AWS sharing of Cognito user ID with RDS DB?

Question

I am developing a ReactJS/PHP app based around AWS services and I will be using Cognito for authentication. However, I do not understand how to use Cognito with my own user table.

As an example, lets say I have a table in my RDS that looks like this: -

id
review
creator_id

With the id being an INT primary key, review being varchar and creator_id being the foreign key of the user who created it.

So let's say I want to perform a relational query to select records from the comments table and the first and second name of the person who created it via the creator_id foreign key... while the users stored in my Cognito database belong to me I can't (as far as I know) see any "official" way of synching these user records/table with my RDS.

In the Cognito documentation it mentions the Lambda triggers. Would it possible to have my own users table in my RDS and user the migrate user trigger to pass the Cognito user information to a PHP endpoint that would create a new record in the RDS users table with it's own PK, the information Cognito user information and a "foreign key" identifying it's record in Cognito users pool?

Alternatively, of course, I should be able to control all CRUD operations on the Cognito users pool through the AWS PHP SDK, I would assume I could update my own table on when a create, update or delete operation is successful. According to the Cognito docs. the app can create a unique username for users in the pool, which I suppose could be used as a unique ID in my own users table: -

UPDATE users set this_field = 'whatever' WHERE cognito_id = 'whatever_the_unique_cognito_username_is'

The only potential drawback of this that springs to mind is the case of using federated identity and my own users records go stale due to my app not picking up a change in attribute data that has been picked up from Facebook, Amazon etc.

Although this would seen to be a common scenario, I can't seem to find any actual worked examples of how a solution to this is achieved.

Answer 1

I did have similar situation, but not with RDS: I have users, want to move them into Cognito but there are some other part of users which I want to take the record on. The following is my solution I don't know if you want to go to this route or not (assume p1 is the Cognito end point and p2 is other data related end point, such as RDS):

1. Old Users: Instead of using AWS' CLI, I used Boto3 AWS library, wrote the script to get the list of users; and push them into p2 (Boto also supports RDS client). Now two things here, one is that you need to write Python script, but it is very easy to pick up; and the method calls are very declarative. Second thing is that, you must be very careful what you are doing; if you delete something here; through a bad written code; you cannot reverse it back. Therefore I suggest to make a dummy Cognito user pool and a database and test on them first, and then touch the production code.

2. New Users From This point On: As the user signs up; the api add the user to p1 and add the related information to p2. What is the link between p1 and p2, is the users' username and not the id.