The Strange, Too-Familiar Tale of ‘Uncle Suitcase’

I was recently reminded of a bizarre story a friend once told me about a very strange man he encountered at a wedding reception.

Apropos of nothing, the man stomped on the floor and proclaimed, “They don’t make floors like this in China!” He went on to introduce himself to the guests.

“Call me Suitcase,” he said.

It turned out that “Uncle Suitcase” had lived in China for years as a traveling salesman who lived out of his suitcase, which gave rise to the odd nickname.

As the conversation continued, it turned out that Uncle Suitcase hadn’t lived in China, he’d simply visited it for a few months.

Well, really, he’d visited it for a week.

OK, well, he’d never been to China at all. But he’d heard good things!

And over the course of the evening, people were taken by Uncle Suitcase’s evolving story — to the point that he was the person that everyone was talking about.

My friend realized that every wedding has an Uncle Suitcase. And this got me thinking, of course, about AWS services.

The ‘Uncle Suitcase’ service of an AWS wedding

If all of the AWS services were guests at a wedding, you could expect a lot of interesting family dynamics. Aunt Lambda would disappear midway through a conversation with you. Cousin DynamoDB would talk smack about the other weddings she’d attended. EC2 would get drunk and boast about how he paid for all this.

And the Uncle Suitcase of the AWS wedding guests would almost certainly be Cognito.

“They don’t make floors like this in China!” becomes “I provide simple and secure user sign-up, sign-in, and access control!” at the AWS wedding.

Sure, it sounds reasonable, and the conversation would no doubt be engaging. But soon the cracks would start to show. The difference between “user pools” and “identity pools” quickly shows itself to be so vast that you realize Cognito is really talking about two different services.

Uncle Suitcase has never actually been to China. Similarly, once you spin up Cognito, you’re locked to Cognito in the region you selected — full stop. There’s no multi-region here, and migrations … well.

“What is the DEAL with Uncle Suitcase?!” guests ask one another at normal weddings. At the AWS wedding, they’re instead wondering why migrating from Cognito to anything else requires all of your users to reset their passwords.

“There is no possible way I can force all my users to change their credentials without it looking like we’ve suffered a data breach we aren’t disclosing,” grouses the bride’s college roommate.

The other bride’s aunt nods emphatically. “There’s no good story around customizing the login flow for UX purposes. Even the customization opportunities are limited to AWS’s imagined use cases!”

The crowd agrees and starts to pile on, when ~~Uncle Suitcase~~ Cognito comes back from the bathroom.

“Did you know that the first 50,000 users are completely free?” asks Cognito, apparently unaware of exactly how transparent the lock-in setup he was spinning really was.

Auth0 and FusionAuth offer way less than that,” he exclaims, completely unaware that he’d just helped his audience out by highlighting two very competent alternatives to his increasingly intoxicated self.

“Go home, Cognito, you’re drunk,” you tell him, as AWS SSO carefully takes his car keys and calls Cognito a ride. You’d love to just blame it on the alcohol, but Cognito’s boasts and exaggerations were just as ludicrous at the beginning of the night as they are now.

At this point, the only thing left to do is to take him off the guest list for the next AWS wedding — leaving Cognito to make up new wild tales at home alone – or wherever it is that he came from.

The truth about Amazon Cognito

Amazon Cognito boasts about all it can accomplish, without the substance to back up its claims. Until AWS can deliver on Cognito’s assertion that it’s a simple, functional sign-in service, it’s doomed to be the Uncle Suitcase of AWS services.

After all, if you’re at a wedding and you don’t know who Uncle Suitcase is, the right answer is almost certainly “you.”