All news with #amazon cognito tag

Amazon Cognito User Pools Add AWS PrivateLink Support

🔒 Amazon Cognito user pools now support AWS PrivateLink, enabling private VPC connectivity to manage and authenticate against user pools without traversing the public internet. The enhancement covers user pool management APIs, administrative operations, and sign-in for local Cognito users, but does not support OAuth 2.0 authorization code flow (hosted UI/social logins), client credentials, or federated SAML/OIDC sign-ins via VPC endpoints. It is available in all Regions where Cognito user pools exist except AWS GovCloud (US); creating VPC endpoints will incur AWS PrivateLink charges.

Amazon Cognito simplifies Machine-to-Machine pricing

🔔 AWS has simplified pricing for Amazon Cognito machine-to-machine (M2M) authentication by removing the M2M app client price dimension. Customers will now be charged only for successful M2M token requests per month instead of both registered app clients and token requests. The change is effective immediately across all supported Cognito regions and is automatic, requiring no customer action. This reduces the cost to build and scale M2M integrations.

Amazon Cognito Adds Resource Indicators for OAuth 2.0

🔐 Amazon Cognito now accepts resource indicators in OAuth 2.0 access token requests, enabling app clients to request tokens targeted to a specific protected resource rather than a broad service audience. After authenticating the client, Cognito issues an access token with the aud claim set to that resource. This replaces prior workarounds that relied on non‑standard claims or custom scopes and simplifies issuing resource‑specific tokens for agents and other clients. The capability is available to Cognito Managed Login customers on Essentials and Plus tiers in Regions where Cognito is offered, including AWS GovCloud (US).

Amazon Cognito: Managed vs. Custom Login UI Options

🔒 This post contrasts Amazon Cognito's two primary UI approaches—managed login and a fully custom UI—and outlines feature, security, and operational trade-offs to guide architects and developers. Managed login (offered as a modern branding editor or the Hosted UI classic) offloads hosting, scaling, and maintenance while providing OAuth2 flows, federation with social and OIDC/SAML providers, passwordless options, and CloudTrail action logging. A custom UI gives full control over UX, session management, localization, and supports custom authentication flows via Lambda triggers, but requires development, hosting, and operational responsibility under the AWS Shared Responsibility Model.

Amazon Cognito adds configurable terms and privacy URLs

🔒 Amazon Cognito now lets customers configure terms of use and privacy policy document URLs directly in Managed Login pages so legal notices are presented during user registration without custom coding. You can assign URLs per app client and provide language-specific links tied to the lang query-parameter for localized experiences. This simplifies implementation, reduces development effort, and is available to Essentials and Plus tier customers, including AWS GovCloud (US).