diff --git a/bootstrap/crossplane/helm-values.yaml b/bootstrap/crossplane/helm-values.yaml
index fc1f679..4ddc290 100644
--- a/bootstrap/crossplane/helm-values.yaml
+++ b/bootstrap/crossplane/helm-values.yaml
@@ -56,6 +56,8 @@ provider:
   # -- A list of Provider packages to install.
   packages:
     # - ghcr.io/crossplane-contrib/provider-aws-iam:v1.20.1
+    - ghcr.io/crossplane-contrib/provider-aws-cognitoidentity:v1.20.1
+    - ghcr.io/crossplane-contrib/provider-aws-cognitoidp:v1.20.1
     - ghcr.io/crossplane-contrib/provider-aws-route53:v1.20.1
     - ghcr.io/crossplane-contrib/provider-aws-s3:v1.20.1
 
diff --git a/bootstrap/crossplane/kustomization.yaml b/bootstrap/crossplane/kustomization.yaml
index 3f78f1c..4f1a95d 100644
--- a/bootstrap/crossplane/kustomization.yaml
+++ b/bootstrap/crossplane/kustomization.yaml
@@ -12,6 +12,7 @@ helmCharts:
 resources:
   - ns.yaml
   - providerconfig.default.yaml
+  - providerconfig.cognito.yaml
   - providerconfig.route53.yaml
   - providerconfig.s3.yaml
 
diff --git a/bootstrap/crossplane/providerconfig.cognito.yaml b/bootstrap/crossplane/providerconfig.cognito.yaml
new file mode 100644
index 0000000..719641f
--- /dev/null
+++ b/bootstrap/crossplane/providerconfig.cognito.yaml
@@ -0,0 +1,17 @@
+apiVersion: aws.upbound.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: cognito
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+spec:
+  assumeRoleChain:
+    - roleARN: "arn:aws:iam::000654387266:role/CrossplaneServiceRole"
+    - roleARN: "arn:aws:iam::000654387266:role/CognitoManagementRole"
+
+  credentials:
+    source: Secret
+    secretRef:
+      namespace: crossplane-system
+      name: aws-secret
+      key: creds