2017. Two main reasons are the root of our decision to migrate from our legacy system to Cognito, a SASS user management software from AWS. The first one: a legacy system that has been in use and originates from a 5 years old CMS regularly fails in the security assessments.The second one: our software platform is moving from a monolith to an API-centered world with multiple backends. In other words, we are implementing API Gateway — another service from our cloud supplier AWS.

2018. Cognito is implemented. Artifacts of the migration are happening until spring 2019. In this article, I am not explaining each step that we undertook, but I am writing about exciting particularities of the process that could apply to your business if you have to manage a similar case or are considering a migration.

From scratch versus migration

Implementing Cognito from scratch is easy, implementing it to an already existing system is complex. That has different reasons. First of all, the process of migration itself. Secondly, the adaptations needed regarding UX, backend, existing software, and so forth can be challenging, especially if your existing stack is non-standard.

SASS versus managed in-house

Why change? Why lose full flexibility? The answer is quite obvious. It is crucial but not core to the business. Achieving a high level of cyber security would most likely require a chunky investment and long-term maintenance. The advantages in our case are security, GDPR compliance, lower maintenance, clear cost, ready libraries for developers. The cons are limited to flexibility and third-party dependency; the same as any SASS with the difference that here we talk about our users.

Top complexities

Our legacy policy was 4 characters minimum per password, Cognito’s minimum is 4, and that is a good point. However, it forced us to communicate with our users. It was not seamless. To manage a smooth switch, we created temporary authentication systems compatible with both Cognito and legacy. It is beneficial to the user experience, however, adds much complexity. When you have an existing system, you have to understand what is the data you require at the registration level. How are you going to share your user pools? Even Cognito requires architectural thinking.

Things impossible to be managed aka limitations

You cannot have different senders defined for the password recovery mail. Achieving the same for the new account mail required an individual effort. We requested those features, and maybe one day it is going to be added by AWS.

UX flows

When you implement Cognito, it might be interesting to understand Cognito’s default flow, compare it to your current flow, and then decide what is better. If you want to stick with your existing flow, it might require some additional adaptation work on your side.

API gateway integration

In API gateway, you have a default integration for Cognito, which is great and easy in case of a start from scratch. In the case of a seamless migration, it requires a custom authenticator or perfect timing.


There is competition from GCE, but our heavy Serverless and API gateway usage convinced us to go the “easy” way.

Would I do it again?

Probably, but the design flow would have been different. In our case, the design was only technical. Probably involvement at the earlier stage of the UX and business team would have made things easier.

Cognito needs an architecture

Even if the in-depth technique is hidden and independent from us users, integrating Cognito requires design thinking from the very beginning. How should my user pools be organized, what is the information that I want to move to Cognito? How to communicate the changes for users?

Specifics of our use case

Web-only environment. The domain is E-commerce. Hundreds of thousands of users needed the migration. Different technologies are in use on the front end. ReactJS is the primary interaction system with Cognito.

About me

CEO of bPolNet, a software house based in the heart of Poland with over 20 years of experience in delivering custom e-commerce platforms for international clients. I fulfilled the role of solutions architect in the project described above.