AWS Cognito Client ID
Service Name: Amazon Cognito
Service Description: Amazon Cognito is a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their devices.
Service Address: https://aws.amazon.com/cognito/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to authentication flows for Amazon Cognito User Pools.
Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
Secret Example: 1abc2d3efgh4ijklmno5pq
Suspicious Activity Investigation Instructions:
- Review AWS CloudTrail logs for unusual authentication attempts or API calls
- Check Cognito User Pool activity for unexpected user registrations or logins
- Monitor for unusual geographic access patterns in CloudWatch Logs
- Verify if the client ID has been used in unauthorized applications
Mitigation Instructions:
- Navigate to the AWS Console and go to the Cognito service
- Select the User Pool associated with the compromised client ID
- Go to the "App integration" tab and find "App clients"
- Delete the compromised app client or rotate its client secret
- Create a new app client with appropriate permissions
- Update your application to use the new client ID and secret