- Más nuevo
- Más votos
- Más comentarios
Hello,
As per the design of Cognito service, when you create an user using AdminCreateUser
API, then admin need to send the password to user via email/phone number and the user should provide the temporary password during first sign-in.
There is no API in Cognito to fetch the temporary password again which was set during creating the user profile.
However, if you do not want your users to provide the temporary password, then you need to store the temporary passwords securely. You should never hard-code same password for all users. Because if anyone get the password by any chance, then he can use the same password to login to any newly created user profile. You need to generate random temporary password and store it until the user sign-in for first time.
When the user signing-in for first time then you can fetch the record to have the temporary password of the user and then you can delete the entry from the database once the user has successfully set their new password.
The password should always be stored in encrypted form and you need to configure proper fine-grained permission to restrict access for decryption of the password.
Note: As per the Shared responsibility model it is customer's responsibility to maintain the "security in cloud".
I hope the information is helpful to you. In case you have any further queries/concerns regarding AWS services then please let us know. We are always here to assist you.
--Reference--
Client-side and server-side encryption in DynamoDB: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/client-server-side.html
DynamoDB encryption at rest: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html
Contenido relevante
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace un año