Another AWS footgun: Cognito custom attributes

Author's image
Tamás Sallai
1 min
Photo by Aaron Burden on Unsplash

You can define extra attributes for users in user pools. Maybe you want to store information that is not covered by the standard attributes, such as social profiles or preferred currency.

But there is a catch:

You can't remove or change it after you add it to the user pool.

I had to remove all users and recreate the user pool because of this (it was a personal dev environment fortunately).

Why is it a big thing?

  • There is a limit of 50 custom attributes you can add. It's a finite resource
  • You use code to deploy your infrastructure? Now you can't rollback
  • Or you use clickops? Watch where you click as this is a one-way road

To make things worse, it's practically impossible to replace a user pool. You don't have access to the passwords and the MFA secrets (which is a good thing) which means if you move users everything is reset for them. Including their sub (subject id) which might affect your databases.

I'd stay very far away from using custom attributes.

What's the better solution? You probably already has some backend with some database: use that to store any extra information about users.

October 1, 2025

Free PDF guide

Sign up to our newsletter and download the "How Cognito User Pools work" guide.