Vendor Lock-In with Amazon Cognito User Data Exports

Developer teams and the customers for whom they create apps often worry about "vendor lock-in" when searching for cloud hosting solutions and related app services. Vendor lock-in scenarios most commonly come about when an organization's chosen cloud vendor makes it difficult to leave their solution and change to one of their competitors.

In his keynote address at the IP Expo last fall, Java creator James Gosling criticized the deliberate efforts of cloud providers to make it difficult for users to pivot to a different solution should the need arise:

You get cloud providers like Amazon saying: "Take your applications and move them to the cloud." But as soon as you start using them you're stuck in that particular cloud.

In some cases, vendor lock-in is intentional. In others, it's simply a matter of a vendor not prioritizing, for understandable reasons, the development of a mechanism that allows users to undo the integration with their solution.

Gosling and other influencers in the development community strongly recommend finding out the specifics about how to remove your data from any hosting or integration solution that affects your application. This assessment of how to change hosts is a critical part of contingency planning when choosing a cloud provider.

Amazon Cognito

What about Amazon's Cognito service?

Cognito is an application service that manages user login and other data on mobile devices. Cognito is attractive to developers because it provides access to some useful user identification functionality, including authentication through popular social media such as Facebook, Twitter, and Amazon, with SAML identity solutions.

A question asked on specifically addresses the issue of vendor lock-in with regard Amazon's Cognito user sign-in and data synchronization tool.

Can you export/migrate users out of AWS Cognito, does it cause vendor lock-in?

The short answers those questions are NO and YES (in that order). There is currently no way to export user data from Amazon Cognito. In fact, according to Amazon's Jeff Bailey, it's not even currently possible to move a user data pool from one AWS account to another.

Bailey's Stack Overflow answer did include a soft commitment to the export capability being on the road map, but for now, development teams considering using Cognito should be aware that the decision will likely commit them to using one specific AWS account for at least the foreseeable future.

If there is any significant possibility that you may need to change cloud hosting providers - common motivations for switching include updated compliance and security requirements - you may want to think twice about committing to Cognito.

If you're certain you're going to be okay hosting your app on the same AWS account, then vendor lock-in with AWS and Cognito won't be an issue.