Overview
This AWS Solution helps you export Amazon Cognito user information to facilitate more complex user queries, or to provide resiliency in case of Regional failure or accidental deletion of their users' profiles. It is designed to provide a framework for exporting user profile and group information from an Amazon Cognito user pool, allowing you to focus on extending this solution’s functionality rather than managing the underlying infrastructure operation.
This solution does not export sensitive information, such as user passwords. It also does not support user pools with multi-factor authentication (MFA) activated and advanced security features. For a full list of limitations, refer to the implementation guide.
Benefits
Scheduled export
Added resiliency
Import from Amazon DynamoDB
Technical details
The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying AWS CloudFormation template.
Cognito User Profiles Export Reference Architecture solution architecture
The Cognito User Profiles Export Reference Architecture solution automatically deploys an architecture that periodically exports user profiles, groups, and group memberships from an Amazon Cognito user pool in a primary AWS Region to an Amazon DynamoDB global table in the same Region. The use of a global table allows DynamoDB to asynchronously replicate all updates to a backup Region for added resiliency. In the primary Region, a scheduled Amazon CloudWatch Events triggers the AWS Step Functions export workflow that interrogates the primary Amazon Cognito user pool and stores user profiles, groups, and group membership information in the global table. DynamoDB then asynchronously replicates all data to the backup Region.
This solution’s Step Functions import workflow is used to populate a new, empty Amazon Cognito user pool with data from the global table, allowing you to easily recover user profiles, groups, and group memberships.
Related content
Introduction to AWS CloudFormation
A basic overview of how AWS CloudFormation can be used to automate resource provision. Use cases where AWS CloudFormation is used to repeatedly and predictably create groups of resources is covered in this course. A demonstration in designing an AWS CloudFormation template for resource provisioning is also covered.
Amazon DynamoDB – Architecture and Features
In this APN Navigate technical course, you will be introduced to the architecture and features of Amazon DynamoDB. The course provides a tailored path for AWS Partner Network (APN) Partners to learn about core components of Amazon DynamoDB, including the table, global secondary index, and local secondary index. You will also review important features such as transactions, automatic scaling, and global tables.
Introduction to AWS Step Functions
This is an introductory course on AWS Step Functions, an AWS service that makes it easy to coordinate the components of distributed applications and microservices using visual workflows. In this course, we will discuss the rationale for using AWS Step Functions and highlight key service concepts such as state types, visual workflow, and Amazon State Language. A demonstration of AWS Step Functions will also be included in the course.