Adding Authentication in AWS with Amplify

Follow us on LinkedIn for our latest data and tips!

If you’re familiar with using AWS for user authentication, DynamoDB, AppSync and other services in your app or website, you’ll love Amplify.

Amplify is a command-line interface that takes a few shortcuts, avoids the clicking and navigation and also makes a few wise decisions for you. Granted, you can customize things as you wish. And you can always go straight to the console source and make changes. But most of the time, using Amplify will do what you want faster and easier.

The first thing you need to do is install Amplify. You’ll need an AWS account and then run a few commands. You can see the details here:

Initialize a Project

Once it’s installed, you’re ready to go. I’ll use an iOS app but you can use basically the same steps for Android or a web app.

Navigate in the terminal to your project. From there, you’ll create your app’s existence with AWS with this command:

amplify init

The first thing it asks is for you to pick an editor:

I usually use Vim because it launches in the same terminal window.

Then it asks you to verify the type of project you’re working on. It can usually detect correctly based on the files:

Then you need to pick a profile (or create one on AWS which it helps you with):

Then it does it’s magic… and prints out a lot of lines. You can watch as it creates everything it needs. It will create a bucket in S3 for the deployment files, IAM roles as needed for running and accessing various pieces and a CloudFormation to manage it all.

The best part is you really don’t have to care! 🙂 Of course it’s always good to know what’s going on. I highly recommend going to each of the places listed in the AWS console to see what’s created.

Once the project is all setup, you’re ready to add features from AWS.


If you run just “amplify” you get some basic help:

The key things you’ll tend to do are these:

amplify add <category> – This is how you add various services. If you add api, you’re adding AppSync (and possibly more like DynamoDB). If you add auth, that’s authorization using Cognito. Storage is S3 and so on.

Amplify does a great job of walking you through each one that while knowledge of each is great, it might not be necessary. Again, however, I highly recommend you understand what’s going on in the background.

I’d suggest using Amplify as a powerful tool to do what you already know about. I do not recommend using Amplify as a way to avoid learning the functionality of AWS.

Add Authorization

So let’s add a feature via Amplify to our app. We’ll use the command:

amplify add auth

One funny thing about amplify is that you can add a category with “amplify add <category>” or “amplify <category> add.” It’s like you can tell amplify “add this category” or you can tell a category to be added. Try not to let it bug you.

The first question you’ll be added is if you want to use the default configuration:

I like the default configuration. If you want to know more, select “I want to learn more” which displays this:

Again, I recommend learning about Cognito to understand the details. For this tutorial, we’ll go with the default.

It will set up the configuration for authorization to use a username, email and password for new accounts.

Amplify does this locally (and explains so at the end of the execution). So the configuration and everything is setup in files under the directory of your project.

It also mentions how you can push the change to AWS with the push command. To get it to AWS, you run:

amplify push

It will have you verify the changes before continuing:

In some cases there are more questions to answer and typically the default answer (e.g., Y/n – the capital letter being the default) is a good answer and you can just hit Enter on the keyboard.

Pushing to AWS can take a few minutes. Many lines will print out that look similar to when you created the project. Hopefully it ends with “All resources are updated in the cloud” and a satisfying green checkmark. 🙂


Once it’s pushed to the server you can view the details at:

Of course you won’t have any users yet:

And locally you’ll have a new file that’s very important. It’s named awsconfiguration.json and it’s in the same directory your project is in:

This configuration file holds the details of the setup you created on AWS. It’s the file that you’ll include in your project (in this case Xcode) for access to the services and features.

As the extension implies, it’s a JSON file:

It lists the authentication related details the CocoaPods (iOS) will use to access AWS. As other categories are added via amplify, more items will be added to the awsconfiguration.json file.

If you include the file in your project where it is, you won’t need to update the file in your project as you add more services.

App Code

To add authentication to your code, you can visit the AWS documents per platform:

On the left side you’ll see a listing of other categories you can add similarly to your project.

For iOS, once you install the CocoaPods, checking to see if the user is logged in is pretty easy along with some other useful properties:

And showing the login/create account UI is similar:


Hopefully this removes some of the mystery of Amplify. I recommend trying it out and seeing how well it works for you. I’ve gotten pretty comfortable with it to the point that I don’t load up much of AWS to verify what it’s doing anymore.

Another great command in amplify is one that cleans everything up (for the given project). That way you can play around with it and remove it all easily. 🙂

amplify delete