If you’re reading this with a sinking feeling in your stomach, you’re probably one of the many developers who just received their first AWS Cognito bill for machine-to-machine (M2M) authentication. Yes, the year-long grace period is over, and the free ride has officially ended.

Let’s rewind to May 9, 2024. AWS dropped a pricing bomb on the developer community: Cognito would start charging for M2M authentication. But here’s the kicker—if you were already using it, you got a 12-month grace period. That seemed generous at the time.

Fast forward to today, May 2025. The bills are rolling in, and suddenly that “generous” grace period feels more like a ticking time bomb that just went off.

For those who haven’t been following closely, M2M authentication is when your backend services talk to each other – no humans involved. Think of it as the digital equivalent of your microservices having a private conversation. Previously, these conversations were free. Now, they cost money.

The pricing structure is twofold: $6 per month for each app client (each service that needs to authenticate) and $0.00225 per 1,000 token requests (each time they authenticate).

The Real-World Impact

Let me paint you a picture. You’re running a modern microservices architecture with an API Gateway, 10 backend microservices, 5 worker services for background jobs, and 3 services for third-party integrations. That’s 19 services total.

At $6 per service, you’re looking at $114/month just for having these services exist. Add in the token requests – let’s say each service authenticates 100 times per day (pretty conservative for active services). That’s 19 services × 100 requests × 30 days = 57,000 requests per month, which comes to another $128.25/month.

Your total M2M bill: $242.25/month or nearly $3,000/year.

And this stings for several reasons.

Why This Stings

AWS gave you a year to get comfortable, to build your architectures around free M2M authentication. Now, extracting yourself is painful and expensive. Whether intentional or not, you find yourself deeply integrated with a service that’s now a significant line item in your budget.

Many teams chose microservices architectures partly because the authentication layer was “free.” Each new service didn’t add to the AWS bill. That calculation has fundamentally changed. We made architecture decisions in good faith, building distributed systems according to best practices.

But here’s the rub: this pricing model essentially taxes modern, distributed architectures. The more you follow best practices of service separation, the more you pay. Monoliths are looking slightly more attractive today, aren’t they?

What Are Your Options?

The simplest option is to pay up. Accept that this is now a cost of doing business with AWS. Budget for it and move on. Many companies will do exactly this because the alternatives are complex and risky.

You could consolidate services to reduce your number of app clients. This goes against microservices best practices, but desperate times call for desperate measures. Maybe those three notification services could become one. Maybe your separate read and write services could reunite.

Some teams are considering building their own M2M authentication system. It’s time-consuming and risky, but potentially cheaper at scale. Of course, you’ll need to factor in development time, maintenance, and the inevitable security vulnerabilities you’ll introduce.

Others are looking at switching providers. Alternative authentication services might offer better pricing for your use case. But migration is never simple, and you might find yourself in the same situation in a few years with a different vendor.

A hybrid approach is emerging as a popular option: use Cognito for user authentication (still has a generous free tier) but implement a simpler solution for M2M. This adds complexity but might save money.

Lessons Learned

When a cloud provider offers something for free, we should always ask ourselves: “What’s the catch?” The catch is usually that they’ll charge for it once you’re hooked. There’s no such thing as a free lunch in the cloud.

That 12-month grace period wasn’t a gift – it was your migration window. If you didn’t use it to prepare, you’re now paying the price, literally. Grace periods are migration periods, and we need to treat them as such.

When designing systems, we need to consider not just current pricing but potential future pricing. What seems free today might not be tomorrow. Architecture decisions should factor in the risk of pricing changes.

The Silver Lining

It’s not all doom and gloom. AWS Cognito is still a solid service that handles a lot of complexity for you. The pricing, while unwelcome, is relatively reasonable compared to building and maintaining your own auth system. For many companies, $200-500/month is worth it for a managed, scalable authentication service.

If you’re just discovering this pricing change, take a deep breath. Evaluate your options carefully. It’s important to do a thorough cost-benefit analysis before making any major architectural changes.

For those building new systems: factor in M2M costs from day one. Design your architecture with authentication costs in mind. Maybe that means fewer services, maybe it means a different auth strategy altogether.

The Bigger Picture

This pricing change is part of a larger trend in cloud services. As the market matures, providers are optimizing their pricing models. The era of generous free tiers and loss-leader pricing is gradually ending.

We’re entering a phase where cloud services are priced more like utilities – you pay for what you use, even if what you use is just keeping the lights on.

As developers and architects, we need to build systems that are not just technically sound but also economically sustainable. That means considering not just the current cost but the trajectory of costs over time.

So yes, the free ride is over. The bill has come due. But with careful planning and smart architecture decisions, we can still build great systems without breaking the bank.

Just maybe with a few fewer microservices than before.