Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to prevent OTP spamming on CUSTOM_AUTH flow using SMS/Email

0

I've set up a CUSTOM_AUTH flow within Cognito that generates and sends OTP via sms/text and email. Works quite well, very reliable.

However, this has got me wondering how to approach abuse / spamming. Each time the InitiateAuth action on Cognito is triggered, an OTP is generated and sent via email or text. This could result in abusers spamming the system, causing a lot of message to be sent and driving up costs.

Is there any way in which Cognito can be configured to prevent spamming of a CUSTOM_AUTH flow?

Alternatively I suppose rate limiting could be achieved by using some kind of persistent storage like dynamoDB. A throttling mechanism could be introduced as part of the define-auth or create-auth Lambda.

Themen
Sicherheit, Identität & Konformität
Tags
Amazon Cognito
Sprache
English
Nielssie
gefragt vor 2 Jahren664 Aufrufe
1 Antwort
0

Cognito now supports AWS WAF natively. So you can put AWS WAF in front of Cognito and leverage WAF's rate limiting capabilities.[1]

[1] https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-cognito-enables-native-support-aws-waf/

AWS
AWS-User-7083746
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt