Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can you export/migrate users out of AWS cognito, does it cause vendor lock-in?

This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS?

Can/does cognito use standard hashing or configurable hashing of the user passwords or allow export of things like tokens?

like image 797
MonkeyBonkey Avatar asked Oct 15 '16 12:10

MonkeyBonkey


People also ask

Can you export users from AWS Cognito?

At this point in time, Cognito does not allow a way to export users from a user pool.

How do I transfer a Cognito user pool from one account to another?

You can download a template . csv file for your user pool from the Amazon Cognito console. Navigate to the Users and groups tab of an existing user pool, and click the Import users button. You can then export your existing user data from your existing user directory or store into the .

How do I remove all users from Cognito?

You must have jq installed and remember to make the script executable: chmod +x deleteAllUsers.sh . The user pool id can be provided as a command line argument: ./deleteAllUsers.sh COGNITO_USER_POOL_ID . Thanks, this is perfect.

Does Cognito store user data?

With Amazon Cognito, you can save user data in datasets that contain key-value pairs. Amazon Cognito associates this data with an identity in your identity pool so that your app can access it across logins and devices.


2 Answers

At this point in time, Cognito does not allow a way to export users from a user pool. We have heard this request from other customers, though, and have prioritized it for future releases.

As far as passwords go, Cognito uses secure remote password protocol to do the actual authentications, so the metadata that could come out may not be particularly useful, if it was included at all.

like image 159
Jeff Bailey Avatar answered Oct 11 '22 02:10

Jeff Bailey


Considering Amazon still haven't updated their answer, here's a workaround (to augment the accepted answer):

Try npmjs.com/package/cognito-backup-restore.

nb. I haven't tested this package.

Then:

  1. Build your replacement auth system
  2. At login, test authenticating with your new system
  3. Try to authenticate with Cognito
  4. If Cognito succeed, import user's details to your new system
  5. Require a password update with your new system

source: forums.aws.amazon.com/thread.jspa?threadID=240242

like image 31
tgrrr Avatar answered Oct 11 '22 02:10

tgrrr