It is a service introduced by AWS (Amazon Web Services) which allows users to add authentication to projects, it allows users to sign in with different social identity providers, and scales to millions of users and requests.
It supports access management standards like OAuth and SAML, users do not have to worry about setting up a UI for authentication as it provides a built-in UI that can be integrated with any application very quickly, this UI can also be customized according to specific requirements of the company.
As of today when writing this post, which is Thursday, November 18, 2021, GMT+0530 (India Standard Time), this is the pricing model for Amazon Cognito.
For Cognito User Pools Amazon charges on the basis of how many users are active within a month, they call those users MAU (Monthly Active Users), a user is counted as MAU if there is any authentication operation done through that user in a particular month, authentication operations like SignIn, SignUp, Password Change, Refreshing the auth token, any user attribute gets updated in the user pool.
For users who use enterprise directory through SAML federation to SignIn, there is a different pricing model set by Amazon.
50,000 MAU’s for Cognito User Pool users and 50 MAU for users federated through SAML 2.0 based identity providers.
This pricing data is for US-EAST (Ohio) AWS region.
For these types of users, pricing is set to $0.015 above the 50 MAU free tier.
Check the official AWS Pricing Documentation for more information or for current accurate numbers related to AWS Cognito Pricing.
When we are using Amazon Cognito, we as a developer don’t need to worry about doing the password management for our users, meaning we don’t need to Hash, Encrypt/Decrypt passwords, store them because all this is handled by Cognito itself. It stores your passwords following all the top standards for authentication.
It offers users a built-in UI to quickly start with, we can use hosted web UI to quickly launch an authentication-based frontend application which will give us options to SignUp, SignIn, Password Change, and much more, read this AWS official documentation to know more.
This is one of the greatest features of AWS Cognito, it provides us to do role-based access control for users, it gives us an option to assign different roles with customized privileges, AWS IAM is used to control these roles, different roles can be given to users to access a particular AWS resource, it also provides an option to set default permissions for not authenticated users, read this AWS official documentation to know more.
All this information mentioned in this post can be outdated at the time someone is reading this, so please regarding these sensitive topics it is always a good idea to refer to the official documentation, this post is just meant to give a brief introduction to the different topics related to Amazon Cognito, finally, this service is an amazing way to delegate the process of authentication to AWS and focus on other parts of the application without having to worry about things like scalability and authentication security.