With Amazon Cognito, you pay only for what you use. There are no minimum fees and no upfront commitments. Amazon Cognito charges for identity management and data synchronization, and the pricing for these features are shown below. 

Free Tier

Amazon Cognito user pools has a free tier. The free tier does not automatically expire at the end of your 12 month AWS Free Tier term, and it is available to both existing and new AWS customers indefinitely. Please note - the free tier pricing isn’t available for user pool local or federated users in the AWS GovCloud (US-West) region.

  • For users who sign in directly or through a social identity provider, Amazon Cognito user pools has a free tier of 50,000 MAUs per account or per AWS organization. 
  • For users federated through SAML 2.0 or an OpenID Connect (OIDC) identity provider, Amazon Cognito user pools has a free tier of 50 MAUs per account or per AWS organization.

 

 

  • Amazon Cognito user pools
  • User pool pricing

    You pay for Amazon Cognito user pools based on your monthly active users (MAUs). A user is counted as a MAU if, within a calendar month, your app generates an identity operation for that user, like administrative creation or update, sign-up, sign-in, token refresh, password change, a user account attribute update, or an attribute query on a user (AdminGetUser API). You are not charged for subsequent sessions or for inactive users within that calendar month.

    There is separate pricing for users who sign in directly with their credentials from a user pool and for users who sign in through an enterprise directory with SAML federation.

    Advanced Security Features

    Advanced security features include compromised credentials detectionadaptive authenticationadvanced security metrics, and access token customization. If you enable advanced security features for Amazon Cognito, additional prices apply for monthly active users as shown in the table below. This includes audit mode. **Advanced security features isn't available in the AWS GovCloud (US-West) region**.

    The prices for the advanced security features for Amazon Cognito are in addition to the base prices for active users. For example, if you enable these advanced security features for a user pool with 100,000 monthly active users, your monthly bill would be $275 for the base price for active users ($0.0055 per MAU past the 50,000 free tier) plus $4,250 for the advanced security features ($0.05 per MAU for the first 50,000 plus $0.035 per MAU for the next 50,000) for a total of $4,525.

    SMS messages for Multi-Factor Authentication (MFA)

    Separate pricing applies for sending SMS messages for Multi-Factor Authentication (MFA), user registration, password recovery, and phone number verification. Amazon Cognito uses Amazon Simple Notification Service (SNS) to send SMS messages, and you can reference Amazon SNS pricing.

    Email messages for user verification

    Separate pricing applies for sending email messages for user registration, password recovery, and email address verification. Amazon Cognito uses Amazon Simple Email Service (SES) to send email messages, and you can reference Amazon SES pricing.

    Migrating Existing User Directories to Amazon Cognito user pools

    Many organizations may have existing infrastructure for managing user identities, authentication and authorization, but maintaining and supporting these systems and keeping them up to date with evolving best security practices can be costly and time consuming.

    Amazon Cognito identity pools

    Use of Amazon Cognito identity pools for authenticating users and generating unique identifiers is provided at no charge.

  • Higher API RPS quotas
  • Higher API RPS quotas

    You can request higher requests per second (RPS) rates in Amazon Cognito for the API categories defined in the table below. To request increased quotas for one or more API categories, or for more information on the individual APIs in each API category, please refer to the documentation. Quota increases are subject to approval by AWS.

    The prices for higher quotas are in addition to the base prices for monthly active users and any other features including Advanced Security Features. Minimum duration for higher quotas is 1 day.
     

      Price per 1RPS per month  
    API Category Continuous use for full month Use for partial month  
    User authentication $20 $45  
    User creation $20 $45  
    User federation $20 $45  
    User read $20 $45  
    User resource read $20 $45  
    User token $20 $45  
    User resource update  $20 $45  
    User update $20 $45  
    User account recovery $20 $45  

    Prices are per 1 RPS of incremental capacity over default quotas per month. Each API Category is charged separately. For example, if you need an ongoing increment in quota for the User Authentication of 20 RPS indefinitely:

    Monthly Cost = 20 RPS * (1 Mo) * $20 per RPS-Mo = $400.

    On the other hand, if you need a partial month quota increase of 20 RPS for 7 days of a 30-day month:

    One-time Cost = 20 RPS * (7/30) Mo * $45 per RPS-Mo = $210
     

  • Amazon Cognito Sync
  • Amazon Cognito Sync
AWS Pricing Calculator

AWS Pricing Calculator

Calculate your Amazon Cognito and architecture cost in a single estimate.

Create your custom estimate now »