A Guide to Register a User in Amazon Cognito using Python – Part 1

Overview

In this multi-part series, we’ll explore the power of AWS Cognito and Boto3 in Python. Discover how to harness the capabilities of AWS Cognito to manage user registration more efficiently. In this first part, we’ll focus on registering users with AWS Cognito, providing you with a step-by-step guide to get started. Stay tuned for a comprehensive journey through AWS Cognito’s capabilities using the Boto3 client for Python. 

Objective

Demonstrate how to implement user authentication in Amazon Cognito using Python for secure and seamless access control in your applications.

Introduction

Amazon Cognito is a service that Amazon Web Services (AWS) provides identity and user management for your applications.

Key features and components of Amazon Cognito

• User Pools: Create and manage user accounts with customizable authentication options.
• Identity Pools (Federated Identities): Securely access AWS resources with temporary credentials.
• Hosted UI: Pre-built, customizable web interface for user authentication.
• Security Features: Multi-factor authentication, email/SMS verification, and adaptive authentication.
• Social Identity Providers: Integration with popular social login providers.
• Customization and Extensibility: Customize authentication flows and user attributes with Lambda triggers.
• User Management: Manage user lifecycles, including registration and account recovery.
• Sync and Analytics: Synchronize user data and track user activity across devices for analytics.

Amazon Cognito User Pool

An Amazon Cognito User Pool is a special way to check if someone should be allowed into an app. Think of it as a list of all the app’s users. Here’s how it works:

• You can log in with your social media accounts or other services.
• It can also help prove who you are to other apps.
• If you use it, Amazon Cognito keeps track of your login info. Otherwise, other services do.

The app can use the list of users to know more about you. Amazon Cognito User Pool can do things like:

• Let you sign up and log in.
• Give you a website where you can sign up.
• Let you log in with social media.
• Keep a list of users and their info.
• Use extra security like Multi-Factor Authentication (MFA).

Once you log in, the app gets a special code (JWT) that helps it trust you. This code gives you access to different parts of the app.

Step-by-Step Guide

Step 1: Sign-Up using Amazon Cognito, Python SDK Boto3

There are certain prerequisites for this code to work.

• When you create the User Pool, choose the Sign-in option as shown below:

• When I made the user pool, I added a ‘preferred_username’ field so users can choose their username instead of using their email address as their username. Add “custom:” before the attribute name if you want to use custom attributes.

Required fields: preffered_username, email.

Custom Attributes: first_name, last_name.

• Create a file called .env in the current directory where you have the below code. In this file, you should provide the macro COGNITO_USER_CLIENT_ID and COGNITO_REGION_NAME, with the client ID from Amazon Cognito > User Pool > (Your-user-pool-name) > App integration > Select your App Client.

• When you execute the above code, you will get this back as a response

• Now, if you check the Amazon Cognito > User Pools > (Your-user-pool-name) > Users, the user will be unconfirmed. You will see this and get a verification code in your email.

Step 2: Confirmation User using Amazon Cognito, Python SDK Boto3

• You’re not a confirmed user but received a confirmation code in your email. Let’s figure out how to make you a confirmed user. Here’s the code to do it.

• When you execute the above code, you will get this back as a response

• If you again go and check in Amazon Cognito > User Pools > (Your-user-pool-name) > Users, the user should be confirmed now.

Congratulations! You’ve successfully created your first app user.

Conclusion

We developed a registration component that enables users to sign up using the Amazon Cognito service with boto3. Amazon Cognito can be used for various common scenarios, including accessing AWS AppSync resources, verifying identity with third-party services, accessing AWS services through an identity pool, using AWS API Gateway and AWS Lambda user pools to access resources, and much more.

Drop a query if you have any questions regarding Amazon Cognito User Pool and we will get back to you quickly.

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.