AWS Cognito - Logging end user activities for auditing

Question

I am using Cognito for authentication. I am using the default sign-in page application for the end user to login to the application.

I need to log end-user activities related to the sign-in page for auditing purpose. Basically, I need to log when the user signed-up, signed-in, signed out and changed password. I can use triggers "Post Authentication Lambda Trigger" but forgot password and sign out events are missing. Could you please help me on how to achieve this?

Answer 1

AWS Cognito Advanced Security Features provides this functionality. You can find more details here https://aws.amazon.com/blogs/security/how-to-use-new-advanced-security-features-for-amazon-cognito-user-pools/

Advanced Security Features