Create Cognito User Pool and App Client

Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. As a fully managed service, User Pools are easy to set up without any worries about standing up server infrastructure. Amazon Cognito User Pools is a standards-based Identity Provider and supports identity and access management standards, such as Oauth 2.0, SAML 2.0, and OpenID Connect.

In this module, you will create Amazon Cognito User Pool and Application Client that will be used to Sign-Up users and handle Authentication in accessing microservice APIs.

  1. In the AWS Management Console choose Services then search Cognito
  2. Choose Manage User Pools
  3. You should see an already created Cognito User Pool for you to use to secure your APIs with the name real world microservice user pool
  4. Click on real world microservice user pool to see the details

  1. Go to App clients under General Settings
  2. Copy the App client id for microservice web client - You will this to get the JWT Token to invoke your microservice APIs

Only complete this section if you do NOT see User Pool with name real world microservice user pool in Amazon Cognito

Create Amazon Cognito User Pool

  1. In the AWS Management Console choose Services then search Cognito
  2. Choose Manage User Pools
  3. Click on Create a User Pool
  4. Choose a name for the Pool. We will choose real world microservice user pool
  5. Choose Step through settings
  6. Under How do you want your end users to sign in? choose Email address or phone number
  7. Check email as required for Which standard attributes do you want to require?
  8. Click on Next Step - Policies
  9. Keep all the defaults selected
  10. Click on Next Step – MFA and verifications
  11. Keep all the defaults selected
  12. Click on Next Step to go to Message Customizations
  13. Select No – use Cognito (default) for Do you want to send emails through your SES configuration
  14. Select Verification Type as Code
  15. Click on Next Step to go to Tags
  16. Click on Next Step and choose the default value for Do you want to remember your user’s devices?
  17. Keep all the defaults and proceed to App Clients
  18. Click on Add an app client to add a new Application client
    • Choose App client name – we will choose microservice web client
    • Uncheck Generate client secret
    • Check Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH) under Auth Flows Configuration
    • Choose Legacy for Prevent User Existence Errors
    • Click on Create app client
    • Ensure you have selected microservice web client as the allowed app client to this user pool.
    • Copy the App Client Id and save in your local file or editor. We will use this to Test our APIs later.
  19. Click on Next Step to Triggers
  20. Keep the default settings
  21. Click on Next Step to Review

u. Click on Create pool to create the Cognito Pool