Can you export/migrate users out of AWS cognito, does it cause vendor lock-in?

amazon-web-services amazon-cognito
MonkeyBonkey picture MonkeyBonkey · Oct 15, 2016 · Viewed 14k times · Source

This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS?

Can/does cognito use standard hashing or configurable hashing of the user passwords or allow export of things like tokens?

Answer

Jeff Bailey picture Jeff Bailey · Oct 18, 2016

At this point in time, Cognito does not allow a way to export users from a user pool. We have heard this request from other customers, though, and have prioritized it for future releases.

As far as passwords go, Cognito uses secure remote password protocol to do the actual authentications, so the metadata that could come out may not be particularly useful, if it was included at all.

Related questions

Unable to verify secret hash for client in Amazon Cognito Userpools

I am stuck at "Amazon Cognito Identity user pools" process. I tried all possible codes for authenticating user in cognito userpools. But I always get error saying "Error: Unable to verify secret hash for client 4b*******fd". Here is code: …

Read More
How to change User Status FORCE_CHANGE_PASSWORD?

Using AWS Cognito, I want to create dummy users for testing purposes. I then use the AWS Console to create such user, but the user has its status set to FORCE_CHANGE_PASSWORD. With that value, this user cannot be …

Read More
How to get user attributes (username, email, etc.) using cognito identity id

I have AWS Cognito Identity Pool that is configured with Cognito User Pool as an authentication provider. Assume I have identity ID of an identity in Cognito Identity Pool (e.g. us-east-1:XXaXcXXa-XXXX-XXXX-XXX-XXXXXXXXXXXX) where this identity has a linked login …

Read More