Using the Amazon Cognito domain for the hosted UI - Amazon Cognito
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using the Amazon Cognito domain for the hosted UI

After setting up an app client, you can configure the address for your sign-up and sign-in webpages. You can use the hosted Amazon Cognito domain with your own domain prefix.


To augment the security of your Amazon Cognito applications, the parent domains of user pool endpoints are registered in the Public Suffix List (PSL). The PSL helps your users' web browsers establish a consistent understanding of your user pool endpoints and the cookies they set.

User pool endpoint parent domains take the following formats.

To add an app client and an Amazon Cognito hosted domain with the Amazon Web Services Management Console, see Creating an app client.


Before you begin, you need:

Step 1: Configure a hosted user pool domain

You can use either the Amazon Web Services Management Console or the Amazon CLI or API to configure a user pool domain.

Amazon Cognito console
Configure a domain
  1. Navigate to the App integration tab for your user pool.

  2. Next to Domain, choose Actions and select Create custom domain or Create Amazon Cognito domain. If you have already configured a user pool domain, choose Delete Amazon Cognito domain or Delete custom domain before creating your new custom domain.

  3. Enter an available domain prefix to use with a Amazon Cognito domain. For information on setting up a Custom domain, see Using your own Domain for the hosted UI

  4. Choose Create.


Use the following commands to create a domain prefix and assign it to your user pool.

To configure a user pool domain
  • Amazon CLI: aws cognito-idp create-user-pool-domain

    Example: aws cognito-idp create-user-pool-domain --user-pool-id <user_pool_id> --domain <domain_name>

  • Amazon API: CreateUserPoolDomain

To get information about a domain
  • Amazon CLI: aws cognito-idp describe-user-pool-domain

    Example: aws cognito-idp describe-user-pool-domain --domain <domain_name>

  • Amazon API: DescribeUserPoolDomain

To delete a domain
  • Amazon CLI: aws cognito-idp delete-user-pool-domain

    Example: aws cognito-idp delete-user-pool-domain --domain <domain_name>

  • Amazon API: DeleteUserPoolDomain

Step 2: Verify your sign-in page

  • Verify that the sign-in page is available from your Amazon Cognito hosted domain.


Your domain is shown on the Domain name page of the Amazon Cognito console. Your app client ID and callback URL are shown on the App client settings page.