Cognito in AWS and click create Manage User Pools. Use whatever password settings are best for your organization.
After creating the user pool, go to "App Clients" in the sidebar. Create an App Client, but make sure to do the following:
Uncheck "Generate Client Secret"
Check "Enable user password based authentication
Navigate to Federated Idenitities in AWS and create an identity pool.
Create a new IAM role. Then review this role in IAM.
Create a bucket with public read permissions. In the "Permissions" tab, allow everyone to read and write objects to the S3 bucket.
Copy the CORs configuration from the Amplify docs
Navigate to IAM panel by searching for the IAM service. You'll have a bunch of newly created Cognito roles. Use the instructions on the Amplify docs getting started page and create an Auth and Unauth policy for your new IAM users.
Add each policy you copied with "Attach Policy" to the User Role. Make sure to replace the "example bucket name" with the name of your bucket.
Create the policy, give it a name like "UDTTestBucketRole".
In Cognito page click "Create User", enter the username and password. Mark the account as verified. You'll then be prompted with Complete your Sign Up.