Document history for Amazon Cognito
The following table describes important additions to the documentation for Amazon Cognito. We also make frequent minor updates to the documentation in response to the feedback that you send. To submit feedback, locate the Feedback link at the bottom of any page in Amazon Cognito documentation.
| Change | Description | Date |
|---|---|---|
The getting started experience with Amazon Cognito user pools has a new console design and application options. | November 21, 2024 | |
Updated the billing model for user pools. Advanced security features are now threat protection. Components in the advanced security features license are now in the Essentials and Plus feature plans. | November 21, 2024 | |
Launched managed login, an update to the hosted UI. | November 21, 2024 | |
You can now sign in to Amazon Cognito user pools with passkeys and one-time passwords. | November 21, 2024 | |
Updated information about
| Moved AWS Key Management Service operations in the AWS managed policy for scope-down of unauthenticated identities from inline policy to AWS managed policy. | November 1, 2024 |
You can now add a username hint to authorization requests for the hosted UI, OIDC IdPs, and Google IdPs. | October 3, 2024 | |
You can now send multi-factor authentication (MFA) codes by email message with advanced security features. | September 12, 2024 | |
Modified titles, removed unneeded content, added scenario-based intros, moved user pools OIDC & hosted UI endpoints reference to user pools section. | September 9, 2024 | |
Updated information about
| The AWS managed policy for scope-down of unauthenticated identities in identity pools now permits Amazon Location Service. | August 9, 2024 |
New threat prevention for custom authentication with Lambda triggers and enhanced threat detection. | You can now analyze custom authentication sign-in with threat protection and apply adaptive authentication responses. Threat protection also now analyzes sign-in traffic for impossible geographical distance between attempts. | August 8, 2024 |
New advanced security features for password reuse prevention and user-activity log export. | You can now export user activity logs and set a password-history policy with advanced security features in Amazon Cognito user pools. | August 6, 2024 |
You can now create Amazon Cognito resources in the Canada West (Calgary)and Asia Pacific (Hong Kong) Regions. | July 9, 2024 | |
Improved description of application behavior for advanced security | Updated information about device context data for advanced security adaptive authentication. | June 10, 2024 |
Added support for complex objects in pre token Lambda trigger | You can now add arrays and JSON objects to ID and access token claims. | May 30, 2024 |
Updated information about Verified Permissions and Amazon Cognito. | Amazon Verified Permissions now has more direct integration with Amazon Cognito. | May 15, 2024 |
In some AWS Regions without Amazon SES, Amazon Cognito user pools load balance email between two remote Regions. | May 10, 2024 | |
Added information about M2M authorization and managing costs. | Learn how to use client credentials grants for machine-to-machine (M2M) use cases with Amazon Cognito user pools. | May 9, 2024 |
Amazon Cognito is now available in the Europe (Spain) and Asia Pacific (Hyderabad)
AWS Regions. | You can now create Amazon Cognito resources in the Europe (Spain) and Asia Pacific (Hyderabad) Regions. | April 15, 2024 |
Amazon Cognito is now available in the Asia Pacific (Melbourne) AWS Region. | You can now create Amazon Cognito resources in the Asia Pacific (Melbourne) Region. | April 4, 2024 |
Added an example Android app in Flutter for Amazon Cognito user pools. | You can build a starter mobile app for Amazon Cognito from an example Flutter application on GitHub. | April 4, 2024 |
Expanded content for getting started, common scenarios, multi-tenant best practices, and accessing resources after sign-in. | April 1, 2024 | |
Amazon Cognito is now available in the Europe (Zurich) AWS Region. | You can now create Amazon Cognito resources in the Europe (Zurich) Region. | March 14, 2024 |
Amazon Cognito is now available in the Middle East (UAE) AWS Region. | You can now create Amazon Cognito resources in the Middle East (UAE) Region. | March 8, 2024 |
You can now sign SAML requests, encrypt SAML responses, and set up IdP-initiated SAML SSO. | February 1, 2024 | |
You can now purchase additional capacity for Amazon Cognito request-rate quotas. | January 25, 2024 | |
Amazon Cognito identity pools support request rates in Service Quotas. | You can now monitor requests-per-second (RPS) quotas for Amazon Cognito identity pools and request increase in the Service Quotas console. | December 19, 2023 |
Added a new feature for customization of the contents of access tokens. | You can now add, modify, and remove claims and scopes in user pool access tokens. | December 12, 2023 |
Clarity edits and corrections to Application-specific settings with app clients and Scopes, M2M, and APIs with resource servers. Removed legacy console instructions. | November 14, 2023 | |
New content about the use of device keys and device SRP authentication. | October 18, 2023 | |
Removed user pools console reference and redistributed topics within related subjects, and added guidance to tab-based organization in Amazon Cognito console. | August 30, 2023 | |
Added a visual overview of the user pool Login endpoint and emphasized starting authentication with Authorize endpoint. | August 30, 2023 | |
Amazon Cognito is now available in the Asia Pacific (Osaka) and Israel (Tel Aviv) AWS Regions. | You can now create Amazon Cognito resources in the Asia Pacific (Osaka) and Israel (Tel Aviv) Regions. | August 30, 2023 |
Introduced information about authorization for Amazon Cognito with Amazon Verified Permissions. | In your app, you can invoke the Verified Permissions API to produce access decisions from a central authority. | August 1, 2023 |
Added a new feature for logging user pool detailed user activity to Amazon CloudWatch Logs. | You can now log email and SMS message delivery errors to CloudWatch log groups. | August 1, 2023 |
Updated information about AWS managed policy for identity pool guest users. | Permissions scope-down for identity pool guest users now includes both an inline session policy and an AWS managed session policy. | May 16, 2023 |
Content improvement and new console instructions for Amazon Cognito identity pools. | Added new console walkthroughs to reflect the new console experience, improved code integration details for identity pools. | May 16, 2023 |
Additions and improvements to service homepage and user pools homepage. | Updated overview pages for Amazon Cognito and user pools. | May 16, 2023 |
Updated example tokens, added new information about verifying tokens. | February 16, 2023 | |
You can now log Amazon Cognito identity pools data events in AWS CloudTrail. | CloudTrail supports the selection of Amazon Cognito identity pools high-volume API operations in trails that log data events. | February 15, 2023 |
Lambda trigger examples are updated to JavaScript version 3. You can now directly correlate Lambda triggers to API actions. | January 31, 2023 | |
Amazon Cognito identity pools apply an AWS managed policy to unauthenticated sessions. | Identity pool users who authenticate using the enhanced flow now have an additional AWS managed policy applied to their session. | January 31, 2023 |
This guide now includes example code for your Amazon Cognito app in a variety of programming langages. | January 23, 2023 | |
Added information about API models and authentication with Amazon Cognito user pools. | Amazon Cognito user pools have multiple API interfaces and formats for request authorization. | December 15, 2022 |
Amazon Cognito is now available in the Europe (Milan) AWS Region. | You can now create Amazon Cognito user pools in the Europe (Milan) Region. | December 6, 2022 |
When you create a new user pool with the AWS Management Console, it's now protected against deletion by default. | October 20, 2022 | |
Added a user guide for the hosted UI, and information about TOTP MFA in the hosted UI. | Your users can now register a TOTP MFA device in the Amazon Cognito hosted UI. You can now preview the default hosted UI. | September 8, 2022 |
You can now associate a AWS WAF web ACL with a Amazon Cognito user pool. | August 3, 2022 | |
Amazon Cognito now logs federation and hosted UI requests to your trail. | June 15, 2022 | |
You can now choose whether your user must verify a new email address or phone number before they can sign in with it. | June 9, 2022 | |
Updated federation documentation. New IP address propagation feature. | Updated walkthroughs for setting up user pool social IdPs. Added information about federated user profiles and attribute mapping. Added new information about device fingerprints for advanced security. | May 31, 2022 |
Sign in federated users without interaction with the hosted UI | Added a new page about how to bookmark applications so that Amazon Cognito silently directs users to federated sign-in. | May 29, 2022 |
In-Region SMS and email messaging for Amazon Cognito user pools | You can now use Amazon Simple Notification Service for SMS messages and Amazon Simple Email Service for email messages in the same AWS Region as your user pool. | March 14, 2022 |
Added and clarified resource and request-rate quotas. | January 10, 2022 | |
Updated instructions to create and manage user pools in the updated Amazon Cognito console. | November 18, 2021 | |
You can use the RevokeToken operation to revoke a refresh token for a user. | June 10, 2021 | |
Added best practices for multi-tenant applications. | March 4, 2021 | |
Amazon Cognito Identity Pools provide attributes for access control (AFAC) as a way for customers to grant users access to AWS resources. Authorization can be done based on users' attributes from the identity provider which they used to federate with Amazon Cognito. | January 15, 2021 | |
Custom SMS Sender Lambda Trigger and Custom Email Sender Lambda Trigger | The Custom SMS Sender Lambda Trigger and Custom Email Sender Lambda Trigger allow you to enable a third-party provider to send email and SMS notifications to your users from within your Lambda function code. | November 30, 2020 |
Updated expiration information was added to Access, ID, and Refresh tokens. | October 29, 2020 | |
Service Quotas are available for Amazon Cognito category quotas. You can use the Service Quotas console to view quota usage, request a quota increase, and create CloudWatch alarms to monitor your quota usage. As part of this change the Available CloudWatch Metrics for Amazon Cognito User Pools section was updated to reflect the new information. The new section name is: Tracking quotas and usage in CloudWatch and Service Quotas | October 29, 2020 | |
Quota categories are available to help you monitor quota usage and request an increase. The quotas are grouped into categories based on common use cases. | August 17, 2020 | |
Amazon Cognito is now supported in the AWS GovCloud (US) Region. | May 13, 2020 | |
New service-linked role was added. Instructions were updated on "Using Amazon Pinpoint Analytics with Amazon Cognito User Pools". | May 13, 2020 | |
The Security chapter can help your organization get in-depth information about both the built-in and the configurable security of AWS services. Our new chapters provide information about the security of the cloud and in the cloud. | April 30, 2020 | |
Amazon Cognito Identity Pools now supports Sign in with Apple | Sign in with Apple is available in all regions where Amazon Cognito operates, except cn-north-1 region. | April 7, 2020 |
Added version selection to Facebook API. | April 3, 2020 | |
Added recommendation about enabling username case insensitivity before creating a user pool. | February 11, 2020 | |
Added information about integrating Amazon Cognito with your web or mobile app by using AWS Amplify SDKs and libraries. Removed information about using the Amazon Cognito SDKs that preceded AWS Amplify. | November 22, 2019 | |
Amazon Cognito now includes a | October 4, 2019 | |
The throttling limit for the ListUsers API action is updated. | June 25, 2019 | |
The soft limits for user pools now include a limit for the number of users. | June 17, 2019 | |
You can configure a user pool so that Amazon Cognito emails your users by using your Amazon SES configuration. This setting allows Amazon Cognito to send email with a higher delivery volume than is otherwise possible. | April 8, 2019 | |
Added information about tagging Amazon Cognito resources. | March 26, 2019 | |
If you use a custom domain to host the Amazon Cognito hosted UI, you can change the SSL certificate for this domain as needed. | December 19, 2018 | |
A new limit is added for the maximum number of groups that each user can belong to. | December 14, 2018 | |
The soft limits for user pools are updated. | December 11, 2018 | |
Documentation update for verifying email addresses and phone numbers | Added information about configuring your user pool to require email or phone verification when a user signs up in your app. | November 20, 2018 |
Added guidance for initiating emails from Amazon Cognito while you test your app. | November 13, 2018 | |
Added new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against compromised credentials, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt. | June 14, 2018 | |
Allow developers to use their own fully custom domain for the hosted UI in Amazon Cognito User Pools. | June 4, 2018 | |
Added user pool sign-in through an OpenID Connect (OIDC) identity provider such as Salesforce or Ping Identity. | May 17, 2018 | |
Added pages covering the Lambda Migration Trigger feature | April 8, 2018 | |
Added top level "What is Amazon Cognito" and "Getting Started with Amazon Cognito". Also added common scenarios and reorganized the user pools TOC. Added a new "Getting Started with Amazon Cognito user pools" section. | April 6, 2018 | |
Added new security features to enable developers to protect their apps and users from malicious bots, secure user accounts against credentials in the wild that have been compromised elsewhere on the internet, and automatically adjust the challenges required to sign in based on the calculated risk of the sign in attempt. | November 28, 2017 | |
Added the ability to use Amazon Pinpoint to provide analytics for your Amazon Cognito User Pools apps and to enrich the user data for Amazon Pinpoint campaigns. | September 26, 2017 | |
Federation and built-in app UI features of Amazon Cognito user pools | Added the ability to allow your users to sign in to your user pool through Facebook, Google, Login with Amazon, or a SAML identity provider. Added a customizable built-in app UI and OAuth 2.0 support with custom claims. | August 10, 2017 |
Added the ability to allow your users to use a phone number or email address as their user name. | July 6, 2017 | |
Added administrative capability to create and manage user groups. Administrators can assign IAM roles to users based on group membership and administrator-created rules. | December 15, 2016 | |
Updated examples that show how to use AWS Lambda triggers with user pools. | November 27, 2016 | |
Updated iOS code examples. | November 18, 2016 | |
Added information about confirmation flow for user accounts. | November 9, 2016 | |
Added administrative capability to create user accounts through the Amazon Cognito console and the API. | October 6, 2016 | |
Added bulk import capability for Cognito User Pools. Use this feature to migrate users from your existing identity provider to an Amazon Cognito user pool. | September 1, 2016 | |
Added the Cognito User Pools feature. Use this feature to create and maintain a user directory and add sign-up and sign-in to your mobile app or web application using user pools. | July 28, 2016 | |
Added support for authentication with identity providers through Security Assertion Markup Language 2.0 (SAML 2.0). | June 23, 2016 | |
Added integration with AWS CloudTrail. | February 18, 2016 | |
Enables you to execute an AWS Lambda function in response to important events in Amazon Cognito. | April 9, 2015 | |
Provides control and insight into your data streams. | March 4, 2015 | |
Enables support for OpenID Connect providers. | November 23, 2014 | |
Enables support for silent push synchronization. | November 6, 2014 | |
Enables developers who own their own authentication and identity management systems to be treated as an identity provider in Amazon Cognito. | September 29, 2014 | |
Amazon Cognito general availability | July 10, 2014 |
