AWS Cognito
Feature availability
Section titled “Feature availability”| Feature | Support |
|---|---|
| User management | ✅ Full |
| Organizations | ❌ Not supported |
| Audit logs | ❌ Not supported (use AWS CloudTrail externally) |
-
Create a Cognito User Pool
In the AWS Console: Amazon Cognito → Create user pool.
Note the User pool ID (e.g.
us-east-1_xxxxxxxxx) and the Region. -
Create an IAM user for AUMS
In the IAM Console: Users → Create user. Give it a name like
aums-management.Attach the following inline policy:
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["cognito-idp:ListUsers","cognito-idp:AdminGetUser","cognito-idp:AdminCreateUser","cognito-idp:AdminUpdateUserAttributes","cognito-idp:AdminDeleteUser","cognito-idp:AdminDisableUser","cognito-idp:AdminEnableUser","cognito-idp:AdminResetUserPassword","cognito-idp:AdminSetUserPassword","cognito-idp:AdminListGroupsForUser","cognito-idp:ListUsersInGroup"],"Resource": "arn:aws:cognito-idp:REGION:ACCOUNT_ID:userpool/USER_POOL_ID"}]}Replace
REGION,ACCOUNT_ID, andUSER_POOL_IDwith your values. -
Create access keys
For the IAM user: Security credentials → Create access key. Choose Other as the use case.
Copy the Access key ID and Secret access key.
-
Set environment variables
Terminal window PROVIDER=cognitoCOGNITO_REGION=us-east-1COGNITO_USER_POOL_ID=us-east-1_xxxxxxxxxAWS_ACCESS_KEY_ID=your-access-key-idAWS_SECRET_ACCESS_KEY=your-secret-access-key
Audit logs
Section titled “Audit logs”AUMS does not surface Cognito audit events. To monitor user activity, enable AWS CloudTrail in your account and filter for cognito-idp.amazonaws.com events.