool that we want our users to be able to sign up and login with their email as their username.
Scroll down and select Next step.
Hit Review in the side panel and make sure that the Username attributes is set to email.
Now hit Create pool at the bottom of the page.
Your User Pool has been created. Take a note of the Pool Id and Pool ARN which will be required later. Also, note the region that your User Pool is created in – in our case it's
Create App Client
Select App clients from the left panel.
Select Add an app client.
Enter App client name, un-select Generate client secret, select Enable sign-in API for server-based authentication, then select Create app client.
- Enable username password auth for admin APIs for authentication: required by AWS CLI when managing the pool users via command line interface. We will be creating a test user through the command line interface in the next chapter.
Now select Create app client.
Your app client has been created. Take note of the App client id which will be required in the later chapters.
Create Domain Name
Finally, select Domain name from the left panel. Enter your unique domain name and select Save changes. In our case we are using
Now our Cognito User Pool is ready. It will maintain a user directory for our notes app. It will also be used to authenticate access to our API. Next let's set up a test user within the pool.
TODO: Add a link to the infrastructure automation with Terraform/CF.
Create a Cognito Test User
In this chapter, we are going to create a test user for our Cognito User Pool. We are going to need this user to test the authentication portion of our app later.
First, we will use AWS CLI to sign up a user with their email and password.In your terminal, run.
$ aws cognito-idp sign-up \--region YOUR_COGNITO_REGION \--client-id YOUR_COGNITO_APP_CLIENT_ID \--username [email protected] \--password Passw0rd!
Now, the user is created in Cognito User Pool. However, before the user can authenticate with the User Pool, the account needs to be verified. Let's quickly verify the user using an administrator command.In your terminal, run.
$ aws cognito-idp admin-confirm-sign-up \--region YOUR_COGNITO_REGION \--user-pool-id YOUR_COGNITO_USER_POOL_ID \--username [email protected]
Now our test user is ready. Next, let's set up the Serverless Framework to create our backend APIs.