Skip to content

AWS Cognito Client ID

Service Name: Amazon Cognito

Service Description: Amazon Cognito is a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their devices.

Service Address: https://aws.amazon.com/cognito/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to authentication flows for Amazon Cognito User Pools.

Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Secret Example: 1abc2d3efgh4ijklmno5pq

Suspicious Activity Investigation Instructions:

  • Review AWS CloudTrail logs for unusual authentication attempts or API calls
  • Check Cognito User Pool activity for unexpected user registrations or logins
  • Monitor for unusual geographic access patterns in CloudWatch Logs
  • Verify if the client ID has been used in unauthorized applications

Mitigation Instructions:

  • Navigate to the AWS Console and go to the Cognito service
  • Select the User Pool associated with the compromised client ID
  • Go to the "App integration" tab and find "App clients"
  • Delete the compromised app client or rotate its client secret
  • Create a new app client with appropriate permissions
  • Update your application to use the new client ID and secret