Connect Aws Cognito to AI agents

Connect Aws Cognito to Claude, Codex, Cursor, or other AI agents for your entire team. Metorial security, governance, observability, and gives your team a unified Magic MCP url to connect.

Supported Tools

manage_user

Manage User

Create, get, update, disable, enable, confirm, reset password, set password, or delete a user in a Cognito user pool. Combines all administrative user operations into a single flexible tool.

manage_identity_provider

Manage Identity Provider

Create, get, update, delete, or list federated identity providers (SAML, OIDC, Google, Facebook, Apple, Amazon) in a Cognito user pool. Manages federation configuration for external sign-in sources.

manage_group_membership

Manage Group Membership

Add or remove users from groups, list users in a group, or list groups for a user. Provides complete group membership management for role-based access control.

list_user_pools

List User Pools

List all Cognito user pools in the configured AWS region. Returns pool names, IDs, statuses, and creation dates. Supports pagination for accounts with many user pools.

manage_group

Manage Group

Create, get, update, or delete a group in a Cognito user pool. Groups provide role-based access control and can be associated with IAM roles for identity pool authorization.

manage_app_client

Manage App Client

Create, get, update, delete, or list app clients for a Cognito user pool. App clients define how applications interact with the user pool, including authentication flows, OAuth scopes, callback URLs, and token settings.

list_users

List Users

List users in a Cognito user pool. Supports filtering by attributes such as email, username, phone_number, name, given_name, family_name, preferred_username, sub, and status. Supports pagination for large user directories.

manage_user_pool

Manage User Pool

Create, update, get, or delete a Cognito user pool. When creating, only the pool name is required. When updating, provide the user pool ID and the fields to change. Supports configuring password policies, MFA, auto-verification, and deletion protection.

list_groups

List Groups

List all groups in a Cognito user pool. Returns group names, descriptions, precedence values, and associated IAM role ARNs. Supports pagination.

manage_identity_pool

Manage Identity Pool

Create, get, update, delete, or list Cognito identity pools (federated identities). Identity pools issue temporary AWS credentials to authenticated and guest users, enabling direct access to AWS services.

manage_user_pool_domain

Manage User Pool Domain

Create, get, update, or delete a Cognito user pool domain. User pool domains host managed login, OAuth authorization endpoints, and authentication pages for applications.

manage_resource_server

Manage Resource Server

Create, get, update, delete, or list Cognito resource servers for a user pool. Resource servers define custom OAuth scopes for external APIs and machine-to-machine authorization.

manage_identity_pool_roles

Manage Identity Pool Roles

Get or set IAM roles for a Cognito identity pool. Identity pool roles control the AWS credentials issued to authenticated and unauthenticated identities.

More integrations teams use with Aws Cognito

GitHub

Manage repositories, issues, and pull requests. Create and configure branches, star repositories, review code, and merge changes. Automate CI/CD workflows with GitHub Actions, manage workflow runs, secrets, and artifacts. Track issues with labels, milestones, and assignees. Search across code, repositories, issues, and users. Manage organizations, teams, and memberships. Create and manage projects, gists, packages, deployments, and environments. Access security alerts including code scanning, secret scanning, and Dependabot alerts. Read and write file contents in repositories. Manage webhooks, notifications, and codespaces.

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

Salesforce

Manage CRM data including Accounts, Contacts, Leads, Opportunities, Cases, and custom objects. Create, read, update, and delete records. Query data using SOQL and search across objects using SOSL. Perform bulk data operations for large-scale imports, exports, and migrations. Execute composite requests to batch multiple operations in a single API call. Access analytics, reports, and dashboards. Manage files and attachments associated with records. Interact with Chatter feeds, posts, and groups for social collaboration. Subscribe to real-time change events via Change Data Capture and Platform Events. Manage org metadata including custom objects, fields, layouts, and workflows. Query data using GraphQL for precise data retrieval across related objects.

Airtable

Create, read, update, and delete records in Airtable bases and tables. Manage base schemas including creating tables and fields. Filter records using formulas, sort by fields, and scope queries to specific views. Upsert records to find, create, or update in a single call. Upload attachments to records, read and write record comments, list accessible bases, and receive real-time base change events through webhooks.

Bitbucket

Manage Git repositories, pull requests, and CI/CD pipelines on Bitbucket Cloud. Create, fork, and configure repositories within workspaces and projects. Create, review, approve, merge, and decline pull requests with inline code comments. Browse source code, list commits, and manage branches and tags. Track issues with the built-in issue tracker. Trigger, monitor, and manage Bitbucket Pipelines. List workspace members, configure repository default reviewers and branch restrictions, create and manage repository webhooks, and search code across repositories.

Heroku

Deploy, manage, and scale applications on Heroku's cloud platform. Create and configure apps, scale dynos, provision add-ons (databases, caching, etc.), manage configuration variables, build and release code, add custom domains and SSL certificates, manage collaborators and team permissions, configure pipelines for continuous delivery, set up log drains, and sync data with Salesforce via Heroku Connect. Subscribe to webhooks for real-time notifications on app changes, builds, releases, dyno lifecycle events, and more.

Technical notes for Aws Cognito

Manage user authentication and authorization for web and mobile apps. Create and configure user pools as user directories with password policies, MFA, and account recovery. Create, update, disable, and delete users and their attributes. Manage groups for role-based access control. Configure federated sign-in with SAML 2.0, OIDC, and social identity providers (Google, Facebook, Apple, Amazon). Set up app clients with OAuth scopes, callback URLs, and token settings. Create identity pools to issue temporary AWS credentials for authenticated or anonymous users. Migrate users via batch CSV import or just-in-time Lambda triggers. Customize ID and access tokens with pre-token generation triggers. Configure machine-to-machine authorization using OAuth client credentials flow with resource servers and custom scopes. Enable advanced security features for risk-based adaptive authentication. Respond to authentication lifecycle events including sign-up, authentication, token generation, and user migration via Lambda triggers.

Connect Aws Cognito to production AI agents

See how Metorial gives Aws Cognito access the governance, tracing, and security controls teams need.

Frequently asked questions

Common questions about connecting Aws Cognito to AI agents with Metorial.

  1. Can Metorial connect Aws Cognito to AI agents?
    Yes. Metorial connects AI agents to Aws Cognito through a governed integration layer, so teams can use the provider while keeping access controlled and observable.
  2. Metorial is MCP compatible and lets teams expose approved provider tools to MCP-capable agents and clients through a controlled access layer.
  3. Metorial applies policies across users, groups, providers, agents, and individual tools, then records the context around every agent interaction.
  4. Yes. Metorial records provider activity so teams can inspect tool calls, troubleshoot integrations, and give security teams the visibility they need.