English

Amazon Cognito
Pricing

2025 Amazon Cognito's latest pricing explained and the best Amazon Cognito alternatives

This article provides an overview and breaks down the key details of Amazon Cognito. It covers what Amazon Cognito is, a summary of its pricing, and the best alternatives to Amazon Cognito.

Guamian

Product & Design

2/13/20257 min read

Stop wasting weeks on user auth

Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.

Get started

What is Amazon Cognito

Amazon Cognito is an Amazon Web Services (Amazon) offering that procides adding authentication, authorization, and user management to web and mobile apps. However, many of our Logto users have migrated from Amazon Cognito due to its complicated pricing, limited features, and an outdated developer experience.

In this article, we’ll revisit the Amazon Cognito pricing structure and show how you can potentially save money and plan your budget more effectively if you decide to migrate.

Key authentication and authorization feature supported by Cognito

First, let’s take a look at Amazon Cognito’s main features:

User pools

Secure user sign-up, sign-in, and profile management, including MFA, email/phone verification, and social logins.

Identity pools

Provide temporary Amazon credentials to users, allowing access to Amazon services through federated identities (e.g., enterprise SSO providers like Microsoft or Okta).

Security features

Advanced MFA, token-based authentication, device tracking, and risk-based authentication.

Federation

Integration with social identity providers, SAML for enterprise SSO, and support for custom identity providers. (This is same as Logto Enterprise SSO features, supporting OIDC and SAML)

User management

Support for user groups, custom claims, fine-grained access control, and easy user migration.

Overall, Cognito is a traditional auth provider that’s deeply integrated and rooted in the Amazon ecosystem.

Cognito detailed pricing

Amazon Cognito’s pricing can be quite complicated, especially since the monthly active user (MAU) rate varies depending on the SKU and features you’re using. In this section, we’ll go over Amazon’s different plans, break down the pricing, and explain it all in a more straightforward way.

What features are included in the Amazon Lite Plan?

The Amazon Lite plan includes basic password-based authentication, ideal for cost-conscious use cases. However, additional features require customization.

One of the best things about Amazon Cognito is that it provides MFA support in its cheapest plan, the Lite plan, including authenticator apps and SMS one-time codes.

More detailed features are as follows:

Features	Avalability
40 million users or more	✅
Sign-in with social, SAML, or OIDC providers	✅
Sign-in with username and password	✅
MFA with authenticator apps and SMS one-time codes	✅
Custom runtime action with Lambda triggers	✅
Customize managed login page with CSS	✅
99.9% service level agreement	✅

One thing to note is that Cognito Lite Plan doesn’t support passwordless sign-in (where you only need a one-time passcode and no password), but it does offer a wide range of MFA options, including authenticator apps and SMS codes. Amazon likely believes that MFA is a must-have in today’s security-sensitive world.

How is the MAU cost calculated in the Amazon Lite Plan?

Amazon set its MAU as tiers. Different tiers have different unit price.

Pricing Tier (MAUs)	Price per MAU
First 10,000 (Free-tier)	$0.00
10,001-100,000	$0.0055
100,001 - 1,000,000	$0.0046
1,000,001 - 10,000,000	$0.00325
Greater than 10,000,000	$0.0025

Next, let’s do some quick math to estimate the cost for different numbers of MAUs.

MAU	Cost
10,000	0
50,000	$220
100,000	$495
1,000,000	$4635

If your consumer app has fewer than 10k MAUs, there’s no cost. However, as your user base grows, the cost can become high for an individual developer — above $220, for example. Authorization features, such as role-based access control (RBAC), are not included in the Lite plan.

What features are included in the Amazon Essentials Plan?

The Essentials plan offers flexible and secure authentication with easy sign-up and sign-in setup. In addition to everything in the Lite plan, it includes these extra features:

Features	Availability
Customize managed login page with visual editor	✅
MFA with email one-time codes	✅
Passwordless sign-in with one-time codes	✅
Passkeys sign-in with biometrics and hardware keys	✅
Protect against unsafe passwords	✅
Prevent reuse of previous passwords	✅
Customize access token scopes and claims at runtime	✅

The key differences in the Plus plan are:

MFA using email
Passwordless sign-in
Passkey as first factor
Password policy
Custom token claims

How is the MAU cost calculated in the Amazon Plus Plan?

Amazon Plus plan has a straightforward MAU pricing model. The Plus plan costs $0.02 per MAU.

For example, if your app has 50,000 MAUs, the cost would be:

50,000 × $0.02 = $1,000

Wow, that’s pricey!

What features are included in the Amazon Essential Plan?

The Essential plan is for customers who need enhanced security, offering protection against suspicious logins. Plus everything in the essential plan, it includes some advanced features, especially the security features.

Features	Availability
Protect against unsafe passwords	✅
Protect against malicious sign-in attempts	✅
Log and analyze threat profiles and user activity	✅
Risk-based adaptive authentication	✅
Compromised credentials detection	✅
Export threat profiles and user activity	✅

How is the MAU cost calculated in the Amazon Essential Plan?

Essential plan different tiers. Its first 10,000 is free and once it is greater than 10,000, it starts charging at $0.015/MAU.

MAUs	Price per MAU
First 10,000 (Free-tier)	$0.00
Greater than 10,000	$0.015

Next, let’s do some quick math to get a rough idea of the cost again for Essential plan.

MAU	Cost
10,000	0
50,000	$600
100,000	$1350
1,000,000	$14850

As you can see, the cost becomes very high as your MAUs grow. The Essential plan is likely aimed at enterprise companies.

What is the MAU cost for users signing in through SAML or OIDC federation?

Cognito’s pricing can be tricky because the MAU unit price varies based on the features you enable.

If your MAU exceeds 50 and users sign in through enterprise SSO (using SAML or OIDC federation), you will be charged $0.015 per MAU.

What is the MAU cost for users signing in with security features enabled?

If you enbaled security features like dvanced security features include compromised credentials detection, adaptive authentication, advanced security metrics, and access token customization. Your MAU will be also higher.

Pricing Tier (MAUs)	Price per MAU
First 50,000	$0.050
Next 50,000	$0.035
Next 900,000	$0.020
Next 9,000,000	$0.015
Greater than 10,000,000	$0.010

What are the additional add-on costs?

If you use the following features, you will be charged extra.

Machine-to-machine authorization
Higher API RPS quota
Amazon Cognito sync

API RPS quota

API Category	Continuous use for full month	Use for partial month
User authentication	$20.00	$45.00
User creation	$20.00	$45.00
User federation	$20.00	$45.00
User read	$20.00	$45.00
User resource read	$20.00	$45.00
User token	$20.00	$45.00
User resource update	$20.00	$45.00
User update	$20.00	$45.00
User account recovery	$20.00	$45.00

M2M authorization

Number of token requests per month	Range	Price
Tier 1	1-250,000	$2.250 per 1000 token requests
Tier 2	250,001-5,000,000	$1.500 per 1000 token requests
Tier 3	5,000,001+	$1.125 per 1000 token requests

Amazon Cognito sync

Beyond the Free Tier, Amazon Cognito charges:

$0.15 per 10,000 sync operations
$0.15 per GB of sync storage per month

If push synchronization is enabled, standard Amazon SNS rates apply.

Amazon Cognito pricing summary

Lite plan uses tiered MAU pricing.
Essential plan and Plus plan has a fixed MAU price.
MAUs who sign in through SAML/OIDC providers will be billed separately.
Extra charges may apply for M2M, API requests, and sync features.

The drawback of Amazon Cognito

While Amazon Cognito offers many benefits, it does have some drawbacks that may make it less suitable for certain use cases:

Complexity in setup and configuration

Setting up Amazon Cognito can feel like navigating a maze, especially if you’re new to Amazon. From configuring authentication flows to integrating third-party identity providers, every step demands a solid grasp of Amazon services. What seems like a straightforward task quickly becomes a technical puzzle—one that often leaves new users facing a steep learning curve. Yet, for those willing to climb that hill, Cognito offers powerful tools to secure and scale their applications.

Limited customization and flexibility

Amazon Cognito offers some customization options, like custom authentication flows, but it can quickly hit its limits when you need more advanced features or full flexibility. Imagine wanting to tailor the user experience—like redesigning sign-up forms or personalizing email templates—only to find that it requires Amazon Lambda functions or extra development work. What should be a simple tweak often turns into a technical project, adding complexity and time to your implementation.

Lack of advanced features for enterprise use

Amazon Cognito lacks some enterprise-grade features compared to solutions like Logto, including:

Advanced role-based access control (RBAC): Cognito’s built-in RBAC is less flexible than that of other identity solutions.
Granular user management: Customizing user roles or permissions may require complex Amazon Lambda functions.

Limited support for non-Amazon ecosystems

Amazon Cognito works best when your infrastructure is on Amazon. While it can integrate with other cloud providers and services, the setup process can be more difficult and less seamless for non-Amazon environments. For multi-cloud setups or hybrid environments, other identity solutions might be more suitable.

Potential for vendor lock-In

As part of the Amazon ecosystem, Cognito can lead to vendor lock-in, especially for companies that rely heavily on Amazon services. If your organization is using other cloud providers or plans to move away from Amazon, transitioning away from Cognito could be challenging.

User interface and developer experience

Cognito’s user interface for managing users and authentication flows is less intuitive than some other identity management solutions. The Amazon Management Console can feel overwhelming with its many settings and options. The dashboard isn’t as polished or user-friendly as alternatives like Auth0, which could slow down development or user management for teams unfamiliar with Amazon.

Pricing complexity at scale

While Cognito’s pricing is generally affordable at lower scales, costs can increase as your user base grows, particularly for enterprise-level usage. The pricing model can become complex and difficult to predict, especially if you’re using features like multi-factor authentication (MFA) or advanced analytics. In some cases, this may lead to unexpected costs.

Limited customer support

While Amazon provides customer support, users of Cognito may find that the support options for this service are not as comprehensive or responsive compared to other identity management providers. Many users rely on forums, documentation, or community-based support, which may not always be sufficient for troubleshooting complex issues.

Documentation can be difficult to navigate

While Amazon provides detailed documentation, it can be overwhelming due to its depth and the variety of services involved. New users or those not familiar with Amazon services may struggle to find the relevant information needed for their specific use case.

What are the benefits of switching from Amazon Cognito to Logto for user authentication?

Logto is an open-source authentication platform with 9K+ stars on GitHub, meaning no vendor lock-in. Here’s why it stands out:

Cost-effective token-based pricing

Logto follows a simple token-based pricing model.
The Plus plan provides 100K tokens for free, then charges $0.08 per 100 tokens after that.
If your app isn’t highly active, 50K MAUs can be supported for just $16—far cheaper than Amazon Cognito.

No hidden fees

API requests and M2M authentication are included at no extra cost.
Enterprise SSO (SAML & OIDC) and security features are fully included, with no additional charges.
Fully open-source & cloud-agnostic

No vendor lock-in

Logto works with various public cloud providers, giving you complete flexibility.

If you’re considering migrating to Logto, we offer direct human support to ensure a smooth transition, keeping your users secure and your system stable for the long run.

What is Amazon Cognito#

Key authentication and authorization feature supported by Cognito#

Cognito detailed pricing#

What features are included in the Amazon Lite Plan?#

How is the MAU cost calculated in the Amazon Lite Plan?#

What features are included in the Amazon Essentials Plan?#

How is the MAU cost calculated in the Amazon Plus Plan?#

What features are included in the Amazon Essential Plan?#

How is the MAU cost calculated in the Amazon Essential Plan?#

What is the MAU cost for users signing in through SAML or OIDC federation?#

What is the MAU cost for users signing in with security features enabled?#

What are the additional add-on costs?#

API RPS quota#

M2M authorization#

Amazon Cognito sync#

Amazon Cognito pricing summary#

The drawback of Amazon Cognito#

Complexity in setup and configuration#

Limited customization and flexibility#

Lack of advanced features for enterprise use#

Limited support for non-Amazon ecosystems#

Potential for vendor lock-In#

User interface and developer experience#

Pricing complexity at scale#

Limited customer support#

Documentation can be difficult to navigate#

What are the benefits of switching from Amazon Cognito to Logto for user authentication?#

Cost-effective token-based pricing#

No hidden fees#

No vendor lock-in#

What is Amazon Cognito#

Key authentication and authorization feature supported by Cognito#

Cognito detailed pricing#

What features are included in the Amazon Lite Plan?#

How is the MAU cost calculated in the Amazon Lite Plan?#

What features are included in the Amazon Essentials Plan?#

How is the MAU cost calculated in the Amazon Plus Plan?#

What features are included in the Amazon Essential Plan?#

How is the MAU cost calculated in the Amazon Essential Plan?#

What is the MAU cost for users signing in through SAML or OIDC federation?#

What is the MAU cost for users signing in with security features enabled?#

What are the additional add-on costs?#

API RPS quota#

M2M authorization#

Amazon Cognito sync#

Amazon Cognito pricing summary#

The drawback of Amazon Cognito#

Complexity in setup and configuration#

Limited customization and flexibility#

Lack of advanced features for enterprise use#

Limited support for non-Amazon ecosystems#

Potential for vendor lock-In#

User interface and developer experience#

Pricing complexity at scale#

Limited customer support#

Documentation can be difficult to navigate#

What are the benefits of switching from Amazon Cognito to Logto for user authentication?#

Cost-effective token-based pricing#

No hidden fees#

No vendor lock-in#

What is Amazon Cognito

Key authentication and authorization feature supported by Cognito

Cognito detailed pricing

What features are included in the Amazon Lite Plan?

How is the MAU cost calculated in the Amazon Lite Plan?

What features are included in the Amazon Essentials Plan?

How is the MAU cost calculated in the Amazon Plus Plan?

What features are included in the Amazon Essential Plan?

How is the MAU cost calculated in the Amazon Essential Plan?

What is the MAU cost for users signing in through SAML or OIDC federation?

What is the MAU cost for users signing in with security features enabled?

What are the additional add-on costs?

API RPS quota

M2M authorization

Amazon Cognito sync

Amazon Cognito pricing summary

The drawback of Amazon Cognito

Complexity in setup and configuration

Limited customization and flexibility

Lack of advanced features for enterprise use

Limited support for non-Amazon ecosystems

Potential for vendor lock-In

User interface and developer experience

Pricing complexity at scale

Limited customer support

Documentation can be difficult to navigate

What are the benefits of switching from Amazon Cognito to Logto for user authentication?

Cost-effective token-based pricing

No hidden fees

No vendor lock-in

What is Amazon Cognito

Key authentication and authorization feature supported by Cognito

Cognito detailed pricing

What features are included in the Amazon Lite Plan?

How is the MAU cost calculated in the Amazon Lite Plan?

What features are included in the Amazon Essentials Plan?

How is the MAU cost calculated in the Amazon Plus Plan?

What features are included in the Amazon Essential Plan?

How is the MAU cost calculated in the Amazon Essential Plan?

What is the MAU cost for users signing in through SAML or OIDC federation?

What is the MAU cost for users signing in with security features enabled?

What are the additional add-on costs?

API RPS quota

M2M authorization

Amazon Cognito sync

Amazon Cognito pricing summary

The drawback of Amazon Cognito

Complexity in setup and configuration

Limited customization and flexibility

Lack of advanced features for enterprise use

Limited support for non-Amazon ecosystems

Potential for vendor lock-In

User interface and developer experience

Pricing complexity at scale

Limited customer support

Documentation can be difficult to navigate

What are the benefits of switching from Amazon Cognito to Logto for user authentication?

Cost-effective token-based pricing

No hidden fees

No vendor lock-in