Share

Another AWS footgun: Cognito custom attributes

Author's image
Tamás Sallai
1 min
Photo by Aaron Burden on Unsplash

You can define extra attributes for users in user pools. Maybe you want to store information that is not covered by the standard attributes, such as social profiles or preferred currency.

But there is a catch:

You can't remove or change it after you add it to the user pool.

I had to remove all users and recreate the user pool because of this (it was a personal dev environment fortunately).

Why is it a big thing?

  • There is a limit of 50 custom attributes you can add. It's a finite resource
  • You use code to deploy your infrastructure? Now you can't rollback
  • Or you use clickops? Watch where you click as this is a one-way road

To make things worse, it's practically impossible to replace a user pool. You don't have access to the passwords and the MFA secrets (which is a good thing) which means if you move users everything is reset for them. Including their sub (subject id) which might affect your databases.

I'd stay very far away from using custom attributes.

What's the better solution? You probably already has some backend with some database: use that to store any extra information about users.

October 1, 2025
Author's image
Tamás Sallai

I came to believe that great software craftsmanship starts with understanding the underlying technologies better. You can't rely on "easy solutions" and "quick fixes" when you want dependable systems. I write about technology to deepen my knowledge and also to help others solve problems.

I'm the author of several books and courses.

Author's image

Hi, I'm Tamás,

I write articles about AWS, Javascript, security, and web technologies.

I'm the author of several books and courses.

Free PDF guide

Sign up to our newsletter and download the "How Cognito User Pools work" guide.