Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

How to prevent OTP spamming on CUSTOM_AUTH flow using SMS/Email

0

I've set up a CUSTOM_AUTH flow within Cognito that generates and sends OTP via sms/text and email. Works quite well, very reliable.

However, this has got me wondering how to approach abuse / spamming. Each time the InitiateAuth action on Cognito is triggered, an OTP is generated and sent via email or text. This could result in abusers spamming the system, causing a lot of message to be sent and driving up costs.

Is there any way in which Cognito can be configured to prevent spamming of a CUSTOM_AUTH flow?

Alternatively I suppose rate limiting could be achieved by using some kind of persistent storage like dynamoDB. A throttling mechanism could be introduced as part of the define-auth or create-auth Lambda.

Argomenti
Sicurezza, identità e conformità
Tag
Amazon Cognito
Lingua
English
Nielssie
posta 2 anni fa664 visualizzazioni
1 Risposta
0

Cognito now supports AWS WAF natively. So you can put AWS WAF in front of Cognito and leverage WAF's rate limiting capabilities.[1]

[1] https://aws.amazon.com/about-aws/whats-new/2022/08/amazon-cognito-enables-native-support-aws-waf/

AWS
AWS-User-7083746
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente