AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-06-25 · Documentation low

File: cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.md

Summary

Updated documentation links from 'Associating' to 'Associate' in AWS WAF web ACL references

Security assessment

The change only modifies link text for consistency (gerund to imperative form) and does not introduce new security-related content or address a specific security vulnerability.

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.md b/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.md
index 47ca9e370..072d5fdd9 100644
--- a//cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.md
+++ b//cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.md
@@ -101 +101 @@ Blocked requests from IP addresses on an **Always block** exception list in your
-Some malicious traffic has the characteristic of a high volume of requests, like distributed denial of service (DDoS) attacks. The risk ratings that Amazon Cognito applies to incoming traffic are per-request and don't take request volume into account. Individual requests in a high-volume event might receive a risk score and an automated response for application-layer reasons that aren't related to their role in a volumetric attack. To implement defenses against volumetric attacks in your user pools, add AWS WAF web ACLs. For more information, see [Associating an AWS WAF web ACL with a user pool](./user-pool-waf.html).
+Some malicious traffic has the characteristic of a high volume of requests, like distributed denial of service (DDoS) attacks. The risk ratings that Amazon Cognito applies to incoming traffic are per-request and don't take request volume into account. Individual requests in a high-volume event might receive a risk score and an automated response for application-layer reasons that aren't related to their role in a volumetric attack. To implement defenses against volumetric attacks in your user pools, add AWS WAF web ACLs. For more information, see [Associate an AWS WAF web ACL with a user pool](./user-pool-waf.html).
@@ -105 +105 @@ Some malicious traffic has the characteristic of a high volume of requests, like
-Client credentials grants are intended for machine-to-machine (M2M) authorization with no connection to user accounts. Threat protection only monitors user accounts and passwords in your user pool. To implement security features with your M2M activity, consider the capabilities of AWS WAF for monitoring request rates and content. For more information, see [Associating an AWS WAF web ACL with a user pool](./user-pool-waf.html).
+Client credentials grants are intended for machine-to-machine (M2M) authorization with no connection to user accounts. Threat protection only monitors user accounts and passwords in your user pool. To implement security features with your M2M activity, consider the capabilities of AWS WAF for monitoring request rates and content. For more information, see [Associate an AWS WAF web ACL with a user pool](./user-pool-waf.html).