AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-07-25 · Documentation low

File: cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.md

Summary

Updated message customization documentation to include MFA message templates, threat protection terminology, and adaptive authentication placeholders.

Security assessment

The changes focus on documenting security-related message templates (MFA, threat protection placeholders) and clarify how to use security features like adaptive authentication. This improves guidance on security configurations but does not address a specific security vulnerability.

Diff

diff --git a/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.md b/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.md
index dfbd16b48..27ac7832a 100644
--- a//cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.md
+++ b//cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.md
@@ -5 +5 @@
-Message templatesCustomizing the SMS messageCustomizing email verification messagesCustomizing user invitation messagesCustomizing your email address Authorizing Amazon Cognito to send Amazon SES email on your behalf (from a custom FROM email address)
+Message templatesCustomizing email and SMS MFA messagesCustomizing email verification messagesCustomizing user invitation messagesCustomizing your email address Authorizing Amazon Cognito to send Amazon SES email on your behalf (from a custom FROM email address)
@@ -7 +7 @@ Message templatesCustomizing the SMS messageCustomizing email verification messa
-# Configuring verification and invitation messages
+# Configuring MFA, authentication, verification and invitation messages
@@ -9 +9 @@ Message templatesCustomizing the SMS messageCustomizing email verification messa
-With Amazon Cognito, you can customize SMS and email verification messages and user invitation messages, to enhance the security and user experience of your application. With Amazon Cognito, you can choose between code-based or one-click link verifications to suit your application's needs. This topic discusses how you can personalize multi-factor authentication (MFA) and verification communications in the Amazon Cognito console. 
+With Amazon Cognito, you can customize SMS and email authentication, verification, and user invitation messages to enhance the security and user experience of your application. You can choose between code-based and one-click link verifications for some messages. This topic discusses how you can personalize authentication and verification communications in the Amazon Cognito console. 
@@ -13 +13 @@ In the **Message templates** menu, you can customize:
-  * Your SMS text message multi-factor authentication (MFA) message
+  * Your email and SMS message templates for one-time password (OTP) and multi-factor (MFA) authentication
@@ -38 +38 @@ The SMS and email verification message templates only appear if you have chosen
-  * Customizing the SMS message
+  * Customizing email and SMS MFA messages
@@ -63 +63 @@ One of the available automated responses with [threat protection](./cognito-user
-  * Include specific details about an event such as IP address, city, country, sign-in time, and device name. Amazon Cognito advanced security features can analyze these details.
+  * Include specific details about an event such as IP address, city, country, sign-in time, and device name. Amazon Cognito threat protection can analyze these details.
@@ -76 +76 @@ To generate one-click links and use the `{one-click-link-valid}` and `{one-click
-Advanced security features add the following placeholders that you can insert into message templates:
+Threat protection adds the following placeholders that you can insert into the message templates. These placeholders apply to **Adaptive authentication messages** , notifications that Amazon Cognito sends to users whose sessions have been evaluated for a level of risk. To configure message templates with these variables, update the **Full-function** configuration of your threat protection in the Amazon Cognito console, or submit templates in a [SetRiskConfiguration](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetRiskConfiguration.html) request.
@@ -90 +90 @@ Feedback token | `{feedback-token}`
-## Customizing the SMS message
+## Customizing email and SMS MFA messages
@@ -92 +92 @@ Feedback token | `{feedback-token}`
-To customize the SMS message for multi-factor authentication (MFA), edit **MFA message** from the **Message templates** menu in the Amazon Cognito user pools console.
+To customize the SMS and email messages for [multi-factor authentication (MFA)](./user-pool-settings-mfa.html), edit **MFA message** from the **Message templates** menu in the Amazon Cognito user pools console.
@@ -175,0 +176,6 @@ In this example, the "Sid" value is an arbitrary string that uniquely identifies
+JSON
+    
+
+****
+    
+