Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS Cognito in place of Keycloak [closed]

We are building a web application that need some features of user managements : admin user, admin group, business team groups, public user, basic user, etc.. with different capacities access to different resources of our application base on their role, group.

Several options are considered for this : 1/ specific development 2/ Using a open source : Keycloak 3/ Using commercial solution : AWS cognito as we use a lot of AWS resource for our development.

As we have a limit budget for this project, I'm weighing the options to optimize cost of development effort, infrastructure and technical support. Questions :

  • Is Keycloak is a good option for a small project as we have a very limit resource to do technical support ?
  • is AWS Cognito mature enough to use for a commercial application ?
  • is it easy to migrate to open source later Keycloak?
  • I saw some comment via google search that some projects have roll backed their choice on AWS Cognito because the complexity of integration with their application, and documentation issues. Does AWS Cognito improve the features ?
  • Any alternative option to go with ? ( Auth0, Okta) ?
like image 752
lp ccmu Avatar asked Oct 19 '25 02:10

lp ccmu


2 Answers

Is Keycloak is a good option for a small project as we have a very limit resource to do technical support ?

I think Keycloak will require more technical support than Cognito. Cognito is SAAS so you can set up it in a matter of minutes snd you don't worry about scaling, monitoring, etc. But on the other hand, Keycloak provides much more flexibility in configuration and customization.

is AWS Cognito mature enough to use for a commercial application ?

Yes, Cognito is mature enough, it has good documentation and follows standards (as GDPR, HIPAA, etc.)

is it easy to migrate to open source later Keycloak?

It depends on the complexity of your system. Keycloak has import/export feature, but it is rather for simple cases. Both AWS Cognito and Keycloak provides REST APIs (and libraries) to work with them. They allow one to write applications that can perform complex logic during migration.

I saw some comment via google search that some projects have roll backed their choice on AWS Cognito because the complexity of integration with their application, and documentation issues. Does AWS Cognito improve the features ?

Documentation is good. As for integration, it depends on the application and requirements. Cognito has a bunch of limitations. Check if they work for your case. For example, in our case, Cognito provided not enough options for customizing Hosted UI (Login Page). Also, play a bit with Cognito to make sure it will allow to implement your groups/roles/permissions model. As it allows much simpler relationships in comparison with Keycloak.

Any alternative option to go with ? ( Auth0, Okta) ?

It's hard to compare all the features. But price-wise: Keycloak is free, Cognito is free for less than 50k users, Auth0 is more expensive then Cognito, and Okta is more expensive than Auth0. So it depends the size of your project and budget.

like image 96
Yuriy P Avatar answered Oct 22 '25 02:10

Yuriy P


I tend to prefer IdPs in organization's control, e.g have keycloak-onprem and then sync with different clouds as necessary -- yes some additional work for that freedom.

This mechanism would provide flexibility for an organization to divorce one cloud, marry another cloud, or have polycloudy-unions.

like image 26
Espresso Avatar answered Oct 22 '25 03:10

Espresso