The pattern ://cognito-identity. in the EasyPrivacy list is currently being used to block all requests to AWS domains (like "cognito-identity.us-east-1.amazonaws.com") related to AWS Cognito Identity Pools, which are used not just by Amazon, but also developers using the AWS SDK or AWS Amplify. The purpose of Cognito Identity Pools is to provide a federated identity token to both authenticated and unauthenticated users. I can understand wanting to block anything that can track unauthenticated users, but by blocking all requests matching ://cognito-identity. the EasyPrivacy list is breaking functionality for authenticated users of AWS Amplify-based web applications.
I suggest removing the ://cognito-identity. rule for now and instead evaluating how localStorage is being used by the AWS SDK to make it harder to store identity tokens for unauthenticated users.