Migrating multi-tenant application to Cognito ... how many user pools is too many?

1

I have a multi-tenant application that we are wanting to migrate to Cognito. The current system has unique usernames for each tenant but no unique requirement between tenants, with the login screen asking for the username and the tenant name. The initial impression I get from looking through Cognito documentation is that we should use separate user pools per tenant. However, we have over 11,000 tenants each containing a small handful of users. This feels like we would be scaling in the wrong dimension, but because of the username collision I'm not sure there is a better solution. I thought also about making the Cognito username a composite of the existing username and the tenant id, but I don't want that architecture decision to come back to haunt me down the road if we decided to expand and use the hosted UI or add federated/OTP login flows once we are in Cognito. Would love to hear others' thoughts on the best way to handle this situation.

jonb
asked 2 years ago1281 views
2 Answers
1

Hi,

I think you summarized the options well. Because you might have username collision, you either have to use user-pool per tenant or prefix the username with tenant-id (if you want to use single user pool). User pools per account is a soft limit. Default limit is 1000, you should submit a support ticket to evaluate if the limit increase is possible and to how much. In your model, it is better to use multiple AWS accounts to scale out the number of tenants you can support, if you spread the user pools across multiple accounts, this gives you bigger room to grow and full isolation between tenants.

Please review Amazon Cognito quotas to learn more about other limits.

And I think you have already seen multi-tenancy best practices but adding it for reference.

AWS
EXPERT
answered 2 years ago
0

You may want to look at this page around Cognito service quotas: https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html

profile pictureAWS
EXPERT
answered 2 years ago
  • Thanks for your comment - I did see that, which is partly why I feel like one user pool per tenant feels like it's scaling in the wrong dimension. I know I can request a service limit increase but going from 1,000 to 25,000 or more just feels like there's something wrong with that. Hence my question ... is that still a reasonable solution or should I handle this in another way?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions