AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-07-25 · Documentation medium

File: cognito/latest/developerguide/managing-users-passwords.md

Summary

Updated password reset instructions to recommend AdminSetUserPassword API instead of user deletion

Security assessment

Improves security documentation by promoting secure password reset practices, but no evidence of addressing a specific vulnerability.

Diff

diff --git a/cognito/latest/developerguide/managing-users-passwords.md b/cognito/latest/developerguide/managing-users-passwords.md
index e92de75cf..b0baf75e6 100644
--- a//cognito/latest/developerguide/managing-users-passwords.md
+++ b//cognito/latest/developerguide/managing-users-passwords.md
@@ -151 +151 @@ To reset access for an expired user account, do one of the following:
-  * Delete the user profile and create a new one.
+  * Send a new temporary password and reset the expiration period with an [AdminCreateUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html) API request that has `MessageAction` set to `RESEND`.
@@ -153 +153 @@ To reset access for an expired user account, do one of the following:
-  * Set a new permanent password in an [AdminSetUserPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminSetUserPassword.html) API request.
+  * Delete the user profile and create a new one.