Posted On: Feb 5, 2020

Amazon Cognito User Pools now supports logging for all of the actions listed on the User Pool Actions page as events in CloudTrail log files, making it easier for developers to record all actions taken by a user, role, or an AWS service. The enhanced CloudTrail logging improves governance, compliance, and operational and risk auditing capabilities. Hosted UI and Federation calls are currently not included in CloudTrail logging events. Developers can create a trail and enable continuous delivery of Cognito API calls captured as CloudTrail events to an Amazon S3 bucket. Without configuring a trail, developers can still view the most recent events in the CloudTrail console in the Event history. This feature is available now in Amazon Cognito User Pools at no additional cost.  

Amazon Cognito User Pools provide a secure user directory that scales to millions of users. As a fully managed service, User Pools provide an identity and authentication layer to applications.  

CloudTrail logging is available in all regions where Amazon Cognito operates. For a list of regions where Amazon Cognito is available, see the AWS Region table. To learn more about Amazon Cognito, visit the documentation. To get started, visit the Amazon Cognito home page.