AWS cli documentation change
Summary
Added new --web-authn-mfa-settings parameter for passkey MFA configuration and updated AWS CLI version reference
Security assessment
This change adds documentation for a new security feature (passkey MFA) but does not address a specific security vulnerability. The documentation explains how to activate/deactivate passkey MFA for users, which requires user verification and helps prevent account lockout by requiring at least one other MFA method. This enhances authentication security but is not a response to a specific security incident.
Diff
diff --git a/cli/latest/reference/cognito-idp/admin-set-user-mfa-preference.md b/cli/latest/reference/cognito-idp/admin-set-user-mfa-preference.md index 9cfd1e2aa..bc6f2c895 100644 --- a//cli/latest/reference/cognito-idp/admin-set-user-mfa-preference.md +++ b//cli/latest/reference/cognito-idp/admin-set-user-mfa-preference.md @@ -15 +15 @@ - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) » @@ -81,0 +82 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/cognit + [--web-authn-mfa-settings <value>] @@ -189,0 +191,22 @@ JSON Syntax: +`--web-authn-mfa-settings` (structure) + +> User preferences for passkey MFA. Activates or deactivates passkey MFA for the user. When activated, passkey authentication requires user verification, and passkey sign-in is available when MFA is required. To activate this setting, the `FactorConfiguration` of your user pool `WebAuthnConfiguration` must be `MULTI_FACTOR_WITH_USER_VERIFICATION` . To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. +> +> Enabled -> (boolean) +> +>> Specifies whether passkey MFA is activated for a user. When activated, the user’s passkey authentication requires user verification, and passkey sign-in is available when MFA is required. The user must also have at least one other MFA method such as SMS, TOTP, or email activated to prevent account lockout. + +Shorthand Syntax: + + + Enabled=boolean + + +JSON Syntax: + + + { + "Enabled": true|false + } + + @@ -357 +380 @@ None - * [AWS CLI 2.34.29 Command Reference](../../index.html) » + * [AWS CLI 2.34.32 Command Reference](../../index.html) »