How many Cognito user pools should I have in an APP?

Question

Hi!

Right now Im my app Im using one cognito user pool to store the users data and to generate the authentication tokens too.
Im saving those users base data too in my DB (only the username and the email) the password and the rest of the data is saved on cognito and the userId is being generated as UUID in my DB.
Im not using the user sub that cognito generates since it is only unique in the given user pool and it can be repeated in another user pools if I create those. Am I right?

I was wondering about good practices, how many user pools could I use per app?
Could I store ADMIN users in one cognito user pool and the NORMAL users in another cognito user pool for the same app?

Thank you!

Accepted Answer

Hi!

As you might know, Amazon Cognito has two main components: User pools and Identity pools. 1) With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. 2) An identity pool is a collection of unique identifiers, or identities, that you assign to your users or guests and authorize to receive temporary AWS credentials for accessing other AWS services. [1]

A key capability of Amazon Cognito user pools is the ability to create and manage groups. Groups enable you to organize users into collections to manage permissions or represent different types of users. For example, you could create 'ADMIN' and 'NORMAL' groups, add users to these groups, and assign each group a distinct set of permissions. Groups allow you to efficiently manage access and authorization for categories of users. [2]

The sub attribute is a unique user identifier within each user pool. Users can change attributes like username and email but  sub attribute has a fixed value. [3]

For enhanced security, it is recommended to add multi-factor authentication (MFA) to a user pool to protect the identity of your users.Adding MFA provides an extra layer of protection beyond just a username and password. Users would need to provide an additional piece of identifying information to authenticate.[4]  The Amazon Cognito documentation [5] provides guidance on additional security best practices:
Data protection in Amazon Cognito, Identity and access management for Amazon Cognito, Logging and monitoring in Amazon Cognito, Compliance validation for Amazon Cognito, Resilience in Amazon Cognito, Infrastructure security in Amazon Cognito, Configuration and vulnerability analysis in Amazon Cognito user pools, AWS managed policies for Amazon Cognito

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html

[2] https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html

[3] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

[4] https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

[5] https://docs.aws.amazon.com/cognito/latest/developerguide/security.html

How many Cognito user pools should I have in an APP?

相關內容