Create a new application in the Amazon Cognito console - Amazon Cognito
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create a new application in the Amazon Cognito console

User pools add authentication options to software applications. For the easiest getting-started experience, step into the Amazon Cognito console and follow the instructions there. The creation process there guides you not only through setup of user pool resources, but through setting up the initial pieces of your application.

When you're ready to begin, navigate to the Amazon Cognito console and select the button to create a new user pool. The setup process will guide you through your configuration and programming-language options.

To create Amazon Cognito resources for your application
  1. Navigate to the Amazon Cognito console.

  2. Select Create user pool from the User pools menu, or select Get started for free in less than five minutes.

  3. Under Define your application, choose the Application type that best fits the application scenario that you want to create authentication and authorization services for.

  4. In Name your application, enter a descriptive name or proceed with the default name.

  5. You must make some basic choices under Configure options that support settings that you can't change after you create your user pool.

    1. Under Options for sign-in identifiers, tell us how you want to identify users when they sign in. You can prefer user-generated usernames, email addresses, or phone numbers. You can also allow a combination of multiple options. Amazon Cognito accepts the options that you configure here in the username field of managed login sign-in forms.

    2. Under Required attributes for sign-up, tell us what user information you want to collect when users register for a new account. In managed login pages, Amazon Cognito presents prompts for all required attributes.

      Options for sign-in identifiers influences your required attributes. Username requires email or phone attributes for each user so that they can receive a password-reset code in an email or SMS message. Email requires the email attribute, and Phone number requires the phone number attribute.

  6. Under Add a return URL, enter a redirect path to your application for after users complete authentication. This location should be a route in your application that uses OpenID Connect (OIDC) libraries to process user-authentication outcomes.

  7. Choose Create your application. Amazon Cognito creates a user pool and app client with default settings for your application type. You can configure additional options like external identity providers and multi-factor authentication (MFA) after you create your initial resources.

  8. On the Set up your application page, you can immediately get code examples for your application. To explore your new user pool, scroll down and select Go to overview.

  9. To add more applications in the same user pool, navigate to the App clients menu and add a new app client. This will repeat the process of application-focused creation, but only add a new app client to the existing user pool.

After you create a user pool and one or more app clients with this process, you can start testing authentication operations with managed login. These quick-start options are open to public self sign-up. We recommend that you create a testing environment with the console process, then move your finalized design to production. Spend time familiarizing yourself with the capabilities of Amazon Cognito. Then, to move to production workloads, craft custom configurations and deploy them with automation tools like Amazon CloudFormation and the Amazon Cloud Development Kit (Amazon CDK).

Amazon Cognito makes some default configurations in this process that you can't reverse. For more information about user pool settings that you can't change and those options that you can choose in the console, see Updating user pool and app client configuration.

Setting Effect How to change More information
Client secret Requires a client secret hash in authentication requests. Create a new app client with a Traditional web application or Machine-to-machine application profile. Application-specific settings with app clients
Preferred username User pool doesn't accept the preferred_username attribute as an alias. Create a user pool programmatically with an Amazon SDK. Customizing sign-in attributes
Case sensitivity User pool usernames are case insensitive, for example JohnD is considered to be the same user as johnd. Create a user pool programmatically with an Amazon SDK. User pool case sensitivity