I'm diving into AWS Cognito for managing user authentication and role-based authorization, but I'm a bit unsure about the best approach. My plan is to use Cognito to store the essential login information for users, while also maintaining a separate database for additional user details that are vital for auditing and other related data. I've heard that it's possible to add custom fields to Cognito, but I wonder if it's the right route to take. Should I stick to using Cognito this way, or is there a better method for managing roles and permissions?
5 Answers
If you're trying to handle more than just user login with Cognito, it might not be the best fit. Exploring third-party services like Auth0 or Keycloak might give you more flexibility for your specific needs.
From my experience, using Cognito solely for authentication is a solid approach. I've seen enterprise setups where they managed roles and privileges outside of Cognito, which worked just fine. Just be ready to put in some extra effort for that setup.
If your use case is strictly authentication with occasional user data updates, then using a DynamoDB table for user info is a straightforward solution. Cognito can become cumbersome, so minimizing its use is wise.
I recommend definitely leaning towards a database for storing extra user information. Cognito has its limitations, like not working across regions and lacking easy backup solutions. Using it for additional data can turn into an anti-pattern.
Cognito's great for managing external users, but for internal roles and user management, consider using IAM or an external Identity Provider instead. Mixing them up can complicate things.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads