Creating a Cognito User Pool

Amazon Cognito is a service that provides authentication, authorization, and user management for your web and mobile games. Players can sign-up and sign-in directly with a username and password, or through third party identity providers like Facebook, Amazon, or Google. There are two main components of Amazon Cognito:

User Pools

A user pool is a user directory that provides sign-up and sign-in options for your app users. Users in a user pool have an associated directory profile.

Identity Pools

An identity pool enables you to grant temporary AWS credentials to access AWS services to players. Identity pools support anonymous guest users.

For this workshop, you will practice creating a user pool to authenticate players and integrate it into your Unity game.

  • Sign into the AWS Management Console and on the Services menu, click Cognito or click this quick link.

  • Choose Manage User Pools.

  • Click Create a user pool.

  • Add a name for your user pool. For this example, AWSUserPool will be used as the name.

  • Select Step through settings to get a better understanding of the customizations and features Cognito offers.

  • This will take you to the attributes page where you can begin to customize your user pool.

You can define how you want your users to sign-in. For now, leave it as default, which allows your users to sign-in with a username and password. Optionally, you can allow your users to sign-in with an email or phone number as well.

There are also different attributes that you can require during the sign-up process. These are fields that are required when signing up for a user account. Leave the default email attribute selected. You can also add custom attributes.

  • Leave these fields as default and select Next step.

  • Select Next step.

  • Review the other customizations you can make on this page, leave them as default, and select Next step.

This page shows other features you can enable, like Multi-Factor Authentication to add an extra layer of security when your users sign-in. You also have to provide a role to allow Amazon Cognito to send SMS messages to users on your behalf. This is called an IAM role, which is our Identity and Access Management service that helps define access and management permissions for your AWS users and resources.

  • On the next page, under the part that says “Do you want to customize your email verification messages?”, change Verification type from Code to Link.

This will allow your users to verify their email in a convenient way by clicking a link during the sign-up process.

  • Click Next step.

  • Click Add tag and enter the following configurations:

    • Tag Key: Name

    • Tag Value: Cognito User Pool for AWS Serverless Unity Game

You can add tags to your AWS resources, which will help you identify them easily, keep your resources organized, and can help better understand billing costs.

  • Click Next step.

  • Under “Do you want to remember your user’s devices?” leave the default “No” selected for now, and click Next step.

This is a feature that helps enable device tracking and remembering. It can provide insight into the usage of your app’s users and reduce the friction associated with Multi-Factor Authentication.

  • Click Next step.

  • On this page, select Add an app client and configure:

    • App client name: AppClient

    • Unselect Generate client secret

    • Unselect Enable lambda trigger based custom authenticatiton

    • Select Enable username password based authentication

  • Click Create app client. Your configurations should look like the following:

Within Cognito, an app is an entity within a user pool that has permission to call unauthenticated APIs, such as APIs to register, sign in, and handle forgotten passwords. This does not require an authenticated user. To call these APIs, an app client ID is necessary.

  • Click Next step.

On this page you can create customized workflows using AWS Lambda functions to create triggers. For example, you can define authentication challenges, like completing a CAPTCHA.

  • Accept the defaults and click Next step.

  • Review your configurations for your Cognito user pool. Click Create pool.

  • Now, you will be at a page where you can view and edit the general settings of the user pool you just created. On the left-hand navigation panel under App Integration, select Domain name.

  • Add a unique prefix to your Amazon Cognito domain to be able to use the user pool within your mobile game.

  • Click Check availability to make sure your domain name is unique.

  • Select Save changes.

  • There is some information you will need to reference later when you are adding Cognito functionality to your Unity game. On the left-hand navigation panel, click General Settings.

  • At the top of the page, you will see your Pool Id. Save this in a notepad for later.

  • On the left-hand navigation panel under App integration, select App client settings. You will see your App client ID. Save this in a notepad for later as well.

Congratulations! You have created your Amazon Cognito user pool successfully.