Creating a User Pool in AWS Cognito

Lab Details

  1. This lab walks you through the steps to Creating a User Pool in AWS Cognito through all the detailed Settings.
  2. Duration: 30 minutes
  3. AWS Region: US East (N. Virginia) us-east-1


  1. Log into AWS Management Console.
  2. Create a User Pool in AWS Cognito.
  3. We will navigate to Steps through each setting to make your choices to understand the settings in a detailed manner.
  4. We will go through the Attributes.
  5. We will walk through the Policies, MFA and Verification.
  6. We will go through the Message Customizations, finally Review and create a User Pool.

Architecture Diagram

Lab Steps

Task 1: Launching Lab Environment

  1. Launch lab environment by clicking on . This will create an AWS environment with the resources required for this lab.
  2. Once your lab environment is created successfully,  will be active. Click on , this will open your AWS Console Account for this lab in a new tab. If you are asked to logout in AWS Management Console page, click on the here link and then click on  again.
  3. If you have logged into other aws accounts in the same browser, after clicking on the , you will be redirected to a page asking you to logout from the other aws account. 


Note : If you have completed one lab, make sure to sign out of the AWS account before starting a new lab. If you face any issues, please go through FAQs and Troubleshooting for Labs.

Task 2: Creating a User Pool

  1. Navigate to Cognito by clicking on the  menu at the top, click on Cognito under the section.
  2. Make sure you are in the US East (N. Virginia) us-east-1 Region. Click on Manage User Pools.
  1. Click on Create a User Pool.

Task 3: Name and Attributes

  1. Give your User Pool a descriptive name, (which is required for the identitiy). We’ll use whizlabs..
  2. We choose Step through settings to make each setting our own choice as shown below.
  1. In the Attributes page, we can mention how a user could perform a sign in.
  2. You can choose to have users sign in with an email address, phone number, username or preferred username plus their password.
  3. Here we choose Email address or Phone number, where Users can use an email address or phone number as their username to sign up and sign in. Here, choose Allow email addresses.
  1. We can choose the Standard Attributes, which will be required while performing a sign up. Here, we choose Email, Name, Preferred Username, Phone Number which are required to perform a signup.
  2. We can also customize our attributes that are required while signup by clicking Add another attribute
  3. Click on 

Task 4: Policies

  1. We give the Minimum Password Strength and can add the required parameters like numbers, lowercase, uppercase and special characters. Here, we select all the parameters.
  2. You can choose to only allow administrators to create users or allow users to sign themselves up.
  3. We choose the allow users to sign themselves up where the users can sign up themselves without administrator interference.
  4. As as admin, you can configure when temporary passwords should expire. This includes accounts created by administrators i.e if you choose only allow administrators to create users. Here, we can leave the option as we don’t select it.
  1. Click on 

Task 5: MFA and Verifications

  1. Multi-Factor Authentication (MFA) increases security for your end users. Phone numbers must be verified if MFA is enabled. We choose off for this lab.
  2. Account Recovery: When a user forgets their password, they can have a code sent to their verified email or verified phone to recover their account. You can choose the preferred way to send codes below. Here, we choose Email only.
  1. Verification requires users to retrieve a code from their email or phone to confirm ownership. Verification of a phone or email is necessary to automatically confirm users and enable recovery from forgotten passwords. In this case, we choose Email.
  1. Define Role: Amazon Cognito needs your permission to send SMS messages to your users on your behalf. We do not create any Role as we are marking MFA off. We will leave it as is.
  2. Click on 

Task 6: Message Customizations

  1. You can send emails from an SES verified identity. Before you can send an email using Amazon SES, you must verify each identity that you’re going to use as a From, Source, Sender, or Return-Path address to prove that you own it. For now, we leave it blank.
  2. Amazon SES Configuration: Cognito will send emails through your Amazon SES configuration. Select Yes if you require higher daily email limits otherwise select No. Here, we select No – Use Cognito (Default).
  1. Verification Type: You can choose to send a code or a clickable link and customize the message to verify email addresses. We keep it default as code.
  1. User Invitation messages: We can customize the SMS message, Email subject and Email message as how you want the text to be delivered to the user.
  1. Click on 

Task 7: Tags: 

  1. You can create new tags by entering tag keys and tag values.
  • Tag Key:     Enter Name
  • Tag Value:  Enter MyUserPool 
  1. Click on 

Task 8: Devices

  • We can choose to remember our User’s devices. Here, we choose No and click on 

Task 9: App Client

  1. The app clients that we add will be given a unique ID and an optional secret key to access this user pool. We are not using any App Client here, so we proceed to the 

Task 10: Customize Workflows

  1. You can make advanced customizations with AWS Lambda functions. Pick AWS Lambda functions to trigger with different events if you want to customize workflows and user experience. 
  2. You can go through all the Events. We skip this and proceed to 

Task 11: Review: 

  • Review all the settings and click on Create Pool as shown below.
  • You’ll get a message as Your user pool was created successfully.
  • On the Top left, click on User Pools to see Your User Pools.
  • Navigate to Cognito, click on Users and groups to navigate to the Users page as shown below.
  • Here, we can start creating Users and Groups.
  • From an Administrative perspective, if we have an application, the application would then invoke the Amazon Cognito to create User itself.

Task 12: Validation Test

  1. Once the lab steps are completed, please click on the  button on the right side panel.
  2. This will validate the resources in the AWS account and displays whether you have completed this lab successfully or not.
  3. Sample output : 

Completion and Conclusion

  1. You have successfully used AWS management console to create a User Pool.
  2. You learned how to use each setting in a detailed manner.
  3. You learned how to do settings for Policies, MFA and Verifications.