gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-15 22:32:31 -08:00
Code Issues Packages Projects Releases Wiki Activity

Updated Cognito Identity CLI Command Format

Browse Source 
Replaced outdated key=value syntax with JSON-based in "--logins" format, keeping the old format for preserved legacy.
This commit is contained in:
afaq
2025-08-04 23:56:55 +05:00
committed by GitHub
parent b82a88252c
commit 82a44ea4c0
1 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md
View File

@@ -167,22 +167,36 @@ For this you might need to have access to the **identity provider**. If that is
Anyway, the **following example** expects that you have already logged in inside a **Cognito User Pool** used to access the Identity Pool (don't forget that other types of identity providers could also be configured). Anyway, the **following example** expects that you have already logged in inside a **Cognito User Pool** used to access the Identity Pool (don't forget that other types of identity providers could also be configured).
<pre class="language-bash"><code class="lang-bash">aws cognito-identity get-id \ <pre class="language-bash"><code class="lang-bash">
--identity-pool-id <identity_pool_id> \ # Updated format
--logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN> aws cognito-identity get-id \
--identity-pool-id <identity_pool_id> \
--logins '{"cognito-idp.<region>.amazonaws.com/<user_pool_id>": "<ID_TOKEN>"}'
# Get the identity_id from the previous commnad response
aws cognito-identity get-credentials-for-identity \ aws cognito-identity get-credentials-for-identity \
--identity-id <identity_id> \ --identity-id <identity_id> \
--logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN> --logins '{"cognito-idp.<region>.amazonaws.com/<user_pool_id>": "<ID_TOKEN>"}'
# In the IdToken you can find roles a user has access because of User Pool Groups
# User the --custom-role-arn to get credentials to a specific role
aws cognito-identity get-credentials-for-identity \ aws cognito-identity get-credentials-for-identity \
--identity-id <identity_id> \ --identity-id <identity_id> \
<strong> --custom-role-arn <role_arn> \ --custom-role-arn <role_arn> \
</strong> --logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN> --logins '{"cognito-idp.<region>.amazonaws.com/<user_pool_id>": "<ID_TOKEN>"}'
</code></pre>
> **Deprecated format** — these may no longer work with current AWS CLI:
<pre class="language-bash"><code class="lang-bash">
aws cognito-identity get-id \
--identity-pool-id <identity_pool_id> \
--logins cognito-idp.<region>.amazonaws.com/<user_pool_id>=<ID_TOKEN>
aws cognito-identity get-credentials-for-identity \
--identity-id <identity_id> \
--logins cognito-idp.<region>.amazonaws.com/<user_pool_id>=<ID_TOKEN>
aws cognito-identity get-credentials-for-identity \
--identity-id <identity_id> \
--custom-role-arn <role_arn> \
--logins cognito-idp.<region>.amazonaws.com/<user_pool_id>=<ID_TOKEN>
</code></pre> </code></pre>
> [!WARNING] > [!WARNING]