AWS cognito documentation change
Summary
Removed an example Lambda resource-based policy JSON configuration
Security assessment
The removal of a policy example does not directly indicate a security issue but may reduce clarity for users configuring permissions. No explicit security vulnerability is addressed.
Diff
diff --git a/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md b/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md index c4ada8790..c812b0e86 100644 --- a//cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md +++ b//cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.md @@ -99,31 +98,0 @@ The following example Lambda resource-based policy grants Amazon Cognito a limit -JSON - - -**** - - - { - "Version": "2012-10-17", - "Id": "default", - "Statement": [ - { - "Sid": "lambda-allow-cognito", - "Effect": "Allow", - "Principal": { - "Service": "cognito-idp.amazonaws.com" - }, - "Action": "lambda:InvokeFunction", - "Resource": "<your Lambda function ARN>", - "Condition": { - "StringEquals": { - "AWS:SourceAccount": "<your account number>" - }, - "ArnLike": { - "AWS:SourceArn": "<your user pool ARN>" - } - } - } - ] - } - -