How do you query Cognito user events?
How do you examine Cognito user events? I recently needed to see who logged into one of our apps last Friday afternoon. This app is using Cognito for user authentication so I thought it would be easy to find this type of information; boy was I wrong. I'm able to see user events (login, logout, etc.) for a single user by using the Cognito UI but there doesn't seem to be any way to see that information in bulk. Or to create a report of user event data. Or to even search across users.
I ended up building a little Ruby script to go through the Cognito API, list all the users, and grab the events for each user individually. This worked but it seems pretty clunky.
Is there a way to get Cognito to log this information somewhere else, such as CloudWatchLogs or an S3 bucket?
- Newest
- Most votes
- Most comments
Looks like Cognito sends events to CloudTrail [1] including the user events you are interested in.
[1] https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-info-in-cloudtrail.html
Relevant content
- asked 6 months ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 7 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
That's sorta, kind of a solution. Though CloudTrail doesn't have the best or easiest querying method :puke:. Plus, it looks like CloudTrail only captures the users "sub" and not their name or email address, so you still have to hit the Cognito API to get any usable information out of it.
I think it's so frustrating because the Cognito console displays user activity for each individual user. It just seems so simple for them to add a global user activity feed somewhere as well.
Yh agree, would need to take it into Athena to get any more advance query capabilities out of it. Could be worth raising a feature request for it