Can I use the userSub in AWS Cognito as primary key?

Question

I am looking to use the data that comes with Cognito as secondary key to connect to other database.Potentially, I could use username or email. However, according to the project requirement, there will be lots of concerns of using sensitive data as primary key for other database. I am looking for an alternative way to set the unique key. Wonder whether userSub can be used as unique key for each users? Or there's any other values that I can use?

Answer 1

When a user is created in Cognito user pools, Cognito generates a sub for each user which is unique throughout the user pool. As such, you can use the sub field as a unique identifier for your users.

Though now considering that you are using usernames for your user, the username needs to be unique and so you can use the username as well instead of the sub.

If the user pool is configured to use email as username - in this case the email needs to be unique for all the users, meaning that there can not be any duplicated email id.

Same goes for phone number if a phone number is configured to be used as username.

So, in the end it is your choice is you want to use sub as a unique identifier in your key or the username.

Answer 2

Im my opinion I would not use an email address as a key.

How would this affect the system if the user decided to change the email address in the future or for some reason the email address simply becomes obsolete.

The sub I think would be a decent choice to use as a key. However, whenever I am thinking about primary keys I'm always thinking a million years in the future.

Ultimately I would choose a key that will forever be unique throughout the org eliminating the possibility of any future conflicts or in your case, confidentiality issues.