Use existing Cognito resources
Amplify Auth can be configured to use an existing Amazon Cognito user pool and identity pool. If you are in a team setting or part of a company that has previously created auth resources, you have a few different options to configure your application to use existing auth resources.
If you are using Amplify to build your backend, it is recommended to add a reference to your auth resource using backend.addOutput
.
If you do not use Amplify to build your backend, you can configure the client library directly.
Use auth resources with an Amplify backend
The easiest way to get started with your existing resource is to use backend.addOutput
to surface auth configuration to amplify_outputs.json
automatically. In it's simplest form:
import { defineBackend } from "@aws-amplify/backend"
/** * @see https://docs.amplify.aws/react/build-a-backend/ to add storage, functions, and more */const backend = defineBackend({})
backend.addOutput({ auth: { aws_region: "<your-cognito-aws-region>", user_pool_id: "<your-cognito-user-pool-id>", user_pool_client_id: "<your-cognito-user-pool-client-id>", identity_pool_id: "<your-cognito-identity-pool-id>", username_attributes: ["email"], standard_required_attributes: ["email"], user_verification_types: ["email"], unauthenticated_identities_enabled: true, password_policy: { min_length: 8, require_lowercase: true, require_uppercase: true, require_numbers: true, require_symbols: true, } }})
You can also use the CDK to dynamically reference existing resources, and use metadata from that resource to set up IAM policies for other resources, or reference as an authorizer for a custom REST API:
import { defineBackend } from "@aws-amplify/backend"import { UserPool, UserPoolClient } from "aws-cdk-lib/aws-cognito"
/** * @see https://docs.amplify.aws/react/build-a-backend/ to add storage, functions, and more */const backend = defineBackend({})
const authStack = backend.createStack("ExistingAuth")const userPool = UserPool.fromUserPoolId( authStack, "UserPool", "<your-cognito-user-pool-id>")const userPoolClient = UserPoolClient.fromUserPoolClientId( authStack, "UserPoolClient", "<your-cognito-user-pool-client-id>")// Cognito Identity Pools can be referenced directlyconst identityPoolId = "<your-cognito-identity-pool-id>"
backend.addOutput({ auth: { aws_region: authStack.region, user_pool_id: userPool.userPoolId, user_pool_client_id: userPoolClient.userPoolClientId, identity_pool_id: identityPoolId, // this property configures the Authenticator's sign-up/sign-in views username_attributes: ["email"], // this property configures the Authenticator's sign-up/sign-in views standard_required_attributes: ["email"], // this property configures the Authenticator confirmation views user_verification_types: ["email"], unauthenticated_identities_enabled: true, // this property configures the validation for the Authenticator's password field password_policy: { min_length: 8, require_lowercase: true, require_uppercase: true, require_numbers: true, require_symbols: true, }, },})
Use auth resources without an Amplify backend
Alternatively, you can use existing resources without an Amplify backend.
Configuring the mobile client libraries directly is not supported, however you can manually create amplify_outputs.json
with the following schema:
{ "version": "1", "auth": { "aws_region": "<your-cognito-aws-region>", "user_pool_id": "<your-cognito-user-pool-id>", "user_pool_client_id": "<your-cognito-user-pool-client-id>", "identity_pool_id": "<your-cognito-identity-pool-id>", "username_attributes": ["email"], "standard_required_attributes": ["email"], "user_verification_types": ["email"], "unauthenticated_identities_enabled": true, "password_policy": { "min_length": 8, "require_lowercase": true, "require_uppercase": true, "require_numbers": true, "require_symbols": true } }}