How open-source alternatives can land you the cloud job you're not "qualified" for
The job posting said "AWS Cognito experience required." I had never touched Cognito. I had never paid an AWS bill above the free tier. I almost closed the tab and moved on.
Two weeks later, I got called into the interview anyway. And I was ready.
Here's the uncomfortable truth about tech hiring: companies post aspirational requirement lists. They know the talent pool is wider than their wishlist. They shortlist you anyway. The question isn't whether you'll face that room — it's whether you'll be prepared when you do.
The concepts are what matter. The brand name is just packaging.
I'm going to show you the exact open-source alternatives I used to build enterprise-level knowledge without an enterprise budget. By the end of this, you'll have a map, a 30-day plan, and the exact words to use in your next interview.
What Interviewers Are Actually Asking
When someone asks "Have you used AWS Cognito?", they're really asking:
- Do you understand OAuth2, SAML, SSO, MFA, and RBAC?
- Can you reason about authentication flows in a distributed system?
- Have you actually built something that handles identity?
I've been on both sides of this table. When a candidate says "I haven't used Cognito, but I self-hosted Keycloak, configured OAuth2/OIDC flows, set up LDAP federation, and implemented MFA" — that answer impresses me more than "Yes, I clicked through the Cognito wizard once."
Open source teaches you what managed services hide. You're not just consuming abstractions — you're wrestling with the actual systems.
The Stack: Enterprise Cloud → Open Source Alternative
🔐 Identity & Auth
| You need to know | You can build with |
|---|---|
| AWS Cognito | Keycloak, Authentik, ZITADEL |
| Auth0, Okta | SuperTokens, Ory |
I started with Keycloak. One Docker command. Within an hour I had OAuth2 SSO running against a test app with MFA enabled. The concepts map 1:1 to Cognito.
Fun fact: Cognito isn't natively multi-tenant — you need a dedicated user pool per tenant. Keycloak handles this through realms. Understanding that architectural difference alone puts you ahead of candidates who just clicked "Create User Pool."
🗄️ NoSQL Databases
| Enterprise | Open Source |
|---|---|
| DynamoDB | Apache Cassandra, ScyllaDB Alternator |
| Firestore | Supabase, PocketBase |
Here's the thing about DynamoDB: it's built on the same research paper as Cassandra. The partition key model, the consistency levels, the distributed architecture — it's the same DNA.
ScyllaDB's Alternator goes a step further. It offers an actual DynamoDB-compatible API. I ran my AWS SDK code against it locally. Zero changes. That's legitimate DynamoDB development experience without touching an AWS account.
📨 Message Queues
| Enterprise | Open Source |
|---|---|
| AWS SQS / SNS | RabbitMQ, NATS |
| AWS Kinesis | Apache Kafka, Redpanda |
I configured RabbitMQ with dead-letter queues, topic exchanges, and consumer acknowledgments. When the interviewer asked about SQS, I could talk about every pattern they cared about — because they're the same patterns.
🔥 Backend-as-a-Service
| Enterprise | Open Source |
|---|---|
| Firebase, AWS Amplify | Supabase, Appwrite, PocketBase |
Supabase is the open-source Firebase. Postgres database, authentication, real-time subscriptions, file storage, edge functions — all runnable with a single docker compose up. I built a full-stack app on my laptop. When they asked if I understood the BaaS model, I could walk them through every layer.
🪣 Object Storage
| Enterprise | Open Source |
|---|---|
| AWS S3, Azure Blob | MinIO |
MinIO is S3-API compatible. Not metaphorically — literally. My SDK calls, presigned URL generation, bucket policies — identical surface. MinIO to S3 is a config change, not a rewrite.
⚡ The Nuclear Option: LocalStack
LocalStack simulates 45+ AWS services on your machine. DynamoDB, S3, SQS, Lambda, API Gateway, Cognito — same SDK calls, same Terraform configs, same everything. Point your endpoint to localhost instead of amazonaws.com.
This was how I built "AWS experience" without an AWS bill.
The Interview Framework That Works
When they ask about a tool you haven't used commercially:
1. Acknowledge.
"I haven't used Cognito in production."
2. Bridge.
"But I've built authentication systems with Keycloak — OAuth2/OIDC, multi-tenant realms, LDAP federation."
3. Go deeper.
"I configured MFA with TOTP and WebAuthn, and set up fine-grained authorization policies. These map directly to Cognito's user pool features."
I've watched interviewers visibly recalibrate their assessment after this kind of answer. You're no longer "the candidate without Cognito." You're "the candidate who understands identity systems at a depth most Cognito users don't."
My 30-Day Zero-Cost Roadmap
Here's exactly what I did. You can start today.
Week 1 — Identity
docker run keycloak- Configure a realm, users, OAuth2 client
- Add MFA
- Build a simple login flow in your preferred language
Week 2 — Messaging
docker run rabbitmq- Producer/consumer app with dead-letter queue
- Then try Kafka, understand the difference
- Be able to explain when you'd choose each
Week 3 — Data
- MongoDB and Cassandra, both on Docker
- CRUD API against each
- Design partition keys for different access patterns
- Try DynamoDB-compatible queries against ScyllaDB
Week 4 — Full Stack
-
docker composewith Supabase - Build a small app using auth, database, storage
- Then simulate S3, SQS, DynamoDB with LocalStack
- Push everything to GitHub with good READMEs
The Bottom Line
The developer who says "I built this with Keycloak, RabbitMQ, Cassandra, and MinIO — here's my repo" is demonstrating something better than managed service familiarity.
They're demonstrating that they seek understanding over convenience. That they build rather than configure wizards. That they'll know why something works, not just that a button exists.
The cloud services you're being asked about were built on open-source concepts. Cognito implements the standards Keycloak speaks. DynamoDB evolved from the same paper as Cassandra. S3's API is so dominant MinIO cloned it.
The knowledge transfers. It always does.
Start building. Document everything. Walk into that interview with something real.
What open-source alternative has been most useful in your career? I'm genuinely curious — drop it in the comments and I'll check it out.
Top comments (0)