About This Project
Integrated a secure login and user management system using Amazon Cognito.
Configured Cognito User Pool for authentication and set up an App Client with a hosted login UI.
Connected the login flow to my AWS EC2-hosted portfolio, allowing authenticated access to restricted sections.
The authentication is fully handled by AWS — users are redirected to the Cognito Hosted Login Page and back to my domain after sign-in.
Key Features
- Amazon Cognito User Pool Authentication
- Secure Hosted Login Page (No custom backend needed)
- Integration with EC2-hosted Website
- Custom Domain Mapping for Cognito Hosted UI
- OAuth 2.0 Flow with Client Secret Protection
- Secure Redirects After Login
Challenges & Solutions
The most time-consuming part was domain verification and SSL setup for Cognito’s custom domain.
Cognito required CNAME records in Route 53 to verify the domain and link it with my hosted UI,
which took several hours due to DNS propagation delays.
Another challenge was understanding the use of the App Client Secret.
Initially, my authentication failed because the Client Secret had to be included in the redirect flow
for the hosted UI to work with authorization code grant.
I solved this by securely encoding it and storing it only in backend configuration (not client-side).
I also faced issues with redirect URIs —
Cognito requires exact matching URLs (case-sensitive) for both sign-in and sign-out.
It took several retries to correctly match my portfolio’s live domain and Cloudflare HTTPS setup.
I chose to use Cognito’s Hosted Login Page instead of creating a custom HTML login page
because it is fully managed, more secure, and automatically includes password resets, MFA, and user confirmation —
saving time and avoiding sensitive data handling on my server.
