AWS Cognito can be a great help for any application that doesn’t want to invest in an authorization system. With some basic configuration, one can start creating and managing their own User pool. Cognito also provides a self-hosted domain for hosting an OAuth 2.0 authorization server with built-in webpages that can be used to sign up and sign in users. However, we can use your own domain with below-mentioned steps:
- Request a certificate in ACM
In AWS Certificate Manager (ACM), request for a certificate with a wildcard domain name (*.yourapp.com). This is done so that your application gets a root domain (yourapp.com) and an auth site (auth.yourapp.com) as well. Choose DNS as the validation method.
2. Validate your certificate
After requesting the certificate, download the DNS Configuration file. Register provided record name in your DNS manager (AWS Route 53) with the record value as CNAME. On success, the certificate status is shown as ‘Issued’.
3. Add the domain in Cognito console
Under App Integration, Domain name section, we can add our domain name and AWS managed certificate. As AWS documentation suggests, the domain is usually the subdomain of your application with ‘auth’ as prefix. Thus, we can use (auth.yourapp.com).
4. Register your sub-domain
Again in Route 53, Add a new record set for your subdomain. However, this time, we need to enable alias for the record. In the name, add the subdomain (auth.yourapp.com), enable the alias and add alias target as given in the Cognito console.
Finally, if all goes well the domain status will be ACTIVE and then we will be able to see the login page in our own domain.