Preventing fake cognito sing ups

0

How to prevent fake user signups with Cognito? If some malicious actor sends fake user singup requests to the UserPool endpoint they can do it at the rate of 50 req/s (default quota). It takes only 1000 seconds (17 minutes) for them to exhaust the free tier - because each sign up is treated as MAU. If they continue to create fake account our organization will be billed a lot of money.

How to the limit number of daily signups? Or not count signups as MAUs?

已提问 1 年前690 查看次数
3 回答
0

Hi, You can prevent fake account sign-ups in real time with AI using Amazon Fraud Detector. Please refer to the link for more information.

AWS
已回答 1 年前
  • Thanks but this solution is overly complex for such a simple requirement as limiting the number of sign ups

0

Hi

You can hook a pre signup lambda https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html where you can then perform validation such is checking the amount of daily signup from a DynamoDB table for instance, which has a counter incremented for any successful sign up.

Hope it helps ;)

profile picture
专家
已回答 1 年前
  • Hi Antonio, I've been working on implementing the advice you shared, which involves integrating Pre-Signup Lambda Triggers into my Cognito user pool. The logic implemented by lambda is: if the number of users in the userpool exceeds 3, an exception will be thrown and signup will stop. Given that my user pool already contains three users, I proceeded to attempt the addition of a new user through my Vue application. I think the Pre-Signup Lambda Triggers did work, because I truly received an exception in my browser. But the new user are still added in to my userpool with their confirmation status marked as "confirmed". Could you give me some information about what‘s wrong with my code? ========Lambda Code============= import json import boto3 def lambda_handler(event, context):

    TODO implement

    cognito_client = boto3.client('cognito-idp') user_pool_id = 'ap-northeast-1_******' response = cognito_client.list_users( UserPoolId=user_pool_id, AttributesToGet=[], Limit=0 ) user_count = len(response['Users'])

    if user_count >= 3: raise Exception("Stop signup: the number of accounts is over 3") else: return event

0

Hi, I'm also facing this problem. I think one way to solve this problem is to use a database to record the number of registered users. If it exceeds the range, the registration function will be stopped. Did you find a better solution to solve this problem?

jjshen
已回答 6 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则