Amazon Cognito advanced security features
I’m happy to inform a number of important changes to Cognito Amazon today. These improvements are meant to give your apps greater flexibility, enhanced security, and an improved user experience.
Here is a brief synopsis:
- A brand-new developer-focused console environment that facilitates integration with well-known application frameworks for beginners
- Presenting Managed Login: a collection of customization choices and a redesigned Cognito-managed drop-in sign-in and sign-up page
- Passkey authentication and passwordless login are now supported by Cognito Amazon.
- Additional pricing tier options to suit your use cases include the Lite, Essentials, and Plus tiers.
A fresh console experience geared toward developers
With a short wizard and recommendations tailored to specific use cases, Amazon Cognito now provides a simplified getting started experience. With this new method, you may contact your end customers more quickly and effectively than ever before and set up configurations more quickly.
You can easily set up your application with the help of this new Cognito Amazon procedure. There are three stages to get started:
- Decide what kind of application you must create.
- Set up the sign-in options based on the kind of application you’re using.
- To incorporate the sign-in and sign-up pages into your application, adhere to the guidelines.
- Next, choose Create.
Your application and a new user pool a user directory for authentication and authorization are then automatically created by Amazon Cognito. From here, you can either start using the sample code for your application or choose the View login page to examine your sign-in page. Additionally, Cognito Amazon provides comprehensive integration instructions for standard OpenID Connect (OIDC) and OAuth open-source libraries, as well as compatibility with major application frameworks.
This is your application’s updated overview dashboard. Important details are now available in the Details part of the user pool dashboard, along with a list of suggestions to assist you further your development.
The Managed Login function on this page allows you to personalize the sign-in and sign-up process for your users.
Presenting Managed Login
With the launch of Managed Login, Amazon Cognito offers even more customization options. For your business, Managed Login takes care of the heavy work of security, scalability, and availability. After integration, any future additions and security fixes are automatically applied without requiring additional code modifications.
With the help of this functionality, you can design unique sign-up and sign-in processes for your customers that blend in seamlessly with the rest of your business application.
You must assign a domain before you can utilize Managed Login. To give your consumers a recognizable domain name, you can either use a prefix domain, a randomly created Cognito Amazon domain subdomain, or your own custom domain.
After that, you can decide between the original Hosted UI and Managed login as your branding version.
The classic Hosted UI feature may be recognizable to you if you now utilize Amazon Cognito. A new set of web interfaces for sign-up and sign-in, multi-factor authentication, built-in responsiveness for various screen sizes, and password-reset capabilities for your user base are all features of Managed Login, an enhanced version of Hosted UI.
An array of API operations for programmatic configuration or deployment via infrastructure-as-code with Amazon Web Services CloudFormation, a new branding designer, and a no-code visual editor for managed login materials and style are all available with Managed Login.
You may alter how the entire user journey from sign-up and sign-in to password recovery and multi-factor authentication looks and feels by working with the branding designer. Before you run it, you can preview screens in various screen sizes and display modes with this feature’s handy shortcuts and real-time preview.
Support for passwordless login
Additionally, the Managed Login functionality provides pre-built connectors for passwordless authentication techniques, such as SMS OTP, email OTP (one-time password), and passkey signing. Better security than typical passwords is provided with passkey support, which enables users to authenticate using cryptographic keys that are safely saved on their devices. This feature enables you to create secure and low-friction authentication solutions without having to comprehend and use WebAuthn-related protocols.
This feature makes it easier for users to use your applications while upholding strong security standards by lowering the hassle that comes with traditional password-based sign-ins.
Additional pricing tier choices include Lite, Essentials, and Plus
Three new user pool feature tiers—Lite, Essentials, and Plus have been added to Cognito Amazon. The Essentials tier is the default tier for new user pools that customers create, and these tiers are made to accommodate various customer needs and use cases. With the ability to move between tiers as needed, this new tier structure also lets you select the best solution based on the needs of your application.
- You can choose Feature plan from your application dashboard to see your current tier. Additionally, you can choose Settings from the menu.
- You can choose to upgrade or downgrade your plan and get comprehensive details about each tier on this page.
Here is a brief synopsis of every tier:
Lite tier: This tier now includes pre-existing functionality including social identity provider integration, password-based authentication, and user registration. You can keep using these capabilities if you already use Cognito Amazon without changing your user pools.
Essentials tier: With the help of the Essentials tier’s ex:tensive authentication and access control tools, you can quickly and easily create safe, scalable, and personalized sign-up and sign-in processes for your application. In addition to providing Managed Login and passwordless login options via passkeys, email, or SMS, it has all the features of Lite. Additionally, Essentials allows you to disable password reuse and customize access tokens.
Plus Tier: It expands on the Essentials tier by emphasizing higher security requirements. It has all the essential functionality plus the ability to identify compromised credentials, protect against suspicious login activity, export user authentication event logs for threat analysis, and implement risk-based adaptive authentication.
Amazon Cognito pricing
The Lite, Essentials, and Plus levels’ prices are determined by the number of active users each month. Customers who are currently utilizing Cognito Amazon‘s advanced security features might want to think about upgrading to the Plus tier, which offers all of the advanced security features along with other benefits like passwordless access and up to 60% more savings than using the advanced security features alone.
Visit the Amazon Cognito pricing page to find out more about these new price tiers.
Things you should be aware of
Availability: With the exception of AWS GovCloud (US) Regions, all AWS Regions where Cognito Amazon is accessible offer the Essentials and Plus tiers.
Amazon Cognito free tier
Free tier for Lite and Essentials tiers: Users on the Lite and Essentials tiers are eligible for the free tier every month, which is perpetual. Both new and current Amazon Web Services users can access it indefinitely.
Customers can upgrade their user pools without advanced security features (ASF) in their current accounts to Essentials and pay the same price as Cognito user pools until November 30, 2025, with an extended pricing benefit for current customers. Customers must have had at least one monthly active user (MAU) on their accounts throughout the previous 12 months by 10:00 a.m. Pacific Time on November 22, 2024, to qualify. Until November 30, 2025, these customers can create new user pools with the Essentials tier for the same pricing as Cognito user pools in those accounts.
With these enhancements, you can use Cognito Amazon to create safe, scalable, and adaptable authentication solutions for your apps.