Can you export/migrate users out of AWS cognito, does it cause vendor lock-in?

Question

This is a question about vendor lock in and AWS cognito. Can user data and encrypted/hashed passwords be exported out of cognito if we ever move off of AWS?

Can/does cog

Answer 1

This reference architecture might be of some use: https://aws.amazon.com/solutions/implementations/cognito-user-profiles-export-reference-architecture/

It uses the ListUsers API to export user profiles to a DynamoDB table. It is designed to run on a schedule (daily/weekly/etc.) to keep the DynamoDB table up to date with the profiles in the user pool. The source is on GitHub so it be possible to modify the solution to export to a CSV.

If the profiles are imported to a new user pool, user will still need to reset passwords. Other limitations listed in the deployment guide.