Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Mass Import of Users to Cognito User Pool

0

A customer is planning to migrate their existing 5.4 million user base to Cognito(using doorkeeper gem for authentication currently) and would like their current users to be able to retain their existing passwords.

  1. Is there a way to do a batch user import and retain all existing passwords? - I found the following blog post on this, would they need to follow the one-at-a-time user migration process or is there a better way? (https://aws.amazon.com/blogs/mobile/migrating-users-to-amazon-cognito-user-pools/)

  2. How long would a migration like this take (reasonable timeline?)/ how long would it require both authentication systems to be up and running?

  3. What happens to any duplicate user info during the migration over to Cognito?

  4. The customer was also curious if at any point they needed to move their user pool out, is there a process to export their user pool?

Thank you so much!

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
AWS
AWS-User-9199726
gefragt vor 4 Jahren2329 Aufrufe
1 Antwort
0
Akzeptierte Antwort

  1. In addition to what is described in the blog, Cognito added support for a Migration Lambda trigger that allows an easier setup for a one-by-one migration, basically replacing the "migration microservice" described in the blog. This is the only way to retain passwords transparently for the user, as the user will not know the backing IdP has changed. This process will take some time to execute as it requires that each user logs in at least once, and it is important that the implementation follows the advices given in our documentation in regard to which auth flow to use.

  2. This is up to the customer to decide, and depends on when the users log in the first time. The customer can decide on a given threshold (eg 70% of user migrated) before shutting down his existing auth. This would mean that the remaining users will have to use the forgotten password flow to set the password in the new system (explained in the doc above)

  3. If the user already exists in Cognito, the migration lambda is not called and the user logs in directly into Cognito

  4. The customer can export the content of the pool using the ListUser API. Cognito does not stores the user passwords in recoverable format hence they cannot be exported. A process similar to the one used to migrate into Cognito can be also used to migrate user out of Cognito

AWS
EXPERTE
MassimilianoAWS
beantwortet vor 4 Jahren
profile picture
EXPERTE
Sedat Salman
überprüft vor 10 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt