AWS Knowledge
Understanding Amazon Cognito Pricing and Costs
Piyush Kalra
Nov 14, 2024
Amazon Cognito is a custom technology developed to facilitate user authentication and identity access management on web and mobile applications simultaneously. Amazon web services encompasses Amazon Cognito, which provides developers with a secure, scalable means to perform these functions. However, from an accounting perspective, determining an appropriate price strategy for Amazon Cognito is essential for ensuring cost-effective control.
In this blog, we hope you gain a comprehensive understanding of the pricing structure of Amazon Cognito, from free tier offerings, monthly active users (MAUs), advanced features, and even important cost-saving tips that could potentially reduce net costs by 20-30%, such that you know what appropriate charges look like while knowing how to make full use of the cloud services provided.
What is Amazon Cognito?
(Image Source: Amazon Cognito)
Amazon Cognito facilitates large-scale identity and authentication user management through its platform without worrying about external integrations. Cognito’s dependencies can be seamlessly embedded into web and mobile apps to easily incorporate user sign-up, sign-in, and access systems. Cognito provides functionality to perform social sign-in MFA, enhanced user data synchronization operations, and much more.
Key Features
User Pools: Signs up and verifies users via multiple portals, such as social platforms, Google and Facebook, and even enterprise systems, by connecting to identifiers like OpenID or SAML.
Identity Pools (Federated Identities): Allows the users to have secured access to AWS resources using temporary credentials.
Customizable Security: Encompasses MFA, compromised credentials identification, and adaptive authentication.
Advanced APIs: Integrate user authentication and lifecycle features with ease into your web applications.
Compliance: Meet regulatory requirements such as GDPR and HIPAA for safe and secure data protection enabling compliance by regulation.
Whether you manage a small start-up business or are in charge of applications at an enterprise level, Cognito helps you manage secure, scalable identity access management.
How Does Amazon Cognito Work?
Amazon Cognito runs with two major features:
User Pools are for signing in securely to an application.
Identity Pools are used to access control and integrate with AWS resources.
User Pools vs. Identity Pools
User Pools are directories of users who can oversee the whole application, encompassing registration, access ability, resetting passwords, and modifying profile details. Additionally enables social and enterprise identities, Multi-factor authentication, and more.
Identity Pools help manage federated identity by enabling users to issue temporary AWS credentials for use with other AWS services.
Amazon Cognito works easily with multiple other well-known AWS services (for example, AWS Lambda and Amazon API Gateway), allowing developers to expand their scope.
User Experience Workflow
User sign or register in User Pools.
Users authenticate using email/password, social identity providers, and SAML federation.
ID Pools grants AWS credentials for access to resources if required.
Deep Dive Into Amazon Cognito Pricing
Amazon Cognito follows a pay-as-you-go pricing model, ensuring you only pay for what you use. There are no upfront costs or minimum fees. Below is a detailed breakdown of Amazon Cognito’s pricing structure:
Monthly Active Users (MAUs)
The core pricing factor for Amazon Cognito is MAUs:
MAU Definition: A user is counted as active if an identity operation (e.g., sign-up, sign-in, token refresh) occurs within a calendar month.
Inactive Users are not billed, regardless of when they remain in the user pool.
Pricing Tiers for User Pools
Amazon Cognito offers a tiered pricing model for the Lite tier, where the cost per user decreases as the number of active users increases.
First 50,000 MAUs: Free (available to all AWS customers).
50,001 – 100,000 MAUs: $0.0055 per MAU.
100,001 – 1,000,000 MAUs: $0.0046 per MAU.
1,000,001 – 10,000,000 MAUs: $0.00325 per MAU.
Over 10,000,000 MAUs: $0.0025 per MAU.
Example Calculation:
If your app has 120,000 monthly active users (MAUs):
First 50,000 MAUs: Free.
Next 50,000 MAUs (50,001 – 100,000): 50,000 x $0.0055 = $275.
Remaining 20,000 MAUs (100,001 – 120,000): 20,000 x $0.0046 = $92.
Total Cost: $275 + $92 = $367 per month.
SAML/OIDC Federation Costs
For enterprise users signing in through SAML or OIDC federation:
First 50 MAUs: Free.
Additional MAUs above the free tier are billed at $0.015 per MAU.
Example Calculation:
If 200 users log in via SAML or OIDC federation:
First 50 MAUs: Free.
Remaining 150 MAUs: 150 x $0.015 = $2.25 per month.
Advanced Security Features
Enabling Advanced Security Features (e.g., compromised credentials detection, adaptive authentication) incurs additional costs:
First 50,000 MAUs: $0.050 per MAU.
50,001 – 100,000 MAUs: $0.035 per MAU.
Additional MAU categories scale lower, going as low as $0.010 for over 10,000,000 MAUs.
Example Calculation:
If ASF is enabled for 120,000 MAUs:
First 50,000 MAUs: 50,000 x $0.050 = $2,500.
Next 50,000 MAUs (50,001 – 100,000): 50,000 x $0.035 = $1,750.
Remaining 20,000 MAUs (100,001 – 120,000): 20,000 x $0.025 = $500.
Total ASF Cost: $2,500 + $1,750 + $500 = $4,750 per month.
Free Tier Offerings
There is no limit on how long the free tier remains valid after the initial 12 months of the AWS free tier. The concerning user bases stand at:
User Pools: Allows 50,000 MAUs for direct or social sign-ins.
OIDC/SAML Federation: 50 MAUs per month.
Important Note: The Free tier pricing isn't available in the AWS GovCloud (US-West) region.
Additional Costs
Multi-factor authentication employs Amazon Simple Notification Service to send SMS messages, which are billed separately.
Enhanced API quotas and M2M authentication are additional charges.
Additional Pricing Advantages
There’s a benefit in this pricing model and there are some savings embedded into the service:
Scalability Discounts: As the number of users grows, so do the charges which makes Cognito a way for growing companies to scale.
No Cost for Unused Features: Be charged only for the desired additional features enabled, such as ASF.
Customizable Pricing Tiers: If you need so, you can flex between pricing tiers Lite, Essentials, and Plus.
Case Study: Saving £137,000 Annually with Improved Performance Using Amazon Cognito
Challenges
Constantly overseeing a cumbersome and expensive legacy authentication system.
Problems with stability, increased time frames in product releases, and time out due to upgrades.
Relocation needs to be completed within a short time limit, or else, with the previous vendor, a 50% renewal fee will be charged.
Solution
To update its authentication protocols, the Driver and Vehicle Standards Agency in the UK shifted its 140,000 accounts to Amazon Cognito without any issues and this enabled the standards authority to modernize its system alongside. In addition, the core functionality was connected with other services by using AWS Lambda in conjunction with Amazon API Gateway ensuring lower levels of technical debt and increased migration reliability.
Results
Reduced costs on AWS by £137,000 every year.
Decreased the time taken to release new software by 30%.
Seamlessly migrated 140,000 accounts with close to no user interference.
Enhanced response time while also providing better authentication by 15%.
Boosted team assistance by eliminating on-call demands on weekdays during evenings and weekends.
The DVSA employed Amazon Cognito along with other AWS cloud services, which helped them efficiently handle multiple issues while automating their workflows, thus preparing them for continuous improvement.
Tools and Tips for Cutting Amazon Cognito Costs
Cost reduction for AWS is often enabled via the optimization of configurations and close monitoring of usage, and the same applies with Amazon Cognito. Below is how to go about it:
Tools for Cost Monitoring
AWS Cost Explorer: The tracking of usage trends is able to identify and save opportunities when using Cognito.
AWS Pricing Calculator: MAU usage projection-based costs are able to be estimated on a monthly basis.
AWS Budgets: Cognito-related expenses can have budget alarms set on them to mitigate overspending.
Tips for Cost Optimization
Leverage the Free Tier: While initializing, make sure MAUs are below the limit set by the free tier, which is 50,000, and set up pools to prevent incurring unnecessary operation triggers that count fees.
Disable Unused Features: Minimize charges by only allowing ASF or SMS MFA when absolutely needed.
Monitor Active Users Regularly: Checking user activity enables you to identify and thus delete accounts that have not been used for some time.
Use Bundled Features: When seeking to minimize costs further, consider combining AWS Lambda with Cognito in order to optimize user flows.
Optimize API Requests: By using token caching, limiting the number of sameness token requests saves time and money for operations such as refreshing tokens.
Conclusion
It does not matter whether you are a startup utilizing the free tier or an enterprise employing advanced features; with Amazon Cognito, you will always have the appropriate means of managing user authentication accurately and at a reasonable cost. It enhances and expands authentication on demand if you take the time to grasp the basic notions of its pricing model and adjust it for your application's requirements. There is no doubt that further investigation of Amazon Cognito is a proper approach if its functionality is crucial for you!
Join Pump for Free
If you found this post interesting, consider checking out Pump, which can save you up to 60% off AWS for early-stage startups, and it’s completely free (yes, that's right!). Pump has tailor-made solutions to take you in control of your AWS and GCP spend in an effective way. So, are you ready to take charge of cloud expenses and maximize the most from your investment in AWS? Learn more here.
