Amazon Cognito Custom Attributes

Reading time ~2 minutes

Want to learn more about AWS? Sign up for my mailing list!

Amazon Cognito can be a useful service when you want to add authentication and authorization to an existing application on AWS. But I’ve also noticed a few quirks that I couldn’t find answers to anywhere in the documentation. So here’s my attempt to spare some folks idle hours search for answers.


If you’re wondering what the heck the DeveloperOnlyAttribute is, what it’s for and how to use it you’re in good company. There is a very limited amount of information in the documentation on this and it’s purpose within Cognito. From the only explanation I could find anywhere in AWS it is supposed to be used when you don’t want to expose an attribute to end users. That is, you don’t want it returned to the frontend mobile or web client for them to see. Presumably this might be some internal configuration information you’d rather they didn’t have access to.

Custom Attribute Naming in the AWS Console vs. Development SDKs

If you’re creating a custom attribute for a Cognito User Pool and you’d like to name it thing then it will show up as custom:dev:custom:thing in the Cognito console in the AWS Dashboard. But, confusingly, you’ll need to refer to it as dev:custom:thing in your code when working with the AWS SDKs.

Why? I have no idea. This is not an incredibly intuitive implementation but maybe someone can enlighten me in the comments. I wish you luck in discovering no other weird quirks in your use of Cognito!