Twitter LogoFacebook Logo
AWS Cognito
Implementing AWS Cognito
By: King

Hello, in this tutorial, we’ll continue building the Login System using Amazon Cognito, API Gateway, Lambda Function, and the HTTP Requests for Blueprints plugin. 

In the last section, we created the LoginMenu widget that can toggle between the sign in and sign up widgets. It also contains the confirmation screen that will be used to confirm the account. 

Now, we’ll create the Cognito User Pool to store our user accounts and a lambda function to add users to the pool. 

Creating the AWS Cognito Pool

You’ll need an Amazon Developer account. Go to and navigate to the sign in page. 

Sign in if you have an account. Create one if you do not.

Image from

Once there, in the search bar, search for Cognito and select it from the menu. We’ll use Cognito to manage our user accounts.

Image from

Click on “Create user pool.”

Image from

For the Authentication providers, select “Email.” 

Image from

As you get more used to using Cognito, you can select the other options as well. 

Click “Next.”

For the Password Policy, you can specify what rules you want for the password. For now, leave it as it is. 

In the Multi-factor authentication section, select no MFA.

In User account recovery, make sure it is enabled and click “Next.” 

Image from

For Self-service sign-up, make sure it is enabled as well. 

In Attribute verification, allow auto send messages and click “Next.”

Image from

For the Email section, you should have Amazon SES configured if your app is going to production. For now, select the Send email with Cognito option and click “Next.”

Image from

Name the User pool.

Image from

Disable Cognito Hosted UI. 

Image from

For the Initial App client section, select the Public client option. This will allow us to use the AWS SDK to perform the self-registration commands. 

Give the App client a name and make sure the Don’t generate a client secret checkbox is selected. 

Image from

Then enter a callback url. For us, we can put anything we want. 

Image from

Expand the Advanced app client settings section. Disable all the Authentication flows selected and select the ALLOW_USER_PASSWORD_AUTH option. 

Scroll down and click “Next.”

Image from

Review everything and click “Create user pool” to complete the process.

Creating the lambda

Now that we have a User Pool, we can manage our users and begin creating the lambda functions.

In the search bar at the top, search for Lambda, right click on it in the menu and open in a new tab. 

Image from

Create a new function by clicking on the Create function button. 

Give the lambda a name like CreateAccount

Then set the Runtime to Node.js. You can use the other supported runtimes as well, but I’ll be using Node.js.

Click Create function to complete the process. 

For those who do not know what a Lambda function is, it is just a function that executes code when it is triggered. 

We’ll use the API Gateway later in the series to trigger it.

For this function, we want to create a user in Cognito. Lucky for us, Amazon Web Services provided an SDK that is included within the Lambda function we can use to connect with Cognito and perform commands on it.

If we take a look at their documentation we can use the SDK for a lot of other services 

If we search for Cognito, we can see a few of them. The one we want is the cognito-identity-provider.

Image from

In here, we can see how to use the functions in the SDK. Search for SignUp and hit enter a couple of times. 

You should see the documentation for the SignUp command. 

Expand it and click on Command API Reference.

Image from

If we look at the description, this command is used to register a user for Cognito. If we scroll down, we can see how to use it. 

Copy the import line and paste it at the top of the lambda function.

import { CognitoIdentityProviderClient, SignUpCommand } from "@aws-sdk/client-cognito-identity-provider"; 

Now go back to the documentation. 

Copy everything else and paste it inside the lambda function. 

const client = new CognitoIdentityProviderClient(config);
const input = { // SignUpRequest
  ClientId: "STRING_VALUE", // required
  SecretHash: "STRING_VALUE",
  Username: "STRING_VALUE", // required
  Password: "STRING_VALUE", // required
  UserAttributes: [ // AttributeListType
    { // AttributeType
      Name: "STRING_VALUE", // required
      Value: "STRING_VALUE",
  ValidationData: [
      Name: "STRING_VALUE", // required
      Value: "STRING_VALUE",
  AnalyticsMetadata: { // AnalyticsMetadataType
    AnalyticsEndpointId: "STRING_VALUE",
  UserContextData: { // UserContextDataType
    IpAddress: "STRING_VALUE",
    EncodedData: "STRING_VALUE",
  ClientMetadata: { // ClientMetadataType
    "<keys>": "STRING_VALUE",
const command = new SignUpCommand(input);
const response = await client.send(command);

For the client, replace config with a pair of curly brackets and put region, colon, and the region you are in.

const client = new CognitoIdentityProviderClient({region: "us-east-1"});

Inside the input object, remove everything except for ClientId, Username, and Password.

const input = { 
   ClientId: "", // required
   Username: "", // required
   Password: "", // required

The ClientId is for a Cognito User pool app client id. 

To get it for the one that was created earlier, search for Cognito in the search bar at the top. 

Right click on it in the menu and open in a new tab. 

Select the User pool. 

Go to App integration and scroll down to the App clients section.

Select the app client and use the client id in the lambda function. 

Image from

For the username, type event, followed by square brackets, and put “username” inside them. 

The password would be the same but with “password” inside.

Username: event["username"], // required
Password: event["password"], // required

When the lambda gets triggered, we’ll get an object that contains information like the username and password. You’ll see how we can use API Gateway to add the username and password to the event object later in the video.

Save the code and deploy it. 

Testing the lambda

To test, click on the arrow next to the test button and select Configure test event. 

Image from

Give the event a name like SignUpTest. Then edit the JSON by setting the first property to username and use a valid email you want to test with. For the next property, replace it with password and use a random password. 

Image from

Click Save and then run the test.

You can see that the test was successful because we received a 200-status code.

Image from

If we navigate to our user pool’s dashboard and click on the “Users” tab, we should see our account. 

If we check the inbox of the account, you can find an email from our user pool with a confirmation code.

That’s all for this tutorial. In the next tutorial, we’ll create another lambda function to confirm the account so we can log in with it.

Sign In