Most people find Amazon Cognito confusing. The learning curve is steep and there are service constraints you may need to work around. If you are deciding if Cognito will work as your IDP, the main constraint to consider is:
- Do you need to go Multi-Region? If yes, Cognito is not a good choice as of this writing, there is no multi region support and [IMHO] the workarounds are not worth trying.
So why should you use Cognito?
- Identity and Security is hard. Most people should not be building their own IDPs — you can’t do it better or safer than security experts.
- Maintenance and Cost. Cognito is extremely cost effective. It starts at $0.0055 per Monthly Active User (MAU). This part is critical — most systems have a large number of users, but only a fraction of them actively use the system in any given month. Cognito only charges you on that fraction. You also get the first 50,000 users free. I can’t think of a system that is more cost effective to store, maintain, and secure user identities.
- It just works with AWS systems. If you’re building applications in the AWS ecosystem, you can natively integrate with a number of services such as Amazon API Gateway, AWS AppSync, Application Load Balancer, and more. No time spent on securing your integrations is amazing.
