> ## Documentation Index > Fetch the complete documentation index at: https://nango.dev/docs/llms.txt > Use this file to discover all available pages before exploring further. # AWS ## Overview ## Pre-built tooling | Tools | Status | | ------------------------------- | ------ | | Pre-built authorization (OAuth) | ✅ | | Credentials auto-refresh | ✅ | | Pre-built authorization UI | ✅ | | Custom authorization UI | ✅ | | Expired credentials detection | ✅ | | Tools | Status | | ----------------------------------------- | ------------------------------ | | Pre-built integrations | 🚫 (time to contribute: \<48h) | | API unification | ✅ | | 2-way sync | ✅ | | Webhooks from Nango on data modifications | ✅ | | Real-time webhooks from 3rd-party API | 🚫 (time to contribute: \<48h) | | Proxy requests | ✅ | | Tools | Status | | ----------------------- | ------ | | HTTP request logging | ✅ | | End-to-end type safety | ✅ | | Data runtime validation | ✅ | | OpenTelemetry export | ✅ | | Slack alerts on errors | ✅ | | Integration status API | ✅ | | Tools | Status | | ---------------------------------- | ------------------------------ | | Create or customize use-cases | ✅ | | Pre-configured pagination | 🚫 (time to contribute: \<48h) | | Pre-configured rate-limit handling | 🚫 (time to contribute: \<48h) | | Per-customer configurations | ✅ | *No pre-built syncs or actions available yet.* Not seeing the integration you need? [Build your own](/guides/functions/functions-guide) independently. ## Access requirements | Pre-Requisites | Status | Comment | | ----------------- | -------------- | ------------------------------------------------------------------------------------- | | Paid dev account | ✅ Not required | Free, self-signup for an [AWS account](https://portal.aws.amazon.com/billing/signup). | | Paid test account | ✅ Not required | Free tier is sufficient for testing. | | Partnership | ✅ Not required | | | App review | ✅ Not required | | | Security audit | ✅ Not required | | ## Setup guide AWS offers multiple authentication methods. This guide covers two main approaches: ### AWS IAM (Basic Auth) If you don't already have one, sign up for an [AWS account](https://portal.aws.amazon.com/billing/signup). 1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/). 2. Navigate to the IAM service by searching for "IAM" in the search bar. 3. In the left navigation pane, choose **Users**, then **Create user**. 4. Enter a user name and select **Next**. 5. On the permissions page, select **Attach policies directly**. 6. Search for and select the policies that grant the necessary permissions for your integration. For example, you might need `AmazonS3ReadOnlyAccess` for S3 access. 7. Choose **Next**, review your choices, and then select **Create user**. 1. From the list of users, select the user you just created. 2. Select the **Security credentials** tab. 3. Under **Access keys**, choose **Create access key**. 4. Select **Application running outside AWS** as the use case, then click **Next**. 5. (Optional) Add a description tag, then click **Create access key**. 6. On the final page, you'll see your **Access key ID** and **Secret access key**. Make sure to download the .csv file or copy these values, as you won't be able to view the secret access key again. When setting up your AWS IAM integration in Nango: * Use your **Access key ID** as the username * Use your **Secret access key** as the password * Specify the AWS region in your connection configuration (e.g., `us-east-1`) Follow the [*Quickstart*](/getting-started/quickstart). ### AWS Cognito (OAuth 2.0) If you don't already have one, sign up for an [AWS account](https://portal.aws.amazon.com/billing/signup). 1. Sign in to the [AWS Management Console](https://console.aws.amazon.com/). 2. Navigate to the Amazon Cognito service by searching for "Cognito" in the search bar. 3. Choose **User Pools** from the left navigation pane. 4. Select **Create user pool**. 5. Choose the authentication providers you want to use. For OAuth integration, select **Cognito user pool** as the provider. 6. Configure the security requirements, including password policy and MFA settings. 7. Configure sign-up experience and required attributes. 8. Configure message delivery for verification emails and SMS. 9. Integrate your app by giving it a name and configuring the app client. 10. Review all settings and create the user pool. 1. After creating the user pool, navigate to the **App integration** tab. 2. Under **App clients and analytics**, select **Create app client**. 3. Choose **Confidential client** for server-side applications. 4. Enter a name for your app client. 5. Set the **Refresh token expiration** as needed (default is 30 days). 6. Under **Allowed callback URLs**, add `https://api.nango.dev/oauth/callback`. 7. Select the **OAuth 2.0 grant types** you need (typically Authorization code grant). 8. Under **OpenID Connect scopes**, select the scopes your application requires. 9. Choose **Create app client**. 1. Still in the **App integration** tab, under **Domain**, choose **Actions** and then **Create custom domain** or **Create Cognito domain**. 2. For a Cognito domain, enter a domain prefix. 3. For a custom domain, enter your domain name and upload an SSL certificate. 4. Choose **Create**. 1. In the **App integration** tab, under **Hosted UI**, choose **Edit**. 2. Configure the identity providers you want to use. 3. Set the callback URL to `https://api.nango.dev/oauth/callback`. 4. Select the OAuth scopes you need. 5. Choose **Save changes**. 1. Navigate to the **App clients and analytics** section. 2. Select your app client from the list. 3. Note your **Client ID**. 4. Click **Show client secret** to view and copy your client secret. When setting up your AWS Cognito integration in Nango: * Use your **Client ID** and **Client Secret** * For the OAuth authorization URL, use: `https://{your-domain}.auth.{region}.amazoncognito.com/oauth2/authorize` * For the token URL, use: `https://{your-domain}.auth.{region}.amazoncognito.com/oauth2/token` * Replace `{your-domain}` with your Cognito domain prefix and `{region}` with your AWS region (e.g., `us-east-1`) Follow the [*Quickstart*](/getting-started/quickstart). ### Creating a new connection * To create a new connection in Nango for AWS IAM, you'll need an Access Key ID and a Secret Access Key. Use these to set up your connection, with the Access Key ID as the username and the Secret Access Key as the password. For more details on generating these keys, visit [Create an access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-key-self-managed.html#Using_CreateAccessKey). * With this you can now use your basic auth credentials to sign you requests as follows. For more on how to sign your requests, please vist [AWS signature version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) ```js theme={null} if ('username' in connection.credentials && 'password' in connection.credentials && 'region' in connection.connection_config) { const accessKeyId = connection.credentials['username']; const secretAccessKey = connection.credentials['password']; const region = connection.connection_config['region']; const host = 'iam.amazonaws.com'; const date = new Date().toISOString().replace(/[:-]|\.\d{3}/g, ''); const payloadHash = crypto.createHash('sha256').update('').digest('hex'); const canonicalHeaders = `host:${host}\nx-amz-date:${date}\n`; const signedHeaders = 'host;x-amz-date'; const canonicalRequest = `${method}\n${path}\n${querystring}\n${canonicalHeaders}\n${signedHeaders}\n${payloadHash}`; const credentialScope = `${date.substr(0, 8)}/${region}/${service}/aws4_request`; const stringToSign = `AWS4-HMAC-SHA256\n${date}\n${credentialScope}\n${crypto.createHash('sha256').update(canonicalRequest).digest('hex')}`; const getSignatureKey = (key: string, dateStamp: string, regionName: string, serviceName: string) => { const kDate = crypto.createHmac('sha256', `AWS4${key}`).update(dateStamp).digest(); const kRegion = crypto.createHmac('sha256', kDate).update(regionName).digest(); const kService = crypto.createHmac('sha256', kRegion).update(serviceName).digest(); return crypto.createHmac('sha256', kService).update('aws4_request').digest(); }; const signingKey = getSignatureKey(secretAccessKey, date.substr(0, 8), region, service); const signature = crypto.createHmac('sha256', signingKey).update(stringToSign).digest('hex'); const authorizationHeader = `AWS4-HMAC-SHA256 Credential=${accessKeyId}/${credentialScope}, SignedHeaders=${signedHeaders}, Signature=${signature}`; return { authorizationHeader, date }; ``` Need help getting started? Get help in the [community](https://nango.dev/slack). ## Useful links * [IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) * [Creating IAM Users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) * [Managing Access Keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) * [IAM API Reference](https://docs.aws.amazon.com/IAM/latest/APIReference/welcome.html) * [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-as-user-directory.html) * [Setting Up the Hosted UI](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-integration.html) * [OAuth 2.0 Token Endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html) * [Cognito Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/cognito_identity.html) Contribute useful links by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/aws.mdx) ## Common Scopes You can find the list of supported scopes in [scopes documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html) ## API gotchas *None yet, add yours!* Contribute API gotchas by [editing this page](https://github.com/nangohq/nango/tree/master/docs/integrations/all/aws.mdx)