AWS Security ChangesHomeSearch

AWS cognito medium security documentation change

Service: cognito · 2026-07-10 · Security-related medium

File: cognito/latest/developerguide/federation-endpoints.md

Summary

Added compatibility note for updated issuer format

Security assessment

Explicitly documents authentication incompatibilities with ALB and API Gateway, preventing potential broken authentication scenarios.

Diff

diff --git a/cognito/latest/developerguide/federation-endpoints.md b/cognito/latest/developerguide/federation-endpoints.md
index babd9791d..7366fe193 100644
--- a//cognito/latest/developerguide/federation-endpoints.md
+++ b//cognito/latest/developerguide/federation-endpoints.md
@@ -65,0 +66,4 @@ Updated issuers take the format `https://issuer-cognito-idp.`us-east-1`.amazonaw
+###### Note
+
+The updated issuer type is not currently compatible with Application Load Balancer authentication with Amazon Cognito ([Authenticate users using an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html)) or Amazon API Gateway Amazon Cognito authorizers ([Control access to REST APIs using Amazon Cognito user pools as authorizer](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html)).
+