steampipe plugin install awssteampipe plugin install aws

Table: aws_cognito_identity_provider - Query AWS Cognito Identity Providers using SQL

The AWS Cognito Identity Provider is a feature of Amazon Cognito, a service that provides authentication, authorization, and user management for your web and mobile apps. It allows you to easily integrate third-party identity providers with your Cognito User Pools, enabling users to sign in using their existing social or enterprise identities. This simplifies the sign-in process for your users and can help increase engagement.

Table Usage Guide

The aws_cognito_identity_provider table in Steampipe provides you with information about the identity provider configurations within AWS Cognito User Pools. This table allows you, as a DevOps engineer, security analyst, or developer, to query provider-specific details, including the provider name, type, attributes mapping, and associated metadata. You can utilize this table to gather insights on identity providers, such as understanding the identity providers linked to user pools, verifying attribute mappings, and more. The schema outlines the various attributes of the identity provider for you, including the provider name, creation date, user pool id, and attribute mapping.

Examples

Basic info

Explore which identity providers are associated with a specific user pool in a certain region and account of AWS Cognito service. This can be useful to understand the configuration of identity providers for managing user authentication and access control.

select
  provider_name,
  user_pool_id,
  region,
  account_id
from
  aws_cognito_identity_provider
where
  user_pool_id = 'us-east-1_012345678';

select
  provider_name,
  user_pool_id,
  region,
  account_id
from
  aws_cognito_identity_provider
where
  user_pool_id = 'us-east-1_012345678';

Show details of Google identity providers of a user pool

Discover the segments that pertain to Google as an identity provider within a specified user pool. This can help in understanding the association between the user pool and Google, aiding in user management and access control.

select
  provider_name,
  user_pool_id,
  provider_details
from
  aws_cognito_identity_provider
where
  provider_type = 'Google'
  and user_pool_id = 'us-east-1_012345678';

select
  provider_name,
  user_pool_id,
  provider_details
from
  aws_cognito_identity_provider
where
  provider_type = 'Google'
  and user_pool_id = 'us-east-1_012345678';

Schema for aws_cognito_identity_provider

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
attribute_mapping	jsonb		A mapping of IdP attributes to standard and custom user pool attributes.
creation_date	timestamp with time zone		The date the provider was added to the user pool.
idp_identifiers	jsonb		A list of IdP identifiers.
last_modified_date	timestamp with time zone		The date the provider was last modified.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
provider_details	jsonb		The IdP details.
provider_name	text	=	The IdP name.
provider_type	text		The IdP type.
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.
user_pool_id	text	=	The user pool ID.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cognito_identity_provider