AWS cognito documentation change
Summary
Updated link text to match other documentation changes
Security assessment
Change aligns link text with other documentation updates but doesn't modify existing WAF security guidance or address vulnerabilities. The WAF context remains unchanged in terms of security implications.
Diff
diff --git a/cognito/latest/developerguide/user-pool-waf.md b/cognito/latest/developerguide/user-pool-waf.md index f0a4cbe57..1af8a62d4 100644 --- a//cognito/latest/developerguide/user-pool-waf.md +++ b//cognito/latest/developerguide/user-pool-waf.md @@ -52 +52 @@ Requests to all endpoints in the [User pool endpoints and managed login referenc -Requests from your app to the Amazon Cognito API that don't use AWS credentials to authorize. This includes API operations like [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html), [RespondToAuthChallenge](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html), and [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html). The API operations that are in scope of AWS WAF don't require authentication with AWS credentials. They are unauthenticated, or authorized with a session string or access token. For more information, see [Amazon Cognito user pools authenticated and unauthenticated API operations](./authentication-flows-public-server-side.html#user-pool-apis-auth-unauth). +Requests from your app to the Amazon Cognito API that don't use AWS credentials to authorize. This includes API operations like [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html), [RespondToAuthChallenge](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html), and [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html). The API operations that are in scope of AWS WAF don't require authentication with AWS credentials. They are unauthenticated, or authorized with a session string or access token. For more information, see [List of API operations grouped by authorization model](./authentication-flows-public-server-side.html#user-pool-apis-auth-unauth).