Cognito Wrapper

Amazon Cognito is a developer-centric identity platform for web and mobile apps. It provides secure, scalable user authentication and access control, supporting password-based login, MFA, passwordless authentication, social identity providers, and enterprise SSO via SAML and OIDC, with a fully managed identity store that scales to millions of users.

The Cognito Wrapper brings your Cognito user pool data into Postgres as a queryable foreign table. Query users with plain SQL and join them against your application data. It is read-only and works with Supabase Vault for secure AWS credential management.

Preparation

Before you get started, make sure the wrappers extension is installed on your database:

and then create the foreign data wrapper:

Secure your credentials (optional)

By default, Postgres stores FDW credentials inside pg_catalog.pg_foreign_server in plain text. Anyone with access to this table will be able to view these credentials. Wrappers is designed to work with Vault, which provides an additional level of security for storing credentials. We recommend using Vault to store your credentials.

Connecting to Cognito

We need to provide Postgres with the credentials to connect to Cognito, and any additional options. We can do this using the create server command:

With Vault:

Without Vault:

Resources

• Supabase docs: Connecting to AWS Cognito
• Enable in Supabase dashboard
• Official supabase/wrappers documentation: AWS Cognito
• supabase/wrappers on GitHub
• Amazon Cognito product page