AWS Cognito URL
Service Name: Amazon Cognito
Service Description: Amazon Cognito is a user identity and data synchronization service that helps you securely manage and synchronize app data for your users across their devices.
Service Address: https://aws.amazon.com/cognito/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to Amazon Cognito user pools and identity pools for authentication and authorization.
Secret Revokement URL: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
Secret Example: https://cognito-idp.us-east-1.amazonaws.com/us-east-1_a1b2c3d4e
Suspicious Activity Investigation Instructions:
- Review AWS CloudTrail logs for unusual API calls related to Cognito.
- Check for unauthorized user creation or authentication attempts.
- Monitor for changes to user pool configurations or identity provider settings.
- Look for unusual geographic access patterns to the Cognito endpoints.
Mitigation Instructions:
- Rotate all client secrets associated with the exposed Cognito URL.
- Update app client settings in the AWS Cognito console.
- Review and update callback URLs and OAuth scopes if necessary.
- Consider implementing additional security measures like IP-based restrictions.
- Enable enhanced security features in the user pool.