AWS cognito documentation change
Summary
Added documentation for viewing threat protection metrics, including new metrics related to compromised credentials, account takeover risk, and risk classification. Updated table format and added information about CloudWatch namespaces.
Security assessment
The changes add documentation about security-related metrics and threat protection features, but there is no evidence of addressing a specific security vulnerability or incident.
Diff
diff --git a/cognito/latest/developerguide/metrics-for-cognito-user-pools.md index 6148b7a3f..070a9bfa8 100644 --- a/cognito/latest/developerguide/metrics-for-cognito-user-pools.md +++ b/cognito/latest/developerguide/metrics-for-cognito-user-pools.md @@ -5 +5 @@ -Dimensions for Amazon Cognito user poolsUse the CloudWatch console to track metricsCreate a CloudWatch alarm for a quota +Viewing threat protection metricsDimensions for Amazon Cognito user poolsUse the CloudWatch console to track metricsCreate a CloudWatch alarm for a quota @@ -11 +11,3 @@ User pools report user-activity statistics to CloudWatch as metrics. From CloudW -The following table lists the metrics available for Amazon Cognito user pools. The Amazon CloudWatch metrics namespace for Amazon Cognito is `AWS/Cognito`. For more information, see [Namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace) in _Amazon CloudWatch User Guide_. +The following table lists the metrics available for Amazon Cognito user pools. Amazon Cognito publishes metrics to the namespaces `AWS/Cognito` and `AWS/Usage`. For more information, see [Namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Namespace) in _Amazon CloudWatch User Guide_. + +For more information about tracking quotas and usage, see [Track quota usage](./quotas.html#track-quota-usage) and [Track monthly active users (MAUs)](./quotas.html#track-mau-usage). @@ -17,2 +19,2 @@ Metrics that haven't had any new data points in the past two weeks don't appear -Metric | Description ----|--- +Metric | Description | Namespace +---|---|--- @@ -29,0 +32,44 @@ Metric | Description +## Viewing threat protection metrics + +The metrics that your user pool publishes have statistical information about the effect that your threat protection settings have on user authentication activity. You might want to know how many users are attempting to sign in with compromised credentials. You can also find out what percentage of sign-in activity was evaluated to have some level of risk. Amazon Cognito publishes metrics for threat protection features to your account in Amazon CloudWatch. Amazon Cognito groups the threat protection metrics together by risk level and also by request level. + +To add context to your risk analysis, you can [view information about individual user sign-in attempts](./cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-event-user-history), either in your user pool or in an exported data source. + +###### To view metrics in the CloudWatch console + + 1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). + + 2. In the navigation pane, choose **Metrics**. + + 3. Choose Amazon Cognito. + + 4. Choose a group of aggregated metrics, such as **By Risk Classification**. + + 5. The **All metrics** tab displays all metrics for that choice. You can do the following: + + * To sort the table, use the column heading. + + * To graph a metric, select the check box next to the metric. To select all metrics, select the check box in the heading row of the table. + + * To filter by resource, choose the resource ID, and then choose **Add to search**. + + * To filter by metric, choose the metric name, and then choose **Add to search**. + + + + +Metric | Description | Metric Dimensions +---|---|--- +CompromisedCredentialRisk | Requests where Amazon Cognito detected compromised credentials. | Operation: The type of operation. `PasswordChange`, `SignIn`, or `SignUp` are the only dimensions. UserPoolId: The identifier of the user pool. RiskLevel: high (default), medium, or low. +AccountTakeoverRisk | Requests where Amazon Cognito detected account take-over risk. | Operation: The type of operation. `PasswordChange`, `SignIn`, or `SignUp` are the only dimensions. UserPoolId: The identifier of the user pool. RiskLevel: high, medium, or low. +OverrideBlock | Requests that Amazon Cognito blocked because of the configuration provided by the developer. | Operation: The type of operation. `PasswordChange`, `SignIn`, or `SignUp` are the only dimensions. UserPoolId: The identifier of the user pool. RiskLevel: high, medium, or low. +Risk | Requests that Amazon Cognito marked as risky. | Operation: The type of operation, such as `PasswordChange`, `SignIn`, or `SignUp`. UserPoolId: The identifier of the user pool. +NoRisk | Requests where Amazon Cognito did not identify any risk. | Operation: The type of operation, such as `PasswordChange`, `SignIn`, or `SignUp`. UserPoolId: The identifier of the user pool. + +Amazon Cognito offers you two predefined groups of metrics for ready analysis in CloudWatch. **By Risk Classification** identifies the granularity of the risk level for requests that Amazon Cognito identifies as risky. **By Request Classification** reflects metrics aggregated by request level. + +Aggregated Metrics Group | Description +---|--- +By Risk Classification | Requests that Amazon Cognito identifies as risky. +By Request Classification | Metrics aggregated by request. +