AWS res documentation change
Summary
Added documentation section about configuring administrator group for Cognito users
Security assessment
The change adds guidance about privilege management through Cognito groups, which is a security best practice. However, there's no evidence this addresses a specific security vulnerability. It enhances security documentation by explaining how to properly configure admin access.
Diff
diff --git a/res/latest/ug/setting-up-cognito-users.md b/res/latest/ug/setting-up-cognito-users.md index 7db3f2acd..6007a11c4 100644 --- a//res/latest/ug/setting-up-cognito-users.md +++ b//res/latest/ug/setting-up-cognito-users.md @@ -5 +5 @@ -Administrative setupUser sign up/sign in flowSign up flowLogin page OptionsConstraintsSynchronizationSecurity considerations for Cognito +Administrative setupUser sign up/sign in flowSign up flowLogin page OptionsConstraintsAdministrator group for Amazon Cognito usersSynchronizationSecurity considerations for Cognito @@ -55,0 +56,19 @@ If both SSO and Amazon Cognito are enabled, an option to **Sign in with organiza +## Administrator group for Amazon Cognito users + +By default, RES grants Cognito users within the `admins` group administrator privilege. To add users to the Cognito `admins` group: + + 1. Navigate to the [Amazon Cognito console](https://console.aws.amazon.com/cognito/home), and choose the existing user pool used for RES. + + 2. Navigate to **Groups** under **User Management** , and then choose **Create a group.** + + 3. On the **Create a group** page, in **Group name,** enter `admins`. + + 4. Select the `admins` group you created, and choose **Add user to group** to add Cognito users. + + 5. Initiate Cognito synchronization manually by following Synchronization. + + + + +After a successful Amazon Cognito synchronization, users added to the `admins` group will receive administrator privileges. +