AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-11-16 · Documentation medium

File: cognito/latest/developerguide/vpc-interface-endpoints.md

Summary

Modified VPC endpoint policy example to add explicit denial Sid and simplify syntax

Security assessment

Improves security documentation by providing clearer policy examples for VPC endpoint restrictions (specific VPC ID and simplified deny logic)

Diff

diff --git a/cognito/latest/developerguide/vpc-interface-endpoints.md b/cognito/latest/developerguide/vpc-interface-endpoints.md
index f507f2589..ec8998251 100644
--- a//cognito/latest/developerguide/vpc-interface-endpoints.md
+++ b//cognito/latest/developerguide/vpc-interface-endpoints.md
@@ -167 +167 @@ For example, the following example policy prevents access to all user pools from
-                "Principal": "*",
+          "Sid": "DenyCognitoAccessOutsideVPC",
@@ -169,3 +169,2 @@ For example, the following example policy prevents access to all user pools from
-                "Action": [
-                    "cognito-idp:*"
-                ],
+          "Principal": "*",
+          "Action": "cognito-idp:*",
@@ -175,6 +174 @@ For example, the following example policy prevents access to all user pools from
-                        "aws:SourceVpc": [
-                            "vpc-0123456789abcdef0"
-                        ]
-                    },
-                    "Bool": {
-                        "aws:PrincipalIsAWSService": "false"
+              "aws:SourceVpc": "vpc-02d6770f46ef1653b"