Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Apr 29, 2024


Authentication is the process of verifying the identity of a user. Writing the code for an application's login flow can be difficult and time consuming. In Amplify Studio, you can easily add a complete Amazon Cognito authentication solution to your app. You simply specify the log-in method, such as email and password, Amazon, Google, Facebook, or Sign in with Apple, and you are provided with the authentication UI component for the entire authentication flow.

If you choose to add one of the social sign-in login mechanisms, you will also need to specify an app ID, app secret, and redirect URIs. To learn more about how social sign-in works, see Social sign-in (OAuth).

Multi-factor authentication (MFA) increases security for your app by adding an authentication method and not relying solely on the username and password. AWS Amplify uses Amazon Cognito to provide MFA. To learn more, see Multi-factor authentication.

Note that you must configure and deploy authentication for your application before you can create users and groups or apply authorization rules to your data models.

To configure how users log in to an app

  1. Launch Studio for an app
  2. On the Set up menu, choose Authentication.
  3. In the Configure log in section, choose a login mechanism to add from the Add login mechanism list. Valid options are Username, Phone number, Facebook, Google, Amazon, and Sign in with Apple. If you choose one of the social sign-in mechanisms, Facebook, Google, Amazon, or Sign in with Apple you will also need to enter your App ID, App Secret, and redirect URLs.
  4. (Optional) Add multi-factor authentication (MFA). MFA is set to Off by default. To turn on MFA, do the following in the Multi-factor authentication section:
  • Choose Enforced to require MFA for all users or choose Optional to allow individual users to enable MFA.
  • (Optional) Choose SMS, and enter your SMS message.
  • (Optional) Choose Authenticator Application if you want your app to load with an authentication flow that includes sign up and sign in.
  1. In the Configure sign up section, expand Password protection settings and customize the password policy settings to enforce.
  2. Choose Save and Deploy. This starts a CloudFormation deployment with the progress displayed in the upper right corner of the page.

Login mechanism settings, and sign up settings can't be changed after you deploy authentication. To change these settings, you must first delete the deployed authentication and then create and deploy new settings. You can, however, add new login mechanisms, add multi-factor authentication, and update the password protection settings.

To reset authentication configuration settings

  1. Launch Studio for an app
  2. On the Set up menu, choose Authentication.
  3. At the end of the Authentication page, choose Reset all authentication settings and users.
  4. In the Delete authentication confirmation window, choose Delete all authentication rules.
  5. The deployment progress displays in the upper right corner of the page.
  6. After the delete authentication deployment completes, deploy new authentication rules by following the steps in the preceding procedure for configuring how users log in to an app.