diff --git a/packages/amazon-cognito-identity-js/README.md b/packages/amazon-cognito-identity-js/README.md
index d9a8a8ef1c7..5403dfb7805 100644
--- a/packages/amazon-cognito-identity-js/README.md
+++ b/packages/amazon-cognito-identity-js/README.md
@@ -782,6 +782,7 @@ The CookieStorage object receives a map (data) in its constructor that may have
 - data.path Cookies path (default: '/')
 - data.expires Cookie expiration (in days, default: 365)
 - data.secure Cookie secure flag (default: true)
+- data.sameSite Cookie request behaviour (default: null)
 
 **Use case 27.** Selecting the MFA method and authenticating using TOTP.
 
diff --git a/packages/amazon-cognito-identity-js/index.d.ts b/packages/amazon-cognito-identity-js/index.d.ts
index 1a4c03b38b2..62ab9a1ad8f 100644
--- a/packages/amazon-cognito-identity-js/index.d.ts
+++ b/packages/amazon-cognito-identity-js/index.d.ts
@@ -368,6 +368,7 @@ declare module 'amazon-cognito-identity-js' {
 		path?: string;
 		expires?: number;
 		secure?: boolean;
+		sameSite?: 'strict' | 'lax';
 	}
 	export class CookieStorage implements ICognitoStorage {
 		constructor(data: ICookieStorageData);
diff --git a/packages/amazon-cognito-identity-js/package.json b/packages/amazon-cognito-identity-js/package.json
index 197f1ea7ae6..429e3e1849a 100644
--- a/packages/amazon-cognito-identity-js/package.json
+++ b/packages/amazon-cognito-identity-js/package.json
@@ -64,7 +64,7 @@
   "dependencies": {
     "buffer": "4.9.1",
     "crypto-js": "^3.3.0",
-    "js-cookie": "^2.1.4"
+    "js-cookie": "^2.2.1"
   },
   "devDependencies": {
     "@babel/cli": "^7.7.4",
diff --git a/packages/amazon-cognito-identity-js/src/CookieStorage.js b/packages/amazon-cognito-identity-js/src/CookieStorage.js
index 2116e35da35..dec03440cd9 100644
--- a/packages/amazon-cognito-identity-js/src/CookieStorage.js
+++ b/packages/amazon-cognito-identity-js/src/CookieStorage.js
@@ -9,6 +9,7 @@ export default class CookieStorage {
 	 * @param {string} data.path Cookies path (default: '/')
 	 * @param {integer} data.expires Cookie expiration (in days, default: 365)
 	 * @param {boolean} data.secure Cookie secure flag (default: true)
+	 * @param {string} data.sameSite Cookie request behaviour (default: null)
 	 */
 	constructor(data) {
 		if (data.domain) {
@@ -31,6 +32,16 @@ export default class CookieStorage {
 		} else {
 			this.secure = true;
 		}
+		if (Object.prototype.hasOwnProperty.call(data, 'sameSite')) {
+			if (data.sameSite !== 'strict' && data.sameSite !== 'lax') {
+				throw new Error(
+					'The sameSite value of cookieStorage must be "lax" or "strict".'
+				);
+			}
+			this.sameSite = data.sameSite;
+		} else {
+			this.sameSite = null;
+		}
 	}
 
 	/**
@@ -40,12 +51,18 @@ export default class CookieStorage {
 	 * @returns {string} value that was set
 	 */
 	setItem(key, value) {
-		Cookies.set(key, value, {
+		const options = {
 			path: this.path,
 			expires: this.expires,
 			domain: this.domain,
 			secure: this.secure,
-		});
+		};
+
+		if (this.sameSite) {
+			options.sameSite = this.sameSite;
+		}
+
+		Cookies.set(key, value, options);
 		return Cookies.get(key);
 	}
 
@@ -65,11 +82,18 @@ export default class CookieStorage {
 	 * @returns {string} value - value that was deleted
 	 */
 	removeItem(key) {
-		return Cookies.remove(key, {
+		const options = {
 			path: this.path,
+			expires: this.expires,
 			domain: this.domain,
 			secure: this.secure,
-		});
+		};
+
+		if (this.sameSite) {
+			options.sameSite = this.sameSite;
+		}
+
+		return Cookies.remove(key, options);
 	}
 
 	/**