API Key Management

All FinOps Center APIs are managed by Cognito

FinOps Center AppSync API Credential Management

  • Amazon Cognito Federated Identities issue short-lived AWS credentials using STS under an IAM role.

  • Amazon Cognito User Pools issue JWT tokens that are used to authenticate AppSync requests.

  • Because Cognito-issued credentials are automatically rotated and expire frequently (typically after 1 hour), long-term key rotation is not required for day-to-day operations.

PreviousEncryptionNextDeployment Best Practices

Last updated