AWS cognito documentation change
Summary
Clarified placeholder usage in custom message Lambda functions for admin-created users
Security assessment
Improves documentation clarity about template variables but does not address security issues or describe security features.
Diff
diff --git a/cognito/latest/developerguide/user-pool-lambda-custom-message.md index d8dcfcd54..b5712a5e2 100644 --- a/cognito/latest/developerguide/user-pool-lambda-custom-message.md +++ b/cognito/latest/developerguide/user-pool-lambda-custom-message.md @@ -17 +17 @@ The request includes `codeParameter`. This is a string that acts as a placeholde -A custom message Lambda function with the `CustomMessage_AdminCreateUser` trigger source returns a user name and verification code. Because an admin-created user must receive both their user name and code, the response from your function must include both `request.usernameParameter` and `request.codeParameter`. +The input event for a custom message Lambda function with the `CustomMessage_AdminCreateUser` trigger source includes a username and verification code. Because an admin-created user must receive both their user name and code, the response from your function must include placeholder variables for the username and code. The placeholders for your message are the values of `request.usernameParameter` and `request.codeParameter`. These values are typically `{username}` and `{####}`; as a best practice, reference the input values instead of hardcoding the variable names.