What if a simple Cognito login could grant an attacker access to your S3 buckets, DynamoDB tables, or worse? When AWS Cognito Identity Pools are configured with excessive IAM permissions, authenticated users receive temporary credentials that let them far exceed their intended access. Authenticate to a user pool, exchange the ID token for AWS credentials, then leverage whatever permissions the Identity Pool grants. Even unauthenticated users can be affected.

https://hackingthe.cloud/aws/exploitation/cognito_identity_pool_excessive_privileges/?mtm_campaign=social_mastodon