diff --git a/moto/cognitoidp/models.py b/moto/cognitoidp/models.py
index 0897ea889..285be0b3c 100644
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@@ -532,7 +532,7 @@ class CognitoIdpUserPool(BaseModel):
         payload = {
             "iss": f"https://cognito-idp.{self.region}.amazonaws.com/{self.id}",
             "sub": self._get_user(username).id,
-            "aud": client_id,
+            "client_id" if token_use == "access" else "aud": client_id,
             "token_use": token_use,
             "auth_time": now,
             "exp": now + expires_in,
diff --git a/tests/test_cognitoidp/test_cognitoidp.py b/tests/test_cognitoidp/test_cognitoidp.py
index 630fefa2b..ea7163343 100644
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@@ -2844,7 +2844,7 @@ def test_token_legitimacy():
             id_claims[k].should.equal(v)
         access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
         access_claims["iss"].should.equal(issuer)
-        access_claims["aud"].should.equal(client_id)
+        access_claims["client_id"].should.equal(client_id)
         access_claims["token_use"].should.equal("access")
         access_claims["username"].should.equal(username)