Amazon Cognito is utilized for authentication, authorization, and user management in web and mobile applications. It allows users the flexibility to sign in either directly using a user name and password or indirectly through a third party, including Facebook, Amazon, Google, or Apple.
Central to Amazon Cognito are two primary components:
User Pools: These are directories designed for your app users, offering sign-up and sign-in functionalities.
Identity Pools: These pools are instrumental in authorizing users to access different AWS services. They are not directly involved in the sign-in or sign-up process but are crucial for resource access post-authentication.
User pools
To learn what is a Cognito User Pool check:
Identity pools
The learn what is a Cognito Identity Pool check:
Enumeration
# List Identity Poolsawscognito-identitylist-identity-pools--max-results60awscognito-identitydescribe-identity-pool--identity-pool-id"eu-west-2:38b294756-2578-8246-9074-5367fc9f5367"awscognito-identitylist-identities--identity-pool-id<ident-pool-id>--max-results60awscognito-identityget-identity-pool-roles--identity-pool-id<ident-pool-id># Identities Datasets## Get dataset of identity id (inside identity pool)awscognito-synclist-datasets--identity-pool-id<ident-pool-id>--identity-id<ident-id>## Get info of the datasetawscognito-syncdescribe-dataset--identity-pool-id<value>--identity-id<value>--dataset-name<value>## Get dataset recordsawscognito-synclist-records--identity-pool-id<value>--identity-id<value>--dataset-name<value># User Pools## Get poolsawscognito-idplist-user-pools--max-results60## Get usersawscognito-idplist-users--user-pool-id<user-pool-id>## Get groupsawscognito-idplist-groups--user-pool-id<user-pool-id>## Get users in a groupawscognito-idplist-users-in-group--user-pool-id<user-pool-id>--group-name<group-name>## List App IDs of a user poolawscognito-idplist-user-pool-clients--user-pool-id<user-pool-id>## List configured identity providers for a user poolawscognito-idplist-identity-providers--user-pool-id<user-poo## List user import jobsawscognito-idplist-user-import-jobs--user-pool-id<user-pool-id>--max-results60## Get MFA config of a user poolawscognito-idpget-user-pool-mfa-config--user-pool-id<user-pool-id>## Get risk configurationawscognito-idpdescribe-risk-configuration--user-pool-id<user-pool-id>
Identity Pools - Unauthenticated Enumeration
Just knowing the Identity Pool ID you might be able get credentials of the role associated to unauthenticated users (if any). Check how here.
User Pools - Unauthenticated Enumeration
Even if you don't know a valid username inside Cognito, you might be able to enumerate valid usernames, BF the passwords of even register a new user just knowing the App client ID (which is usually found in source code). Check how here.
