TransWikia.com

How to backup Amazon Cognito?

DevOps Asked by Richard Slater on January 8, 2021

Amazon Cognito is a user management and authentication service provided by Amazon through Amazon Web Services:

Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. With Amazon Cognito, you also have the options to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users devices, allowing your applications to work even when the devices are offline. You can then synchronise data across users devices so that their app experience remains consistent regardless of the device they use.

What you are effectively doing is storing your customer data in a closed system hosted by Amazon. If you are a company, such as a social network, who’s data represents a significant asset within your organisation how to you ensure that this data is protected from:

  • Amazon Cognito being shut down unexpectedly, i.e. at request from a law enforcement or government agency.
  • Your access keys being compromised and some or all records being corrupted.
  • The relationship between your organisation and Amazon breaking down to the point Amazon withdraws all services with immediate effect.

Amazon Cognito is a huge benefit to organisations and developers as it takes a particularly hard piece of software and makes it easy to implement; from a service operability perspective, we need to find ways to mitigate, remediate or accept risks to the companies assets at all times.

amazon web services

3 Answers

The Amazon Cognito streams feature can be used to backup data.

Currently, Amazon does not provide a solution to backup their Cognito user Pools. You can use the following NPM package called "cognito-backup":

Install:

npm install -g cognito-backup

Usage

cognito-backup backup-users <user-pool-id> <options>  Backup all users in a single user pool
cognito-backup backup-all-users <options>  Backup all users in all user pools for this account

Examples

cognito-backup backup-users eu-west-1_1_12345
cognito-backup backup-users eu-west-1_1_12345 --region eu-west-1 --file mypool.json
cognito-backup backup-all-users eu-west-1_1_12345 --region eu-west-1 --dir output

Source: https://www.npmjs.com/package/cognito-backup

Correct answer by Kyle Steenkamp on January 8, 2021

Amazon has released a Cognito User Profiles Export Reference Architecture for exporting/importing users from a user pool. There are limitations:

  • Passwords not backed up; users will need to reset
  • Pools using MFA are not supported
  • Cognito sub attributes will be new, so if the system depends on them, they need to be copied to a custom user attribute
  • Federated users also pose challenges wrt sub
  • Advanced security - no user history is exported
  • No support for pools that allow the option of either phone or email usernames
  • No support for tracked devices

Answered by ggriffin on January 8, 2021

To backup Cognito, we use AWS Glue.

Answered by Tony Vickers on January 8, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP