We are experiencing a recurring and intermittent authentication failure when using Amazon Cognito Hosted UI.
Behavior
When users attempt to log in via the Hosted UI /login endpoint, authentication sometimes fails and the browser is redirected with:
HTTP status: 302 Found
Location: /error
No error message or error code is displayed
The issue affects production users and occurs frequently, but not deterministically.
Context
Region: eu-south-1 (Milan)
Cognito User Pool with Hosted UI enabled
Login flow: Implicit grant
Scopes: openid aws.cognito.signin.user.admin
Custom domain for Hosted UI
Standard username/password authentication
Example
A failing login attempt occurred at:
2026-03-24 09:25:17 UTC
The /login request was correctly formed (client_id, redirect_uri, scopes, nonce, state, etc.).
Credentials were valid, yet the response was a redirect to /error.
What we have already checked
User Pool configuration
App Client settings (flows, scopes, callback URLs)
Lambda triggers (no failures observed)
CloudWatch logs (no clear error related to the failure)
CloudTrail (no meaningful events tied to the redirect)
Problem
We are unable to identify:
What internal condition causes Cognito Hosted UI to redirect to /error
Where (or if) detailed backend logs for Hosted UI errors are available
Whether this behavior is a known issue or limitation in eu-south-1
Questions
What are the common internal causes for a Hosted UI /error redirect with no details?
Are there Cognito backend / Hosted UI logs that can be consulted for this type of failure?
Are there known intermittent issues with Hosted UI authentication in eu-south-1?
Are there additional diagnostics or configuration checks recommended in this scenario?
Any guidance or pointers would be greatly appreciated, as this impacts a production login flow.
Thank you.
