alt Hacker NewsCognito is AWS's customer's customer's user login system, so I, as a SaaS company, would use it so my users can log in to my platform. They charge per-user, so if my platform is going to have millions of users, choosing Cognito is a bad idea that will eat all my money.
However if I only expect to have a handful of (lucrative) users, it's not the worst idea. The other reason to use Cognito is that AWS handles all the user login issues, and costs very few lines of code to use on my end. The fatal security issue is getting hacked, either the platform as a whole, eg S3 bucket with bad perms or user login getting leaked and reused. While obviously no system is unhackable, the gamble is if a homegrown system is more impervious than Cognito (or someone else's eg Supabase). With a large development team where the login system and overall system security isn't going to be an afterthought, I wouldn't think about using Cognito, but where both of those things are an afterthought, I'd at least consider Cognito, or some other managed system.
The ultimate problem with Cognito though is the vendor lock in. (Last I checked, which was years ago) in order to migrate users out, they have to reset their password which would cause users to bounce off your service instead of renewing their subscription.
That’s where I end up getting hired, leveraging similar functionality I implement on my own. It’s a tradeoff. Do you want to invest in someone like me, or offload it to aws? if you offload it to aws, of course you will bear the costs of that that my salary absorbs. It is a tradeoff that must be measured, but quick fixes with managed services are tempting. you will of course absorb some cost of my salary there in terms of what aws provides and dictates.