Can we migrate the AWS Cognito users between the user pools?

+5 votes
I am using AWS Cognito. I have a pretty common scenario: users can register in different roles. Depending upon the roles, different user attributes are required, right?  so for that,  I really need to use different user pools.

Now a user is willing to upgrade from role A to role B - do I need to move his account from one pool to another. Is this possible with AWS? Can we export/migrate users out of AWS Cognito, does it cause vendor lock-in? seems to indicate the opposite.
If not possible this way, what would be a reliable solution to achieve requiring different user attributes depending on different user roles with AWS Cognito. NOTE that it requires/verifying them only on the front end is not a possible solution.
Apr 13, 2018 in AWS by Flying geek
• 3,150 points

edited Apr 13, 2018 by Flying geek 1,740 views

2 answers to this question.

+1 vote
Best answer

Yes, it is possible that this scenario is best solved by using Groups instead of a separate user pool for each one of the role. 
You can check on this link: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html
When you open this link to find out how to transfer users to a new pool (for example:  you want to create a new user pool in order to change how your users log in), then there isn't any built-in way to do this. However, there are solutions that you can be built in order to migrate users, for that you can check this link: https://aws.amazon.com/blogs/mobile/migrating-users-to-amazon-cognito-user-pools/

Create your new user pool.
Modify your client to do the following:

On a failed sign in with new user pool, try to sign in with old user pool.
If existing user pool sign-in is successful, use the username and password that was submitted to the existing sign in to create a user on the new user pool.
Possibly do something to remove the user from the old user pool or mark them as migrated.
Take a look at this flowchart here, this might help: 

image

You can export users and import them to a new user pool with a CSV file, but your users need to change their password for that.

answered Apr 13, 2018 by Cloud gunner
• 4,260 points

selected Aug 1, 2018 by Priyaj
+1 vote

There are two ways you can import or migrate users from your existing userdirectory or user database into Amazon Cognito User PoolsYou can migrate users when they sign-in using Amazon Cognito for the first time with a user migration Lambda trigger.
You can get a brief detail on 
https://aws.amazon.com/blogs/mobile/migrating-users-to-amazon-cognito-user-pools/

answered Aug 1, 2018 by bug_seeker
• 15,310 points

Related Questions In AWS

0 votes
2 answers
+5 votes
13 answers

AWS VPC - What is the difference between Internet Gateway & NAT

Internet Gateway An Internet Gateway is a logical connection ...READ MORE

answered Apr 24, 2018 in AWS by Flying geek
• 3,150 points
7,257 views
0 votes
1 answer

Want to use an AWS Cognito User Pool without putting a password(for an easier approach)

Currently, AWS Cognito is not supporting passwordless ...READ MORE

answered May 4, 2018 in AWS by Cloud gunner
• 4,260 points
1,188 views
0 votes
1 answer

Can we rename an AWS customer IAM policy?

No, you cannot rename your custom policy. You ...READ MORE

answered May 8, 2018 in AWS by Cloud gunner
• 4,260 points
29 views
+13 votes
2 answers
0 votes
1 answer
+5 votes
2 answers

Can we export/migrate users from AWS cognito, does it cause vendor lock-in?

Cognito actually has the capability to import ...READ MORE

answered Aug 1, 2018 in AWS by bug_seeker
• 15,310 points
651 views