AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-16 · Documentation low

File: cognito/latest/developerguide/getting-started-user-pools-application.md

Summary

Added IAM policy requirements and example callback URL details

Security assessment

Added guidance about required IAM permissions (security best practices) but no specific vulnerability addressed

Diff

diff --git a/cognito/latest/developerguide/getting-started-user-pools-application.md b/cognito/latest/developerguide/getting-started-user-pools-application.md
index fa60398b9..99a0865c0 100644
--- a//cognito/latest/developerguide/getting-started-user-pools-application.md
+++ b//cognito/latest/developerguide/getting-started-user-pools-application.md
@@ -26 +26 @@ When you're ready to begin, navigate to the [Amazon Cognito console](https://con
-  1. Navigate to the [Amazon Cognito console](https://console.aws.amazon.com/cognito/).
+  1. Navigate to the [Amazon Cognito console](https://console.aws.amazon.com/cognito/). To assign permissions to your IAM principal so that they can create and manage Amazon Cognito resources, refer to [AWS managed policies for Amazon Cognito](./security-iam-awsmanpol.html). The `AmazonCognitoPowerUser` policy is sufficient for the creation of user pools.
@@ -42 +42 @@ When you're ready to begin, navigate to the [Amazon Cognito console](https://con
-  6. Under **Add a return URL** , enter a redirect path to your application for after users complete authentication. This location should be a route in your application that uses OpenID Connect (OIDC) libraries to process user-authentication outcomes.
+  6. Under **Add a return URL** , enter a redirect path to your application for after users complete authentication. This location should be a route in your application that uses OpenID Connect (OIDC) libraries to process user-authentication outcomes. An example of a return URL for a test application is `https://localhost:3000/callback`. In the example NodeJS application in the Amazon Cognito console, this route employs [openid-client](https://www.npmjs.com/package/openid-client) to collect the access token and redeem it for user information. You'll be able to browse examples for your development platform after you create your resources.