Custom domain for "cognito-idp.us-east-1.amazonaws.com"

Question

I have a Cognito app client configured to use USER_PASSWORD_AUTH flow. By POSTing this request:

{
    "AuthParameters": {
        "USERNAME": "{{Username}}",
        "PASSWORD": "{{Password}}"
    },
    "AuthFlow": "USER_PASSWORD_AUTH",
    "ClientId": "{{AppClientId}}"
}

to "cognito-idp.us-east-1.amazonaws.com", I am able to successfully authenticate and retrieve JWTs.

I would like to CNAME the URL to be something like "auth.mydomain.com", but when I do that, I get a client certificate validation error. Is there anyway to associate a valid certificate so I can CNAME the URL successfully?

Answer

Hi,

You will not be able to CNAME the cognito endpoint domain but you can create a proxy to this endpoint using API Gateway or CloudFront and you can assign a custom domain to your proxy endpoint. You may find [this blog post](https://aws.amazon.com/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/) helpful which demonstrates using CloudFront as a proxy to Cognito endpoint but you can also implement a simpler proxy using API Gateway.

Answer

Hey there,

It sounds like you're looking to use a custom domain name in Cognito. Give [this doc](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html) a look and come back to us if you have more questions.

Answer

sorry i wasn't able to help, removing my answer

Custom domain for "cognito-idp.us-east-1.amazonaws.com"

관련 콘텐츠