AWS cognito documentation change
Summary
Modified VPC endpoint policy example to add explicit denial Sid and simplify syntax
Security assessment
Improves security documentation by providing clearer policy examples for VPC endpoint restrictions (specific VPC ID and simplified deny logic)
Diff
diff --git a/cognito/latest/developerguide/vpc-interface-endpoints.md b/cognito/latest/developerguide/vpc-interface-endpoints.md index f507f2589..ec8998251 100644 --- a//cognito/latest/developerguide/vpc-interface-endpoints.md +++ b//cognito/latest/developerguide/vpc-interface-endpoints.md @@ -167 +167 @@ For example, the following example policy prevents access to all user pools from - "Principal": "*", + "Sid": "DenyCognitoAccessOutsideVPC", @@ -169,3 +169,2 @@ For example, the following example policy prevents access to all user pools from - "Action": [ - "cognito-idp:*" - ], + "Principal": "*", + "Action": "cognito-idp:*", @@ -175,6 +174 @@ For example, the following example policy prevents access to all user pools from - "aws:SourceVpc": [ - "vpc-0123456789abcdef0" - ] - }, - "Bool": { - "aws:PrincipalIsAWSService": "false" + "aws:SourceVpc": "vpc-02d6770f46ef1653b"