Amazon Cognito integration
Amazon Cognito is a managed service provided by Amazon Web Services (AWS) that simplifies the process of adding authentication, authorization, and user management to your applications. It allows you to control access to AWS resources securely, authenticate users, and manage user identities across web and mobile applications.
Site24x7's integration with Amazon Cognito enables users to monitor and manage their Cognito resources in real time. The integration leverages CloudWatch metrics to provide a centralized view of authentication and identity management activities.
Overview
By connecting Cognito with Site24x7, users gain access to detailed insights into the health, performance, and usage of their user pools, app clients, and identity pools. Site24x7's integration with Amazon Cognito provides the following monitors:
- Cognito User Pool: Monitors all user pools and offers insights into supported CloudWatch metrics. Each user pool includes the following child monitors:
- Cognito User: Tracks and monitors your users.
- Cognito Identity Provider: Monitors all identity providers associated with your user pool and provides insights into supported CloudWatch metrics.
- Cognito App Client: Monitors all app clients associated with your user pool and provides insights into supported CloudWatch metrics.
- Cognito Identity Pool: Monitors all identity pools and provides insights into supported statistics.
Use cases
- Consider that your organization manages multiple applications using Amazon Cognito for authentication and identity management. With Site24x7’s Cognito integration, you can gain real-time insights into Cognito user pool metrics, including the number of users, federated identity providers, and app clients. This helps your organization optimize costs by managing its user pool charges effectively.
- Let's look at another scenario where your organization relies on Amazon Cognito Identity Pools to manage authenticated and unauthenticated user identities across various applications. By integrating with Site24x7, you can track the number of active identities and identity providers, ensuring security compliance and detecting anomalies in user authentication patterns. When a threshold breach occurs—such as a spike in unauthorized identity access—your IT team receives instant alerts.
Benefits of Site24x7's Amazon Cognito integration
Integrate your Amazon Cognito environment with Site24x7 and leverage the following benefits:
- Gain deep visibility into your Cognito User Pools, including the count of users, federated identity providers, and app clients.
- Monitor key metrics, such as Cognito user pool metrics, identity provider metrics, app client metrics, and identity pool activities.
- Detect authentication issues early and get notified about abnormal authentication attempts or errors instantly.
- Track user pool activity and ensure optimal performance.
- Set thresholds for metrics and receive alerts for threshold breaches.
Setup and configuration
- Log in to your Site24x7 account.
- Go to Cloud > AWS > Integrate AWS Account and create a cross-account IAM role to enable Site24x7 to access your AWS resources.
- On the Integrate AWS Account page, select either Cognito User Pool or Cognito Identity Pool or both from the Services to be discovered list based on your requirement.
Permissions
Ensure that Site24x7 receives the following permissions to monitor Amazon Cognito:
- cognito-idp:ListIdentityProviders
- cognito-idp:ListTagsForResource
- cognito-idp:ListUserPools
- cognito-idp:ListUserPoolClients
- cognito-idp:ListUsers
- cognito-idp:DescribeUserPool
- cognito-idp:DescribeUserPoolClient
- cognito-idp:DescribeIdentityProvider
- cognito-identity:DescribeIdentityPool
- cognito-identity:ListIdentityPools
- cognito-identity:ListIdentities
- cognito-identity:GetIdentityPoolRoles
- cognito-identity:ListTagsForResource
- cognito-identity:DescribeIdentity
Polling frequency
Site24x7 queries AWS service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from Amazon Cognito monitors.
Supported metrics
The supported metrics for Amazon Cognito monitor are given below.
Cognito User Pool metrics
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Number of Users | The total number of users in the user pool. | Maximum | Count |
| App Clients | The total number of app clients in the user pool. | Maximum | Count |
| Federated Identity Providers | The total number of federated identity providers in the user pool. | Maximum | Count |
| Admin SignUp Successes | The total number of successful user registration requests made to the Amazon Cognito user pool by the admin. | Sum | Count |
| Total Admin SignUp Request | The total number of user registration requests made to the Amazon Cognito user pool by the admin. | Sample Count | Count |
| Admin Success SignUp Percentage | The percentage of successful user registration requests made to the Amazon Cognito user pool by the admin. | Average | Percentage |
| Admin Failed SignUp | The total number of failed user registration requests percentage made to the Amazon Cognito user pool by the admin. | Sum | Count |
| Admin SignUp Throttles | The total number of throttled user registration requests made to the Amazon Cognito user pool by the admin. | Sum | Count |
Cognito Identity Provider metrics
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Federation Successes | The total number of successful identity federation requests made to the Amazon Cognito user pool. | Sum | Count |
| Total Federation Request | The total number of identity federation requests made to the Amazon Cognito user pool. | Sample Count | Count |
| Federation Success Percentage | The percentage of number of successful identity federation requests made to the Amazon Cognito user pool. | Average | Percentage |
| Federation Failed | The total number of failed identity federation requests made to the Amazon Cognito user pool. | Sum | Count |
| Federation Throttles | The total number of throttled identity federation requests made to the Amazon Cognito user pool. | Sum | Count |
Cognito App Client metrics
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Sign Up Successes | The total number of successful user registration requests made to the Amazon Cognito user pool. | Sum | Count |
| Total Sign Up Request | The total number of user registration requests made to the Amazon Cognito user pool. | Sample Count | Count |
| Sign Up Success Percentage | The percentage of successful user registration requests made to the Amazon Cognito user pool. | Average | Percentage |
| Sign Up Failed | The total number of failed user registration requests percentage made to the Amazon Cognito user pool. | Sum | Count |
| Sign Up Throttles | The total number of throttled user registration requests made to the Amazon Cognito user pool. | Sum | Count |
| Sign In Successes | The total number of successful user authentication requests made to the Amazon Cognito user pool. | Sum | Count |
| Total Sign In Request | The total number of user authentication requests made to the Amazon Cognito user pool. | Sample Count | Count |
| Sign In Success Percentage | The percentage of total number of successful user authentication requests made to the Amazon Cognito user pool. | Average | Percentage |
| Sign In Failed | The total number of failed user authentication requests made to the Amazon Cognito user pool. | Sum | Count |
| Sign In Throttles | The total number of throttled user authentication requests made to the Amazon Cognito user pool. | Sum | Count |
| Token Refresh Successes | The total number of successful requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. | Sum | Count |
| Total Token Refresh Request | The total number of requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. | Sample Count | Count |
| Token Refresh Success Percentage | The percentage of successful requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. | Average | Percentage |
| Token Refresh Failed | The total number of failed requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. | Sum | Count |
| Token Refresh Throttles | The total number of throttled requests to refresh an Amazon Cognito token that were made to the Amazon Cognito user pool. | Sum | Count |
Cognito Identity Pool metrics
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Total Identities | The total number of identities in the identity pool. | Maximum | Count |
| Authenticated Identities | The total number of authenticated identities in the identity pool. | Maximum | Count |
| Unauthenticated Identities | The total number of unauthenticated identities in the identity pool. | Maximum | Count |
| Total Identity Providers | The total number of identity providers in the identity pool. | Maximum | Count |
Threshold configuration
To configure thresholds for a Cognito monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select the applicable monitor type from the Monitor Type drop-down menu. The available monitor types are Cognito User Pool, Cognito User, Cognito Identity Provider, Cognito App Client, and Cognito Identity Pool.
- Provide an appropriate name in the Display Name field.
- The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
- Click Save.
Status propagation in Cognito monitors
Site24x7's Cognito integration includes the status propagation feature, which ensures that alerts from child monitors are propagated to the parent Cognito User Pool monitor. By enabling the Notify for Any Child Monitor Status Changes option on the Edit Threshold Profile page, you can streamline how alerts are handled across your Cognito resources.
Child monitors, such as User, Identity Provider, and App Client monitors, will notify the parent Cognito User Pool monitor of any status changes. This propagation helps you maintain a centralized view of all alerts and ensures timely responses to potential issues.
For example, if an issue arises with an app client or identity provider, the alert will not only be visible at the child monitor level but also in the parent Cognito User Pool monitor, offering a unified monitoring experience.
Licensing
- Each Cognito User Pool monitor is considered as an advanced monitor.
- The Cognito User, Cognito Identity Provider, and Cognito App client monitors are free monitors.
- Each Cognito Identity Pool monitor utilizes one basic monitor license.
Viewing Amazon Cognito monitors
- To monitor your Cognito User Pool environment, log in to your Site24x7 account and navigate to Cloud > AWS > Cognito User Pool.
- To monitor your Cognito Identity Pool environment, log in to your Site24x7 account and navigate to Cloud > AWS > Cognito Identity Pool.
Monitor data
The monitor data for each Amazon Cognito monitor is given below.
Cognito User Pool
Summary
The Summary tab provides an overview of the event timeline and metrics in the form of charts.
Users
View the Users Availability and the list of user monitors along with their status, monitor type, and action options. You can configure thresholds using the Action button of the preferred source server monitor, and you can set bulk thresholds using the Threshold Configuration button. To view the User monitor details, click the desired monitor name hyperlink.
Identity Providers
View the Identity Providers Availability and the list of Identity Providers monitors along with their status, Total Federation Request (Count), Federation Successes (Count), and action options. You can configure thresholds using the Action button of the preferred source server monitor, and you can set bulk thresholds using the Threshold Configuration button. To view the Identity Providers monitor details, click the desired monitor name hyperlink.
App Clients
View the App Clients Availability and the list of App Client monitors along with their status, Total Sign Up Request (Count), Sign Up Successes (Count), and action options. You can configure thresholds using the Action button of the preferred source server monitor, and you can set bulk thresholds using the Threshold Configuration button. To view the App Client monitor details, click the desired monitor name hyperlink.
Configuration
View the configuration details of Cognito User Pool monitors, such as the Region, User Pool ID, User Pool Name, and User Pool ARN, on this tab.
Outages
The Outages tab provides details on an outage's start time, end time, duration, and comments (if any).
Inventory
Obtain details like the Resource Name, Region, and Monitor Licensing Category on the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed on this tab.
Log Report
This tab offers a consolidated report of each Cognito User Pool monitor's log status, which can be downloaded as a CSV file.
Cognito User
Summary
The Summary tab provides an overview of the event timeline and metrics in the form of charts.
User Attributes
View user attribute details, such as Attribute Name, Value, and Verification, in the User Attributes tab.
Outages
The Outages tab provides details on an outage's start time, end time, duration, and comments (if any).
Inventory
Obtain details like the Resource Name, Region, and Monitor Licensing Category on the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed on this tab.
Log Report
This tab offers a consolidated report of each Cognito User monitor's log status, which can be downloaded as a CSV file.
Cognito Identity Provider
Summary
The Summary tab provides an overview of the event timeline and metrics in the form of charts.
Configuration
View the configuration details of Cognito Identity Provider monitors, such as the Region, User Pool ID, Provider Name, and Identity Provider Type, on this tab.
Attribute Mapping
Obtain attribute mapping details, such as the Identity provider attribute and User pool attribute, from the Attribute Mapping tab.
Outages
The Outages tab provides details on an outage's start time, end time, duration, and comments (if any).
Inventory
Obtain details like the Type, Region, and Monitor Licensing Category on the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed on this tab.
Log Report
This tab offers a consolidated report of each Cognito Identity Provider monitor's log status, which can be downloaded as a CSV file.
Cognito App Client
Summary
The Summary tab provides an overview of the event timeline and metrics in the form of charts.
Identity Providers
View the Identity Providers Availability and the list of Identity Providers in this tab.
Configuration Details
View the configuration details of Cognito App Client monitors, such as the Region, App Client Name, User Pool ID, and Client ID, on this tab.
Permissions
The Permissions tab provides the list of attribute read and write permissions for the App Client monitor.
Outages
The Outages tab provides details on an outage's start time, end time, duration, and comments (if any).
Inventory
Obtain details like the Type, Region, and Monitor Licensing Category on the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed on this tab.
Log Report
This tab offers a consolidated report of each Cognito App Client monitor's log status, which can be downloaded as a CSV file.
Cognito Identity Pool
Summary
The Summary tab provides an overview of the events timeline and metrics in the form of charts.
Configuration
View the configuration details of Cognito User Pool monitors, such as the Region, Identity Pool ID, Identity Pool Name, and ARN, on this tab.
Identities
Obtain details such as Identity ID, Identity Provider, Created Date, and Last Modified Date from the Indentities tab. Click the Identity Provider link to view the Identity Provider login details.
Identity Providers
This tab provides you with details such as Identity Provider Type, Identity Provider, Client ID, Role Selection, and Role Solution. Click the Rules hyperlink to view rule details.
Outages
The Outages tab provides details on an outage's start time, end time, duration, and comments (if any).
Inventory
Obtain details like the Identity Pool ID, Region, and Monitor Licensing Category on the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed on this tab.
Log Report
This tab offers a consolidated report of each Cognito Identity Pool monitor's log status, which can be downloaded as a CSV file.
-
On this page
- Overview
- Use cases
- Benefits of Site24x7's Amazon Cognito integration
- Setup and configuration
- Permissions
- Polling frequency
- Cognito User Pool metrics
- Cognito Identity Provider metrics
- Cognito App Client metrics
- Cognito Identity Pool metrics
- Threshold configuration
- Status propagation in Cognito monitors
- Licensing
- Viewing Amazon Cognito monitors
- Monitor data