AWS Cognito Client Secret
Service Name: Amazon Web Services Cognito
Service Description: AWS Cognito is a user identity and data synchronization service that helps manage user authentication and access control for web and mobile applications.
Service Address: https://aws.amazon.com/cognito/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to authenticate users with AWS Cognito user pools and identity providers.
Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
Secret Example: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t1u2v
Suspicious Activity Investigation Instructions:
- Review AWS CloudTrail logs for unusual authentication attempts or API calls related to Cognito.
- Check for unexpected user registrations or authentication patterns in the Cognito user pool.
- Monitor for unusual token issuance or refresh activities.
- Examine access patterns to resources secured by Cognito.
Mitigation Instructions:
- Go to the AWS Cognito console.
- Select the user pool associated with the compromised client secret.
- Go to App integration > App client settings.
- Find the app client with the compromised secret.
- Generate a new client secret by selecting Generate client secret.
- Update all applications using this client secret with the new value.
- Consider implementing additional security measures such as resource server scopes and OAuth flows.