Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Cognito - how to create a backup?

We are currently moving our Auth services to AWS Cognito. As it's crucial to have the user profiles + data safe, we need to have a backup of the main user pool. We've noticed that there is an option to Import Users via a .csv file with the headers equal to the pool attributes but there is no option to create the .csv automatically. Does anyone know of a solution which automatically generates such file?The point is to protect the user profiles of accidental delete of the whole user pool (by accident, let's say a tired developer on Friday night)? I've personally tried to implement a workaround solution by doing all manual work (getting headers, users, mapping them and creating the csv) but that is not very reliable.

like image 480
Daniel Papukchiev Avatar asked Jan 26 '17 17:01

Daniel Papukchiev


2 Answers

Amazon has released a Cognito User Profiles Export Reference Architecture for exporting/importing users from a user pool. There are limitations:

  • Passwords not backed up; users will need to reset
  • Pools using MFA are not supported
  • Cognito sub attributes will be new, so if the system depends on them, they need to be copied to a custom user attribute
  • Federated users also pose challenges WRT sub
  • Advanced security - no user history is exported
  • No support for pools that allow the option of either phone or email usernames
  • No support for tracked devices
like image 59
ggriffin Avatar answered Sep 24 '22 23:09

ggriffin


I know I am late to the party but leaving this here for future searches.

I too faced the same issue while working with Cognito and thus made a tool to take backups and restore them to userpools.

You can find it here: https://www.npmjs.com/package/cognito-backup-restore

This can be used via cli or using imports (incase you want to write your own wrapper or script). Please suggest any improvements: https://github.com/rahulpsd18/cognito-backup-restore


This is still under development, as I plan to make use of Cognito User Pool Import Job instead of using aws-sdk's adminCreateUser to create users while restoring to improve upon the current implementation. But it works fine for now.

Cross-Region Cognito Replication will be implemented too once I fine tune the restore process.

like image 32
rahulpsd18 Avatar answered Sep 24 '22 23:09

rahulpsd18