Skip to content

AWS Cognito URL

Service Name: Amazon Cognito

Service Description: Amazon Cognito is a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their devices.

Service Address: https://aws.amazon.com/cognito/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to Amazon Cognito user pools and identity pools for authentication and authorization.

Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Secret Example: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_a1b2c3d4e

Suspicious Activity Investigation Instructions:

  • Review AWS CloudTrail logs for unusual API calls related to Cognito.
  • Check for unauthorized user creation or authentication attempts.
  • Monitor for changes to user pool configurations or identity provider settings.
  • Look for unusual geographic access patterns to the Cognito endpoints.

Mitigation Instructions:

  • Rotate all client secrets associated with the exposed Cognito URL.
  • Update app client settings in the AWS Cognito console.
  • Review and update callback URLs and OAuth scopes if necessary.
  • Consider implementing additional security measures like IP-based restrictions.
  • Enable enhanced security features in the user pool.