AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-07-25 · Documentation low

File: cognito/latest/developerguide/exporting-quotas-and-usage.md

Summary

Updated references from 'advanced security features' to 'threat protection' and clarified requirements for log generation (Plus feature plan and threat protection modes). Added JSON section markers and formatting elements.

Security assessment

The changes refine documentation about security-related logging capabilities (threat protection) but don't address a specific vulnerability. The updates clarify security feature requirements without indicating a security incident.

Diff

diff --git a/cognito/latest/developerguide/exporting-quotas-and-usage.md b/cognito/latest/developerguide/exporting-quotas-and-usage.md
index 58b2a1a55..ec966f02c 100644
--- a//cognito/latest/developerguide/exporting-quotas-and-usage.md
+++ b//cognito/latest/developerguide/exporting-quotas-and-usage.md
@@ -9 +9 @@ Things to know about log exportExporting email and SMS message delivery errorsEx
-You can configure your user pool to send detailed logs of some additional activity to another AWS service, like a CloudWatch log group. These logs are of a finer granularity than those in AWS CloudTrail, and can be useful to troubleshoot your user pool and analyze user sign-in activity with [advanced security features](./cognito-user-pool-settings-threat-protection.html#cognito-user-pool-settings-threat-protection.title). When you want to stream logs of SMS and email notification errors, your user pool sends `ERROR`-level logs to a CloudWatch log group. When you want to stream logs of user sign-in activity, your user pool sends `INFO`-level logs to a log group, a Amazon Data Firehose stream, or an Amazon S3 bucket. You can combine both options in a user pool.
+You can configure your user pool to send detailed logs of some additional activity to another AWS service, like a CloudWatch log group. These logs are of a finer granularity than those in AWS CloudTrail, and can be useful to troubleshoot your user pool and analyze user sign-in activity with [threat protection](./cognito-user-pool-settings-threat-protection.html). When you want to stream logs of SMS and email notification errors, your user pool sends `ERROR`-level logs to a CloudWatch log group. When you want to stream logs of user sign-in activity, your user pool sends `INFO`-level logs to a log group, a Amazon Data Firehose stream, or an Amazon S3 bucket. You can combine both options in a user pool.
@@ -38 +38 @@ Amazon Data Firehose, Amazon S3, and CloudWatch Logs incur costs for data ingest
-User-activity log exports contain security assessments and are a function of user pool [advanced security features](./cognito-user-pool-settings-threat-protection.html). Amazon Cognito only generates these logs when advanced security features are active. These features increase the cost per monthly active user (MAU) in your user pool. For more information, see [Amazon Cognito Pricing](https://aws.amazon.com/cognito/pricing).
+User-activity log exports contain security assessments and are a function of user pool [threat protection](./cognito-user-pool-settings-threat-protection.html). Amazon Cognito only generates these logs when threat protection is in **Audit-only** or **Full-function** mode and your user pool is on the Plus [feature plan](./cognito-sign-in-feature-plans.html).
@@ -119,0 +120,6 @@ You must authorize these requests with AWS credentials that have the following p
+JSON
+    
+
+****
+    
+    
@@ -181 +188 @@ The following is an example event from a user pool. This log schema is subject t
-User pools with the Plus feature plan and threat protection log user activity events: the details and security assessment of user sign-in, sign-out, and other authentication operations with your user pool. You might want to review user activity logs in your own log-management system, or create an archive. You can export this data to a Amazon CloudWatch Logs log group, an Amazon Data Firehose stream, or an Amazon Simple Storage Service (Amazon S3) bucket. From there, you can ingest this data into other systems that analyze, normalize or otherwise process data in ways that fit it in to your operational processes. To export data of this type, your user pool must be on the Plus feature plan and [advanced security features](./cognito-user-pool-settings-threat-protection.html) must be active in your user pool.
+User pools with the Plus feature plan and threat protection log user activity events: the details and security assessment of user sign-in, sign-out, and other authentication operations with your user pool. You might want to review user activity logs in your own log-management system, or create an archive. You can export this data to a Amazon CloudWatch Logs log group, an Amazon Data Firehose stream, or an Amazon Simple Storage Service (Amazon S3) bucket. From there, you can ingest this data into other systems that analyze, normalize or otherwise process data in ways that fit it in to your operational processes. To export data of this type, your user pool must be on the Plus feature plan and [threat protection](./cognito-user-pool-settings-threat-protection.html) must be active in your user pool.
@@ -298,0 +306,8 @@ Amazon S3
+JSON
+
+JSON
+    
+
+****
+    
+    
@@ -307 +322 @@ Amazon S3
-                    "cognito-idp:GetLogDeliveryConfiguration",
+                    "cognito-idp:GetLogDeliveryConfiguration"
@@ -329,0 +346,8 @@ CloudWatch Logs
+JSON
+
+JSON
+    
+
+****
+    
+    
@@ -338 +362 @@ CloudWatch Logs
-                    "cognito-idp:GetLogDeliveryConfiguration",
+                    "cognito-idp:GetLogDeliveryConfiguration"
@@ -367,0 +393,8 @@ Amazon Data Firehose
+JSON
+
+JSON
+    
+
+****
+    
+    
@@ -376 +409 @@ Amazon Data Firehose
-                    "cognito-idp:GetLogDeliveryConfiguration",
+                    "cognito-idp:GetLogDeliveryConfiguration"