User Access Management: Amazon Cognito

Every app we build is designed for multiple users, which means we need a secure, scalable solution to manage the users and control access. From user directories and passwords to authentication at sign-in, we need a stable, proven system to take care of this. As we use the AWS stack for the majority of our projects, we have built our own user access management system using the Amazon Cognito developer kit.

What Is Cognito & What Does It Do?

Amazon define Cognito as follows:

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.


The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services. You can use identity pools and user pools separately or together.

Uses of Cognito

We have found that the features offered by Cognito are required by virtually every bespoke project we create. In previous projects, we have used it for:

  • Sign Up Features
  • Login Features
  • Guest Logins
  • Multi-Factor Authentication including Phone Numbers
  • Setting Password Policies/Requirements
  • User Profiles
  • User Directory Management
  • OpenID Connect Identities
  • Lambda-Controlled Workflows
  • S3/DynamoDB Access (Permanent & Temporary)

Benefits of Using Cognito

When our developers were asked about the biggest benefit of using Cognito, the reply was near unanimous: it’s better to use a tried and tested solution which is constantly updated, used by millions and has been proven to work, rather than build your own and maintain it in future.

Cognito is easy to connect with many libraries and frameworks, using the Amplify module. Amplify also automatically checks user login status, encrypts and secures data, and performs many other functions. Cognito links up really well with the other services in the AWS suite, and is able to be integrated with many other third-party services too.

Another positive which is often overlooked is that Amazon Cognito has immense security compliance. They are continually achieving validation for thousands of compliance requirements across the globe. To learn more about this in detail, click here.

There are additional security functions and features built into Cognito, such as throttling and refresh tokens, which can mitigate brute force attacks or revoke access in the event of hacking. This provides even more peace of mind.


While there are many alternatives to Amazon Cognito, such as Azure Active Directory, Okta and more, we have settled on Cognito being the best one for our use. It has an extensive feature set, is security compliant on a massive scale, and ties in neatly with the tech stack we already use.

If you’d like to learn more about user access management, Cognito, or how we can use this technology in a custom project for your business, contact us now for a free consultation.