Preventing fake cognito sing ups

0

How to prevent fake user signups with Cognito? If some malicious actor sends fake user singup requests to the UserPool endpoint they can do it at the rate of 50 req/s (default quota). It takes only 1000 seconds (17 minutes) for them to exhaust the free tier - because each sign up is treated as MAU. If they continue to create fake account our organization will be billed a lot of money.

How to the limit number of daily signups? Or not count signups as MAUs?

3개 답변
0

Hi, You can prevent fake account sign-ups in real time with AI using Amazon Fraud Detector. Please refer to the link for more information.

AWS
답변함 일 년 전
  • Thanks but this solution is overly complex for such a simple requirement as limiting the number of sign ups

0

Hi

You can hook a pre signup lambda https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html where you can then perform validation such is checking the amount of daily signup from a DynamoDB table for instance, which has a counter incremented for any successful sign up.

Hope it helps ;)

profile picture
전문가
답변함 일 년 전
  • Hi Antonio, I've been working on implementing the advice you shared, which involves integrating Pre-Signup Lambda Triggers into my Cognito user pool. The logic implemented by lambda is: if the number of users in the userpool exceeds 3, an exception will be thrown and signup will stop. Given that my user pool already contains three users, I proceeded to attempt the addition of a new user through my Vue application. I think the Pre-Signup Lambda Triggers did work, because I truly received an exception in my browser. But the new user are still added in to my userpool with their confirmation status marked as "confirmed". Could you give me some information about what‘s wrong with my code? ========Lambda Code============= import json import boto3 def lambda_handler(event, context):

    TODO implement

    cognito_client = boto3.client('cognito-idp') user_pool_id = 'ap-northeast-1_******' response = cognito_client.list_users( UserPoolId=user_pool_id, AttributesToGet=[], Limit=0 ) user_count = len(response['Users'])

    if user_count >= 3: raise Exception("Stop signup: the number of accounts is over 3") else: return event

0

Hi, I'm also facing this problem. I think one way to solve this problem is to use a database to record the number of registered users. If it exceeds the range, the registration function will be stopped. Did you find a better solution to solve this problem?

jjshen
답변함 5달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠