AWS - Service - Cognito
AWS Cognito is an AWS-managed service for authentication, authorization, and user management.
- A user signs in through Cognito User Pools (authentication) or via a federated IdP (Google, Facebook, SAML, etc.).
- Cognito Identity Pools can then exchange this identity for temporary AWS credentials (from STS — Security Token Service).
- These credentials (Access Key ID, Secret Access Key, and Session Token) let the app directly call AWS services (e.g., S3, DynamoDB, API Gateway) with limited IAM roles/policies.
Tools
-
Cognito Scanner - A CLI tool for executing attacks on cognito such as Unwanted account creation, Account Oracle and Identity Pool escalation.
Identity Pool ID
- User Pools : User pools allow sign-in and sign-up functionality
- Identity Pools : Identity pools allow authenticated and unauthenticated users to access AWS resources using temporary credentials
Once you have the Cognito Identity Pool Id token, you can proceed further and fetch Temporary AWS Credentials for an unauthenticated role using the identified tokens.
import boto3
region='us-east-1'
identity_pool='us-east-1:5280c436-2198-2b5a-b87c-9f54094x8at9'
client = boto3.client('cognito-identity',region_name=region)
_id = client.get_id(IdentityPoolId=identity_pool)
_id = _id['IdentityId']
credentials = client.get_credentials_for_identity(IdentityId=_id)
access_key = credentials['Credentials']['AccessKeyId']
secret_key = credentials['Credentials']['SecretKey']
session_token = credentials['Credentials']['SessionToken']
identity_id = credentials['IdentityId']
print("Access Key: " + access_key)
print("Secret Key: " + secret_key)
print("Session Token: " + session_token)
print("Identity Id: " + identity_id)
AWS Cognito Commands
Get User Information
Admin Authentication
List User Groups
aws cognito-idp admin-list-groups-for-user --username user.name@email.com --user-pool-id "Group-Name"
Sign up
Modify Attributes
aws cognito-idp update-user-attributes --access-token $(cat access_token) --user-attributes Name=<attribute>,Value=<value>