By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

WAF : ACFP and ATP not available for user pools ?

0

Hi ! I don't understand why thoses rulesets are not available for Cognito users pools. They look pretty useful in this use case. What managed rulesets can be relevant to apply to a user pool ?

Thx for your answers and advices.

Topics
Security, Identity, & Compliance
Tags
AWS WAFAmazon Cognito User Pools
Language
English
LeJ
asked 9 months ago238 views
1 Answer
0

Hello there,

While AWS WAF's ACFP and ATP rulesets offer significant protection for web applications, they're not available for direct use with Amazon Cognito User Pools. However, you can indirectly safeguard Cognito User Pools by applying WAF to the applications utilizing Cognito for authentication. Alternatively, use AWS Managed Rules like the "Common Rule Set" for AWS WAF, or employ security features within Cognito itself, such as adaptive authentication or multi-factor authentication (MFA). Future AWS updates might offer direct WAF protection for Cognito User Pools.

Please refer to this documentation as resource: https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html

AWS
Ismail Buul
answered 9 months ago
  • LeJ
    8 months ago

    Thx for your answer ! WAF protection is already available for Cognito User Pools. I have configured managed ruleset and custom ones. But i was wondering why ACFP and ATP was not supported. I guess it generates some conflicts. For the WAF applied to my application using User pools it doesn't seems to protect my user pool from direct calls as it is directly exposed.

    Did i miss something ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content