AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-04-25 · Documentation low

File: cognito/latest/developerguide/user-pool-waf.md

Summary

Updated link text to match other documentation changes

Security assessment

Change aligns link text with other documentation updates but doesn't modify existing WAF security guidance or address vulnerabilities. The WAF context remains unchanged in terms of security implications.

Diff

diff --git a/cognito/latest/developerguide/user-pool-waf.md b/cognito/latest/developerguide/user-pool-waf.md
index f0a4cbe57..1af8a62d4 100644
--- a//cognito/latest/developerguide/user-pool-waf.md
+++ b//cognito/latest/developerguide/user-pool-waf.md
@@ -52 +52 @@ Requests to all endpoints in the [User pool endpoints and managed login referenc
-Requests from your app to the Amazon Cognito API that don't use AWS credentials to authorize. This includes API operations like [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html), [RespondToAuthChallenge](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html), and [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html). The API operations that are in scope of AWS WAF don't require authentication with AWS credentials. They are unauthenticated, or authorized with a session string or access token. For more information, see [Amazon Cognito user pools authenticated and unauthenticated API operations](./authentication-flows-public-server-side.html#user-pool-apis-auth-unauth).
+Requests from your app to the Amazon Cognito API that don't use AWS credentials to authorize. This includes API operations like [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html), [RespondToAuthChallenge](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html), and [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html). The API operations that are in scope of AWS WAF don't require authentication with AWS credentials. They are unauthenticated, or authorized with a session string or access token. For more information, see [List of API operations grouped by authorization model](./authentication-flows-public-server-side.html#user-pool-apis-auth-unauth).