1 Answer
- Newest
- Most votes
- Most comments
0
Hello there,
While AWS WAF's ACFP and ATP rulesets offer significant protection for web applications, they're not available for direct use with Amazon Cognito User Pools. However, you can indirectly safeguard Cognito User Pools by applying WAF to the applications utilizing Cognito for authentication. Alternatively, use AWS Managed Rules like the "Common Rule Set" for AWS WAF, or employ security features within Cognito itself, such as adaptive authentication or multi-factor authentication (MFA). Future AWS updates might offer direct WAF protection for Cognito User Pools.
Please refer to this documentation as resource: https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html
answered 9 months ago
Relevant content
- asked 10 days ago
- asked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
Thx for your answer ! WAF protection is already available for Cognito User Pools. I have configured managed ruleset and custom ones. But i was wondering why ACFP and ATP was not supported. I guess it generates some conflicts. For the WAF applied to my application using User pools it doesn't seems to protect my user pool from direct calls as it is directly exposed.
Did i miss something ?