Using Your Own Custom External Domain with AWS Cognito
You can use your own domain with Amazon for authentication. For this tutorial, I am going to use an external domain and not use route 53.
So, basically, you can set up a custom domain using route 53 or use another external provider for DNS management. As I already have a purchased domain and I was using another external provider for DNS management, it does not make sense to start all over again using route 53, so we are going to set up our Cognito with another external provider. I believe there are a lot of people in my situation.
Strategy
- Create an AWS Certificate Manager (ACM);
- Add the created domain to Cognito Domain Name;
AWS Certificate Manager (ACM)
You need to have an SSL/TLS certificate to be able to use your own domain in AWS.
1 — Select the Virginia region. AWS only supports Virginia to request certificates.
“you must request or import the certificate in the US East (N. Virginia) region”
1 — AWS Certificate Manager (ACM);
3 — In Provision certificates select Get Started;
4 — Now you can import your certificate or request a public certificate for free. I am going to choose a public certificate;
5 — I am going to use *.adapt4you.com;
“Use an asterisk (*) to request a wildcard certificate to protect several sites in the same domain. For example: *.example.com protects www.example.com, site.example.com, and images.example.com.”
6 — Select next and then I will choose DNS validation. You can select email validation if that option is more convenient for you.
7 — Add a tag then click the review button;
8 — Confirm and request.
Now you must have something like this:
- Status: Pending validation
- Name: xxxx.domainName.com (Mine is hidden in the print screen for security reasons)
- Value: xxxx (Mine is hidden in the print screen for security reasons)
9 — Now you need to add the following CNAME record to the DNS configuration for your domain. My DNS management provider is WIX. You need to add a new CNAME record to your DNS management provider.
Nome do Host: _xxx.adapt4you.com
Type: CNAME
Value: _xxxxxxxxxx.xxx.acm-validations.aws
TTL: 1 hour
The logic for the other provider must be the same.
10 — After some seconds your certificate is issued:
11 — In my case I want to use this domain in Irland, so now you just need to change the region for Irland and follow the same process as before. You do not need to add a new record in the DNS provider, because the name and value are the same as created in the Virginia region. After some seconds/minutes, the certificate is issued for Irland too.
This step can be useful to register an API custom domain per example
AWS Cognito
1— Go to Cognito service and select your user pool
2 — Add a new record again in your DNS management provider. My DNS management provider is WIX.
Name: auth3.adapt4you.com (Domain name)
Value: xxx.cloudfont.net (Alias target value)
Type: CNAME
TTL: 1 hour
After some time your domain will be ACTIVE
Conclusion
Use a custom domain is really useful because when you create a new App Poll if you do not set a custom domain it generates an automatic URL. With a custom domain, you enable your users to sign in to your application by using your own web address.
References
- https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
- https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html
- https://support.wix.com/en/article/editing-dns-records-in-your-wix-account
- https://storage.googleapis.com/website-production/uploads/2017/04/custom-domain-names.jpg
