AWS Cognito

Ưu điểm:

• Fully managed service.

• Native integration with API Gateway.

• Integration available with ALB ingress controller or via SDKs at application level.

• Support for SAML/OIDC federated login.

• Support for Secure Remote Password Protocol.

• OAUTH2 support. [Reference]

• JWT support. [Reference]

• Extensive reference architectures/comprehensive blog posts/documentation available.

• HIPAA/BAA/PCI/SOC/ISO27001 compliant.

• Advanced security features[compromised credential protection/risk-based adaptive authentication/MFA. Reference]

• Extensible due to lambda functions available at every User Pool workflow interaction. [Reference]

Nhược điểm:

• Pricing can become a pain-point around Cognito. More details at Pricing , and advanced security features

• Difficult to make multi-region aware/migrate away as due to compliance requirements we cannot extract the password. (Is also a security advantage.)