Can you migrate AWS Cognito users between user pools?

Question

I am using AWS Cognito. I have a pretty common scenario: users can register in different roles. Depending on the role different user attributes are required, so I need to use different user pools.

Now a user wants to upgrade from role A to role B - thus I would have to move his account from one pool to another. Is this possible with AWS? The response in Can you export/migrate users out of AWS cognito, does it cause vendor lock-in? seems to indicate the opposite.

If not possible this way, what would be a viable solution to achieve requiring different user attributes depending on different user roles with AWS Cognito. (NOTE: requiring / verifying them only on the front end is not a viable solution)

Answer 1

I know this question is a bit dated, but it is possible that this scenario is best solved by using Groups instead of a separate user pool for each role. See here

If you reach this link to find out how to transfer users to a new pool (for instance, you needed to create a new user pool in order to change how your users log in), then there isn't a built in way to do this. However, there are solutions that you could build in order to migrate users, which is referenced here:

1. Create your new user pool.

2. Modify your client to do the following:

   • On failed sign in with new user pool, attempt sign in with old user pool.
   • If existing user pool sign in is successful, use the username and password that was submitted to the existing sign in to create a user on the new user pool.
   • Possibly do something to remove the user from the old user pool or mark as migrated.

You can export users and import them to a new user pool with a CSV file, but your users will have to change their password.