Skip to main content

What is AWS Cognito?

What is AWS Cognito?
(Image credit: Everything Possible / Shutterstock)

For a small company, keeping track of user accounts for a mobile or web app is not terribly difficult. It might be a simple database you deploy and manage manually. The problem arises when you suddenly start managing hundreds, thousands, or millions of user accounts. At that point, the task is much more complicated and can involve security and authentication, access control, social media identity providers like Facebook, and other factors. What started as a fairly simple process becomes a full-time job for someone on your staff.

AWS Cognito is a user account control service that runs in the cloud. It’s designed to relieve many of the headaches related to user account control for mobile and web apps. By using AWS Cognito, you can take full control of the account management and then scale accordingly using cloud services.

AWS Cognito consists of several features for managing users for sign-up (registration), sign-in, and account management. To understand how it all works, here are the main features.

For starters, the Cognito User Pools feature helps you manage user accounts. It’s a secure user directory that can scale up as your needs evolve. With other user account control systems, you have to run a server and manage the IT infrastructure, but you can start using Cognito User Pools without having to configure any of the back-end systems.

Cognito supports “account federation” in that you can use third-party identity management providers for the login. This includes social media platforms like Facebook, well-known providers like Google and Amazon, and also enterprise-class identity providers such as Microsoft Active Directory (using SAML, the Security Assertion Markup Language). The advantage here is simplicity for the user. In a mobile app, for example, they can click a Facebook icon to sign-in quickly.

AWS Cognito uses well-known and well-established security providers, including Oauth 2.0, SAML 2.0, and OpenID Connect. These are open-source providers that use standards-based authentication and access management services. Cognito doesn’t rely on any proprietary security methods that lock you into that authentication method.

Not only is Cognito geared for helping you scale and manage your user management, but it’s also a good match for companies that need to adhere to compliance regulations. The most common is HIPAA, which regulates the health and medical field, such as for storing electronic health records. Amazon Cognito is also compliant with PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001.

Benefits and AWS Cognito

There’s no question the biggest benefit to using this service is that you can scale up as your apps grow and expand to reach a wider audience. One of the “gotchas” of any new web or mobile app is when it really catches on with users. Companies often celebrate when they see users engaging with their app, but then there’s the eventual realization that it can be extremely hard to keep up with demand if your infrastructure for user management is not ready. Because Cognito scales automatically with user demand, you don’t have to worry about the infrastructure requirements or building out and maintaining servers.

Related to this is the cost structure. Your costs are related to the user accounts you need to manage, so the costs can scale as well. This takes some of the surprises out of a fast-growing app as well, not only in how you pay for Cognito as a management tool but also in the fact that you don’t have to build out more servers or expand your infrastructure.

What this means is that you pay only to manage the monthly active users (or MAUs). A user is counted as active if they change a password, refresh their account info, or sign-up for the service within the month. This is a major advantage to companies that have legacy business apps that are still viable but also have been around for many years. They may have a large portion of users who are no longer actively using the app on a regular basis.

Perhaps one unheralded feature that is beneficial to companies developing apps is that Cognito integrates into your application framework. When you are building the front-end of your app, you can use the same branding and logo that matches the rest of your user interface.

One last benefit is that the entire service is easy to use and deploy. Amazon makes a point to demonstrate how this works by including a portion of the code you insert into your app, running only a few dozen lines long but providing everything you need to get started. Because of the ease of deployment, companies can develop multiple apps, experiment with new ones, and manage existing apps without the typical complexities and management overhead.

In the end, AWS Cognito fits right into the development cycles of most companies, especially with how easy it is to use the code, the cost structure, and the easy integration.