AWS bedrock-agentcore medium security documentation change
Summary
Replaced hardcoded passwords with variables and added security warning about production usage
Security assessment
Addresses security weakness by removing default credentials ('Temp123!', 'MyPassword123!') from examples. Explicit warning against using script in production shows security awareness.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-idp-cognito.md b/bedrock-agentcore/latest/devguide/identity-idp-cognito.md index 5778c139d..0f3a16c94 100644 --- a//bedrock-agentcore/latest/devguide/identity-idp-cognito.md +++ b//bedrock-agentcore/latest/devguide/identity-idp-cognito.md @@ -27,0 +28,4 @@ Create a file named `setup_cognito.sh` with the following content: +###### Note + +The following script is only meant as an example. You should customize the user pool settings and user credentials as needed for your application. Do not use this script directly in production environments. + @@ -45 +49 @@ Create a file named `setup_cognito.sh` with the following content: - --temporary-password "Temp123!" \ + --temporary-password "${temp-password}" \ @@ -53 +57 @@ Create a file named `setup_cognito.sh` with the following content: - --password "MyPassword123!" \ + --password "${permanent-user-password}" \ @@ -61 +65 @@ Create a file named `setup_cognito.sh` with the following content: - --auth-parameters USERNAME= 'testuser',PASSWORD= 'MyPassword123!' \ + --auth-parameters USERNAME= 'testuser',PASSWORD= '${permanent-user-password}' \ @@ -83 +87 @@ You'll need these values in the next steps. -This script creates a Cognito user pool, a user pool client, adds a user, and generates a bearer token for the user. The token is valid for 60 minutes by default. +Following these steps will create a Cognito user pool, a user pool client, adds a user, and generates a bearer token for the user. The token is valid for 60 minutes by default.