Does AWS Cognito support transferring users to a new user pool to prevent cloud formation template lock in?

Question

I'm using AWS amplify to stand up a fullstack application and I am trying to understand how I can ensure that if I ever am in a situation where I need to transition users in my user pool to a new user pool I won't have to require everyone to create a new account.

Does anyone know how this is handled? Let's say that I develop a new app in the future that uses a different cloud formation template- how would I force the new app to use the existing cloud formation template? Further, how can you even tear down a cloud formation template but keep the cognito user pool there so you don't lose your user's passwords and registration?

I'm not expecting a code example here, but I'm just wondering- we have backups and restore from RDS and ec2 instances which makes this kind of thing totally seamless to the end-user. Is there an equivalent process for preventing getting locked into a user pool for the lifetime of your company without forcing them to re-create their passwords in a new user pool?

Answer 1

You can specify a DeletionPolicy of Retain for resources that need to persist after a CloudFormation stack is deleted. Be sure to test this works the way you need it to before committing to its use.

Note that CloudFormation now supports the import of some existing resources into a stack, so you could potentially delete stack #1, with a resource being retained, and then import that resource into stack #2.

Also, there are situations in which creating important long-term persistent data stores (like S3 buckets, RDS databases, Cognito user pools etc.) may better be done outside of your application's CloudFormation stack, for example in their own dedicated CloudFormation stack.