AWS cognito documentation change
Summary
Updated email template customization options, added OTP authentication details, and clarified feature plan requirements
Security assessment
Change documents security-adjacent features like customizable MFA/verification messages and feature plan requirements for email delivery. While it adds security-related documentation, there is no evidence of addressing a specific vulnerability.
Diff
diff --git a/cognito/latest/developerguide/user-pool-email.md b/cognito/latest/developerguide/user-pool-email.md index fea15f76a..29b847e72 100644 --- a//cognito/latest/developerguide/user-pool-email.md +++ b//cognito/latest/developerguide/user-pool-email.md @@ -26 +26 @@ Amazon Cognito sends email messages to your users with either a code that they c -Activity | API operation | Delivery options | Format options | Customizable | Message template +Activity | API operation | Delivery options | Format options | Customizable | [Message template](./cognito-user-pool-settings-message-customizations.html) @@ -28 +28 @@ Activity | API operation | Delivery options | Format options | Customizable | Me -Forgot password | [ForgotPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html), [AdminResetUserPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html) | Email, SMS | code | No | N/A +Forgot password | [ForgotPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html), [AdminResetUserPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminResetUserPassword.html) | Email, SMS | code | Yes | **Verification message** @@ -32,0 +33 @@ Multi-factor authentication (MFA) | [AdminInitiateAuth](https://docs.aws.amazon. +One-time password authentication (OTP) | [AdminInitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminInitiateAuth.html), [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) | Email¹, SMS | code | Yes | **MFA message** ³ @@ -34 +35 @@ Multi-factor authentication (MFA) | [AdminInitiateAuth](https://docs.aws.amazon. -¹ Requires advanced security features and Amazon SES email configuration. +¹ Requires Essentials [feature plan](./cognito-sign-in-feature-plans.html) or higher and Amazon SES email configuration. @@ -37,0 +39,2 @@ Multi-factor authentication (MFA) | [AdminInitiateAuth](https://docs.aws.amazon. +³ You can only customize the MFA message template when MFA is required or optional in your user pool. When MFA is inactive, Amazon Cognito sends one-time passwords with the default template. + @@ -228,0 +232,8 @@ Your sending authorization policy in the user pool Region or alternate Region mu +JSON + +JSON + + +**** + + @@ -264,0 +277,8 @@ Your sending authorization policy in each of the alternate Regions must permit t +JSON + +JSON + + +**** + +