I think the author is confused. The previous "basic tier" is actually the "lite" tier. The prices are the same, but the number of "free" MAUs is reduced. The "advanced" and "essentials" tier include what seems to be new or expanded features like fully customizable logins and passwordless login options, so you have to pay more to access these features, but it looks like everything Cognito previously provided is in the "lite" tier.
Post also doesn’t mention this from the pricing that means existing customers in free tier aren’t being suddenly charged:
Note:
1. Customers with existing user pools created on or before 10:00am Pacific Time, November 22, 2024 will continue having a free tier of first 50,000 MAUs. Advanced Security Features (ASF) will continue to be priced separately and will not have a free tier, just like it has been priced previously.
2. Additionally, customers are eligible to create new user pools with Lite tier in their existing accounts and count those MAUs against the free tier of first 50,000 MAUs. To be eligible, customers' accounts must have had at least 1 MAU in the last 12 months on or before 10:00am Pacific Time, November 22, 2024.
Here's the simple thing to know about AWS. They sell two great products (EC2 and S3) below market value so that you get locked in and their sales teams can upsell you on everything else. If you are a customer and are tempted to try out their alphabet soup of managed services because it all seems so convenient – don't.
EC2? It has not been under market value for a decade now. It used to take 12-24 months of on demand pricing to buy the hardware outright in the 00s. Today it's under 6 months for every instance type. With GPU instances being measured in weeks.
Anyone with more cash than sense, which is a lot of people. Every business I've worked for hooked up a credit card to AWS and never asked questions, until millions of wasted dollars later. Gotta love daddy corps with billions in reserve, and VC money that pours in like rain. I've been rebuffed multiple times trying to get them to buy SPs and RIs.
Okay! Apart from sanitation, medicine, education, wine, public order, irrigation, roads, the fresh-water system and public health, what have the Romans ever done for us!?
okta is not "active-active" in a multi-region sense, they run in a single active AWS single Region per-tenant. You can pay extra to have a faster failover in a region level failure scenario:
Had some pretty negative experiences with pricing/"enterprise" sales tactics by Okta (which now owns Auth0, and they used the same tactics on both products). I will take AWS pricing shenanigans over that any day.
Given the choice between a crummy API and being driven bankrupt by a SaaS vendor, I prefer a crummy API. I suppose your calculus might look different if you have a lot of money or an employer with great negotiating leverage.
Okta has been plagued by security issues [1], never heard of Ping Identity, Azure only makes sense if you get a sweetheart deal and are willing to deal with Azure's crap, and I'd never recommend anyone to use anything Google any more.
Ping is one of the oldest players in the business, they were founded in 2002 and had one of the earliest identity PaaS in the market (at least as far back as 2012). Haven't used their products much though.
Looks really nice! Really need Remix and Tan-Stack support though - these are taking a lot of market share from Next.js because they have less confused models.
I think it shouldn't be too hard. I could even add Remix support for you if you wanted to do a contract (I am not able to do major open source work for free right now.)
pocketbase, lucia auth, there are so many options that won't meter you for MAU for a user table in your database.
authentication is critical, you shouldn't be outsourcing this stuff anyhow. learn how to harden your box, use cloudflare tunnel and dont store passwords in plaintext.
its really not hard to do and constantly being gaslighted into paying someone to do it for you because everybody else is doing it is just irresponsible.
Very much agree with your attitude here. What happens is that nice to have features like email reset/email magic login/social logins/etc accumulate and you don't want to be on the hook for implementing them all yourself, especially with other priorities. Ofc there are open solutions for most of these in most popular languages, but I've found even those take non-trivial amounts of time to setup right and test, and often aren't exactly what you want, or have unnecessary complexity.
And nobody saw this coming with the surge to “cloud”. /s
I don’t like AWS but god damn they are good marketers and had some good leadership that actually was ahead of the curve. Instead of min/maxing the quarterly earning calls.
Convince a nepo C-level executive of your offerings, wave your massive AWS dick while presenting your deck, throw in a few credits, keep it “cheap” for a number of years. Once the competition fizzes out, or you buy them up. Then nix those teaser rates and jack it up 100X over a decade.
Let me ask you, non-combatively: do you think they can keep this up?
Their stock is bumping along at $200. If they can keep people coming in and staying, then the stock can go brrrr for decades. But if they cant, eg the trickle of CTOs repatriating workloads to prem becomes a roar, it wont, and AWS will turn into IBM.
You clearly have strong opinions on how AWS operates, but their stock holders are happy bunnies. What's your prediction?
I think the author is confused. The previous "basic tier" is actually the "lite" tier. The prices are the same, but the number of "free" MAUs is reduced. The "advanced" and "essentials" tier include what seems to be new or expanded features like fully customizable logins and passwordless login options, so you have to pay more to access these features, but it looks like everything Cognito previously provided is in the "lite" tier.
Post also doesn’t mention this from the pricing that means existing customers in free tier aren’t being suddenly charged:
Note:
1. Customers with existing user pools created on or before 10:00am Pacific Time, November 22, 2024 will continue having a free tier of first 50,000 MAUs. Advanced Security Features (ASF) will continue to be priced separately and will not have a free tier, just like it has been priced previously.
2. Additionally, customers are eligible to create new user pools with Lite tier in their existing accounts and count those MAUs against the free tier of first 50,000 MAUs. To be eligible, customers' accounts must have had at least 1 MAU in the last 12 months on or before 10:00am Pacific Time, November 22, 2024.
Here's the simple thing to know about AWS. They sell two great products (EC2 and S3) below market value so that you get locked in and their sales teams can upsell you on everything else. If you are a customer and are tempted to try out their alphabet soup of managed services because it all seems so convenient – don't.
> below market value
Unless you would like your data to egress from an AWS datacenter, in which case they are a very, very long way above market value.
> two great products
RDS is also pretty great, and KMS is a pretty good way to store a private key per environment.
EC2? It has not been under market value for a decade now. It used to take 12-24 months of on demand pricing to buy the hardware outright in the 00s. Today it's under 6 months for every instance type. With GPU instances being measured in weeks.
S3? Laughs in egress costs.
AWS considered harmful.
EC2 sold below market rate ? S3 I could argue somehow (unconvincingly). But what's the argument for EC2 ?
Who’s actually paying list price?
Anyone with more cash than sense, which is a lot of people. Every business I've worked for hooked up a credit card to AWS and never asked questions, until millions of wasted dollars later. Gotta love daddy corps with billions in reserve, and VC money that pours in like rain. I've been rebuffed multiple times trying to get them to buy SPs and RIs.
Everybody who isn’t big enough to have an EDP in place.
Even then, you give some of the discount back as AWS Enterprise Support charges :)
SQS, SNS and Lambda are great as well
Okay! Apart from sanitation, medicine, education, wine, public order, irrigation, roads, the fresh-water system and public health, what have the Romans ever done for us!?
Those all do what they say on the tin (and do it well enough), but the vendor lockin is very real.
We LOVE Lambda and SQS.
What else is left?
DynamoDB
Gotta love Step Functions, Lambda, and also Kinesis Firehose!
Here's some reddit discussion on the same topic, which started with a link to the announcement blog: https://www.reddit.com/r/aws/comments/1gxgowz/improve_your_a...
I have no idea why anyone would use Cognito unless they don’t care about availability.
Almost every other SaaS vendor supports multi-region active-active and Cognito does not.
> Almost every other SaaS vendor supports multi-region active-active and Cognito does not.
Who are we talking about here? Google and Azure?
auth0, okta, ping identity, azure, google
okta is not "active-active" in a multi-region sense, they run in a single active AWS single Region per-tenant. You can pay extra to have a faster failover in a region level failure scenario:
https://support.okta.com/help/s/article/overview-of-enhanced...
Had some pretty negative experiences with pricing/"enterprise" sales tactics by Okta (which now owns Auth0, and they used the same tactics on both products). I will take AWS pricing shenanigans over that any day.
I'll take the scummy sales tactics over the cognito API any day of the week
Given the choice between a crummy API and being driven bankrupt by a SaaS vendor, I prefer a crummy API. I suppose your calculus might look different if you have a lot of money or an employer with great negotiating leverage.
Okta has been plagued by security issues [1], never heard of Ping Identity, Azure only makes sense if you get a sweetheart deal and are willing to deal with Azure's crap, and I'd never recommend anyone to use anything Google any more.
[1] https://www.flyingpenguin.com/?p=54722
Ping is one of the oldest players in the business, they were founded in 2002 and had one of the earliest identity PaaS in the market (at least as far back as 2012). Haven't used their products much though.
What is active-active?
Being live in more than one region at the same time
There are so many better Auth providers out there now - and some of them are free for the first 10k or so users (workOs has the first 1M users free!)
which do you recommend?
I'm biased but Stack Auth [0] is fully open-source, self-hostable, and we offer reasonably priced managed hosting, if that floats your boat.
[0] https://github.com/stack-auth/stack
Looks really nice! Really need Remix and Tan-Stack support though - these are taking a lot of market share from Next.js because they have less confused models.
I think it shouldn't be too hard. I could even add Remix support for you if you wanted to do a contract (I am not able to do major open source work for free right now.)
pocketbase, lucia auth, there are so many options that won't meter you for MAU for a user table in your database.
authentication is critical, you shouldn't be outsourcing this stuff anyhow. learn how to harden your box, use cloudflare tunnel and dont store passwords in plaintext.
its really not hard to do and constantly being gaslighted into paying someone to do it for you because everybody else is doing it is just irresponsible.
Very much agree with your attitude here. What happens is that nice to have features like email reset/email magic login/social logins/etc accumulate and you don't want to be on the hook for implementing them all yourself, especially with other priorities. Ofc there are open solutions for most of these in most popular languages, but I've found even those take non-trivial amounts of time to setup right and test, and often aren't exactly what you want, or have unnecessary complexity.
They increased prices, but looks like they finally are revamping the service. This is probably the biggest update in years.
Makes sense to me. These customers have margins and Amazon has an opportunity.
Cant find the pricing change announcement, mind to share a link to it?
It’s mentioned in the blog the article links to.
https://aws.amazon.com/blogs/aws/improve-your-app-authentica...
Ah thanks, found at the bottom of the article.
Drug dealer pricing? You start free and once you are on the hook exorbitant increases will come.
Drug dealers are sensitive to the price their market can bare, they don't let you use unlimited drugs then charge you at the end of the month.
And nobody saw this coming with the surge to “cloud”. /s
I don’t like AWS but god damn they are good marketers and had some good leadership that actually was ahead of the curve. Instead of min/maxing the quarterly earning calls.
Convince a nepo C-level executive of your offerings, wave your massive AWS dick while presenting your deck, throw in a few credits, keep it “cheap” for a number of years. Once the competition fizzes out, or you buy them up. Then nix those teaser rates and jack it up 100X over a decade.
Now AWS is pumping for the next millenia.
Let me ask you, non-combatively: do you think they can keep this up?
Their stock is bumping along at $200. If they can keep people coming in and staying, then the stock can go brrrr for decades. But if they cant, eg the trickle of CTOs repatriating workloads to prem becomes a roar, it wont, and AWS will turn into IBM.
You clearly have strong opinions on how AWS operates, but their stock holders are happy bunnies. What's your prediction?
AWS is the new IBM.
The question is if we're living in the new 1970s or 2000s.