Amazon Cognito is now available in Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions Amazon Cognito is now available in the AWS Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions. This launch introduces all Amazon Cognito features and tiers, allowing customers to implement secure sign-in and access control for users, AI agents, and microservices in minutes. For a full list of regions where Amazon Cognito is available, refer to the AWS Region Table. To learn more about Amazon Cognito, refer to Developer Guide, Product Detail Page, and Pricing Detail Page.

🆕 Amazon Cognito is now in Asia Pacific (Taipei) and (New Zealand), providing secure sign-in for users, AI, and microservices. For regions, see AWS Region Table. More details in Developer Guide, Product, and Pricing pages.

#AWS #AmazonCognito

Amazon Cognito is now available in Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions Amazon Cognito is now available in the AWS Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions. This launch introduces all Amazon Cognito features and tiers, allowing customers to implement secure sign-in and access control for users, AI agents, and microservices in minutes. For a full list of regions where Amazon Cognito is available, refer to the https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/. To learn more about Amazon Cognito, refer to https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html, https://aws.amazon.com/cognito/, and https://aws.amazon.com/cognito/pricing/.

Amazon Cognito is now available in Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions

Amazon Cognito is now available in the AWS Asia Pacific (Taipei) and Asia Pacific (New Zealand) Regions. This launch introduces all Amazon Cognito features and tiers, allowing c...

#AWS #AmazonCognito

Amazon Cognito enhances client secret management with secret rotation and custom secrets Amazon Cognito enhances client secret lifecycle management for app clients of Cognito user pools by adding client secret rotation and support for custom client secrets. Cognito helps you implement secure sign-in and access control for users, AI agents, and microservices in minutes, and a Cognito app client is a configuration that interacts with one mobile or web application that authenticates with Cognito. Previously, Cognito automatically generated all app client secrets. With this launch, in addition to the automatically generated secrets, you have the option to bring your own custom client secrets for new or existing app clients. Additionally, you can now rotate client secrets on-demand and maintain up to two active client secrets per app client. The new client secret lifecycle management capabilities address needs for organizations with periodic credential rotation requirements, companies improving security posture, and enterprises migrating from other authentication systems to Cognito. Maintaining two active secrets per app client allows gradual transition to the new secret without application downtime. Client secret rotation and custom client secrets are available in all AWS Regions where Amazon Cognito user pools are available. To learn more, see the Amazon Cognito Developer Guide. You can get started using the new capabilities through the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), or AWS CloudFormation.

🆕 Amazon Cognito now offers client secret rotation and custom secrets for better security, with two active secrets per app client. Available globally, these features help meet credential rotation needs. Use AWS tools to start enhancing security.

#AWS #AmazonCognito

Amazon Cognito enhances client secret management with secret rotation and custom secrets Amazon Cognito enhances client secret lifecycle management for app clients of Cognito user pools by adding client secret rotation and support for custom client secrets. Cognito helps you implement secure sign-in and access control for users, AI agents, and microservices in minutes, and a Cognito app client is a configuration that interacts with one mobile or web application that authenticates with Cognito. Previously, Cognito automatically generated all app client secrets. With this launch, in addition to the automatically generated secrets, you have the option to bring your own custom client secrets for new or existing app clients. Additionally, you can now rotate client secrets on-demand and maintain up to two active client secrets per app client. The new client secret lifecycle management capabilities address needs for organizations with periodic credential rotation requirements, companies improving security posture, and enterprises migrating from other authentication systems to Cognito. Maintaining two active secrets per app client allows gradual transition to the new secret without application downtime. Client secret rotation and custom client secrets are available in all AWS Regions where Amazon Cognito user pools are available. To learn more, see the https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html. You can get started using the new capabilities through the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), or AWS CloudFormation.

Amazon Cognito enhances client secret management with secret rotation and custom secrets

Amazon Cognito enhances client secret lifecycle management for app clients of Cognito user pools by adding client secret rotation and support for custom client secrets. Cognito helps y...

#AWS #AmazonCognito

Amazon Cognito introduces inbound federation Lambda triggers Amazon Cognito introduces inbound federation Lambda triggers that enable you to transform and customize federated user attributes during the authentication process. You can now modify responses from external SAML and OIDC providers before they are stored in your user pool, providing complete programmatic control over the federation flow without requiring changes to your identity provider configuration.. Inbound federation Lambda trigger addresses current limitations in federated authentication workflows, particularly issues caused by attribute size limits and the need for selective attribute storage from external identity providers. For example, large group attributes from external SAML or OIDC identity providers that exceed Cognito’s 2,048 character limit per attribute can block the authentication flow. This capability allows you to add, override, or suppress attribute values, such as modifying large group attributes, before creating new federated users or updating existing federated user profiles in Cognito. The new inbound federation Lambda trigger is available through hosted UI (classic) and managed login in all AWS Regions where Amazon Cognito is available. To get started, configure the trigger using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), Cloud Development Kit (CDK), or AWS CloudFormation by adding the new parameter to your User Pool LambdaConfig. To learn more, see the https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-inbound-federation.html for implementation examples and best practices.

Amazon Cognito introduces inbound federation Lambda triggers

Amazon Cognito introduces inbound federation Lambda triggers that enable you to transform and customize federated user attributes during the authentication process. You can now modify responses from external SAML...

#AWS #AmazonCognito

Amazon Cognito introduces inbound federation Lambda triggers Amazon Cognito introduces inbound federation Lambda triggers that enable you to transform and customize federated user attributes during the authentication process. You can now modify responses from external SAML and OIDC providers before they are stored in your user pool, providing complete programmatic control over the federation flow without requiring changes to your identity provider configuration.. Inbound federation Lambda trigger addresses current limitations in federated authentication workflows, particularly issues caused by attribute size limits and the need for selective attribute storage from external identity providers. For example, large group attributes from external SAML or OIDC identity providers that exceed Cognito’s 2,048 character limit per attribute can block the authentication flow. This capability allows you to add, override, or suppress attribute values, such as modifying large group attributes, before creating new federated users or updating existing federated user profiles in Cognito. The new inbound federation Lambda trigger is available through hosted UI (classic) and managed login in all AWS Regions where Amazon Cognito is available. To get started, configure the trigger using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), Cloud Development Kit (CDK), or AWS CloudFormation by adding the new parameter to your User Pool LambdaConfig. To learn more, see the Amazon Cognito Developer Guide for implementation examples and best practices.

🆕 Amazon Cognito now supports inbound federation Lambda triggers to transform federated user attributes during auth, customizing SAML/OIDC responses, addressing size limits, and selective storage, available in all AWS Regions.

#AWS #AmazonCognito

AWS expands Resource Control Policies support for Cognito and CloudWatch Logs AWS Resource Control Policies (RCPs) now provide support for https://aws.amazon.com/pm/cognito/?trk=de90528c-2450-48d7-9981-bc556d44c9ab&sc_channel=ps&trk=de90528c-2450-48d7-9981-bc556d44c9ab&sc_channel=ps&ef_id=EAIaIQobChMI1oPdpd-JkgMVEh-tBh0iWzpHEAAYASAAEgLl7_D_BwE:G:s&s_kwcid=AL!4422!3!652240143559!e!!g!!cognito!19878797452!155825919588&gad_campaignid=19878797452&gbraid=0AAAAADjHtp-6asfTXR8BCPoEoERBRak--&gclid=EAIaIQobChMI1oPdpd-JkgMVEh-tBh0iWzpHEAAYASAAEgLl7_D_BwE and https://aws.amazon.com/cloudwatch/?refid=de90528c-2450-48d7-9981-bc556d44c9ab. Resource control policies (RCPs) are a type of organization policy that you can use to manage permissions in your organization. RCPs offer central control over the maximum available permissions for resources in your organization. With this expansion, you can now use RCPs to manage permissions for Amazon Cognito and Amazon CloudWatch Logs resources. For example, you can create policies that prevent identities outside your organization from accessing these resources, helping you build a https://aws.amazon.com/identity/data-perimeters-on-aws/ and enforce baseline security standards across your AWS environment. RCPs are available in all AWS commercial Regions and AWS GovCloud (US) Regions. To learn more about RCPs and view the full list of supported AWS services, visit the https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_rcps.html in the AWS Organizations User Guide.

AWS expands Resource Control Policies support for Cognito and CloudWatch Logs

AWS Resource Control Policies (RCPs) now provide support for aws.amazon.com/pm/cognito/

#AWS #AmazonCognito #AmazonCloudwatchLogs #AwsGovcloudUs

AWS expands Resource Control Policies support for Cognito and CloudWatch Logs AWS Resource Control Policies (RCPs) now provide support for Amazon Cognito and Amazon CloudWatch Logs. Resource control policies (RCPs) are a type of organization policy that you can use to manage permissions in your organization. RCPs offer central control over the maximum available permissions for resources in your organization. With this expansion, you can now use RCPs to manage permissions for Amazon Cognito and Amazon CloudWatch Logs resources. For example, you can create policies that prevent identities outside your organization from accessing these resources, helping you build a data perimeter and enforce baseline security standards across your AWS environment. RCPs are available in all AWS commercial Regions and AWS GovCloud (US) Regions. To learn more about RCPs and view the full list of supported AWS services, visit the Resource control policies (RCPs) documentation in the AWS Organizations User Guide.

🆕 AWS expands Resource Control Policies to manage permissions for Amazon Cognito and CloudWatch Logs, offering central control over resource access and enforcing security standards across your organization. Available in all AWS regions.

#AWS #AmazonCognito #AmazonCloudwatchLogs #AwsGovcloudUs

Amazon Cognito identity pools now support private connectivity with AWS PrivateLink Amazon Cognito identity pools now support AWS PrivateLink, enabling you to securely exchange federated identities for AWS credentials through private connectivity between your virtual private cloud (VPC) and Cognito. This eliminates the need to route authentication traffic over the public internet, providing enhanced security for your workloads. Identity pools map authenticated and guest identities to your AWS Identity and Access Management (IAM) roles and provide temporary AWS credentials, with this new feature, through a secure and private connection. You can use PrivateLink connections in all AWS Regions where Amazon Cognito identity pools are available, except AWS China (Beijing) Region, operated by Sinnet, and AWS GovCloud (US) Regions. Creating VPC endpoints on AWS PrivateLink will incur additional charges; refer to https://aws.amazon.com/privatelink/pricing/ for details. You can get started by creating an AWS PrivateLink VPC interface endpoint for Amazon Cognito identity pools using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. To learn more, refer to the documentation on https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html and https://docs.aws.amazon.com/cognito/latest/developerguide/vpc-interface-endpoints.html. 

Amazon Cognito identity pools now support private connectivity with AWS PrivateLink

Amazon Cognito identity pools now support AWS PrivateLink, enabling you to securely exchange federated identities for AWS credentials through private connectivity between yo...

#AWS #AmazonCognito #AwsPrivatelink

Amazon Cognito identity pools now support private connectivity with AWS PrivateLink Amazon Cognito identity pools now support AWS PrivateLink, enabling you to securely exchange federated identities for AWS credentials through private connectivity between your virtual private cloud (VPC) and Cognito. This eliminates the need to route authentication traffic over the public internet, providing enhanced security for your workloads. Identity pools map authenticated and guest identities to your AWS Identity and Access Management (IAM) roles and provide temporary AWS credentials, with this new feature, through a secure and private connection. You can use PrivateLink connections in all AWS Regions where Amazon Cognito identity pools are available, except AWS China (Beijing) Region, operated by Sinnet, and AWS GovCloud (US) Regions. Creating VPC endpoints on AWS PrivateLink will incur additional charges; refer to AWS PrivateLink pricing page for details. You can get started by creating an AWS PrivateLink VPC interface endpoint for Amazon Cognito identity pools using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. To learn more, refer to the documentation on creating a VPC interface endpoint and Amazon Cognito’s developer guide.

🆕 Amazon Cognito identity pools now support AWS PrivateLink for secure, private connectivity, eliminating public internet use. VPC endpoints are available in most regions, excluding AWS China and GovCloud, with additional charges. Use AWS tools to create endpoi…

#AWS #AmazonCognito #AwsPrivatelink

Explore the Amazon Augmented AI with Human Review Workflows, Amazon Textract Form Extraction Task and Amazon Cognito User Pool “ I have checked the documents of AWS to explore the amazon augmented ai with human review workflows,...

✍️ New blog post by GargeeBhatnagar

Explore the Amazon Augmented AI with Human Review Workflows, Amazon Textract Form Extraction Task and Amazon Cognito User Pool

#amazonaugmentedai #amazoncognito #amazontextract #s3bucket

Amazon Cognito user pools now supports private connectivity with AWS PrivateLink Amazon Cognito user pools now supports AWS PrivateLink for secure and private connectivity. With AWS PrivateLink, you can establish a private connection between your virtual private cloud (VPC) and Amazon Cognito user pools to configure, manage, and authenticate against your Cognito user pools without using the public internet. By enabling private network connectivity, this enhancement eliminates the need to use public IP addresses or relying solely on firewall rules to access Cognito. This feature supports user pool management operations (e.g., list user pools, describe user pools), administrative operations (e.g., admin-created users), and user authentication flows (sign in local users stored in Cognito). OAuth 2.0 authorization code flow (Cognito managed login, hosted UI, sign-in via social identity providers), client credentials flow (Cognito machine-to-machine authorization), and federated sign-ins via SAML and OIDC standards are not supported through VPC endpoints at this time. You can use PrivateLink connections in all AWS Regions where Amazon Cognito user pools is available, except AWS GovCloud (US) Regions. Creating VPC endpoints on AWS PrivateLink will incur additional charges; refer to https://aws.amazon.com/privatelink/pricing/ for details. You can get started by creating an AWS PrivateLink interface endpoint for Amazon Cognito user pools using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. To learn more, refer to the documentation on https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.htmlhttps://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.htmland https://docs.aws.amazon.com/cognito/latest/developerguide/vpc-interface-endpoints.html. 

Amazon Cognito user pools now supports private connectivity with AWS PrivateLink

Amazon Cognito user pools now supports AWS PrivateLink for secure and private connectivity. With AWS PrivateLink, you can establish a private connection between your virtual pr...

#AWS #AmazonCognito #AwsPrivatelink

Amazon Cognito user pools now supports private connectivity with AWS PrivateLink Amazon Cognito user pools now supports AWS PrivateLink for secure and private connectivity. With AWS PrivateLink, you can establish a private connection between your virtual private cloud (VPC) and Amazon Cognito user pools to configure, manage, and authenticate against your Cognito user pools without using the public internet. By enabling private network connectivity, this enhancement eliminates the need to use public IP addresses or relying solely on firewall rules to access Cognito. This feature supports user pool management operations (e.g., list user pools, describe user pools), administrative operations (e.g., admin-created users), and user authentication flows (sign in local users stored in Cognito). OAuth 2.0 authorization code flow (Cognito managed login, hosted UI, sign-in via social identity providers), client credentials flow (Cognito machine-to-machine authorization), and federated sign-ins via SAML and OIDC standards are not supported through VPC endpoints at this time. You can use PrivateLink connections in all AWS Regions where Amazon Cognito user pools is available, except AWS GovCloud (US) Regions. Creating VPC endpoints on AWS PrivateLink will incur additional charges; refer to AWS PrivateLink pricing page for details. You can get started by creating an AWS PrivateLink interface endpoint for Amazon Cognito user pools using the AWS Management Console, AWS Command Line Interface (CLI), AWS Software Development Kits (SDKs), AWS Cloud Development Kit (CDK), or AWS CloudFormation. To learn more, refer to the documentation on creating an interface VPC endpoint and Amazon Cognito’s developer guide.

🆕 Amazon Cognito user pools now support AWS PrivateLink for secure private connectivity, eliminating public internet use. VPC endpoints enable private access for management and user auth, excluding OAuth 2.0. Available in all regions except AWS GovCloud (US). A…

#AWS #AmazonCognito #AwsPrivatelink

Amazon Cognito removes Machine-to-Machine app client price dimension We're excited to announce a simplified pricing model for Amazon Cognito's machine-to-machine (M2M) authentication. Starting today we are removing the M2M app client pricing dimension, making it more cost-effective for customers to build and scale their M2M applications. Cognito supports applications that access API data with machine identities. Machine identities in user pools are clients that run on application servers and connect to remote APIs. Their operation happens without user interaction such as scheduled tasks, data streams, or asset updates. This change reduces the pricing of Cognito for customers using M2M authentication by removing the app client price dimension. Customers will continue to be charged based on the number of successful M2M token requests per month. Previously, customers were charged for each M2M app client registered, regardless of usage amount, and each successful token request made by the app client to access a resource. With this change, customers will only pay for their successful token requests, making it more cost-effective to build and scale M2M applications using Amazon Cognito. This pricing change is automatic and requires no action from customers. It is effective in all supported Amazon Cognito regions. To learn more about Amazon Cognito pricing, visit our https://aws.amazon.com/cognito/pricing/. 

Amazon Cognito removes Machine-to-Machine app client price dimension

We're excited to announce a simplified pricing model for Amazon Cognito's machine-to-machine (M2M) authentication. Starting today we are removing the M2M app client pricing dimension, makin...

#AWS #AmazonCognito #AwsGovcloudUs

Amazon Cognito removes Machine-to-Machine app client price dimension We're excited to announce a simplified pricing model for Amazon Cognito's machine-to-machine (M2M) authentication. Starting today we are removing the M2M app client pricing dimension, making it more cost-effective for customers to build and scale their M2M applications. Cognito supports applications that access API data with machine identities. Machine identities in user pools are clients that run on application servers and connect to remote APIs. Their operation happens without user interaction such as scheduled tasks, data streams, or asset updates. This change reduces the pricing of Cognito for customers using M2M authentication by removing the app client price dimension. Customers will continue to be charged based on the number of successful M2M token requests per month. Previously, customers were charged for each M2M app client registered, regardless of usage amount, and each successful token request made by the app client to access a resource. With this change, customers will only pay for their successful token requests, making it more cost-effective to build and scale M2M applications using Amazon Cognito. This pricing change is automatic and requires no action from customers. It is effective in all supported Amazon Cognito regions. To learn more about Amazon Cognito pricing, visit our pricing page.

🆕 Amazon Cognito simplifies M2M pricing by removing app client charges, now only billing for successful token requests, making it more cost-effective for M2M applications. No action needed; change is automatic and region-wide.

#AWS #AmazonCognito #AwsGovcloudUs

Attending #AWSreInvent this year? Join us for an interactive session on an AI-powered security guardian.

SEC304 | Building an AI-Powered security guardian for your #AmazonCognito applications

🗓️ Wednesday Dec 3, 2025
⏰ 4:30p - 5:30p PST
📍 MGM Grand

registration.awsevents.com/flow/awseven...

Amazon Cognito now supports resource indicators to simplify enhancing protection of OAuth 2.0 resources Amazon Cognito now enables app clients to specify resource indicators during access token requests as part of its OAuth 2.0 authorization code grant and implicit grant flows. The resource indicator identifies the protected resource, such as a user’s bank account record or a specific file in a file server that the user needs to access. After authenticating the client, Cognito then issues an access token for that specific resource. This ensures that access tokens can be limited from broad service level access down to accessing specific individual resources. This capability makes it simpler to protect resources that a user needs to access. For example, agents (an example of app clients) on behalf of users can request access tokens for specific protected resources, such as a user’s banking records. After validation, Cognito issues an access token with the audience claim set to the specific resource. Previously, clients had to use non-standard claims or scopes for Cognito to infer and issue resource-specific access tokens. Now, customers can specify the target resource in a simple and consistent way using standards-based resource parameter. This capability is available to Amazon Cognito https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html customers using https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html in AWS Regions where Cognito is available, including the AWS GovCloud (US) Regions. To learn more, refer to the https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html, and https://aws.amazon.com/cognito/pricing/ for Cognito Essentials and Plus tier.

Amazon Cognito now supports resource indicators to simplify enhancing protection of OAuth 2.0 resources

Amazon Cognito now enables app clients to specify resource indicators during access token requests as part of its OAuth 2.0 authorization code grant and i...

#AWS #AwsGovcloudUs #AmazonCognito

Amazon Cognito now supports resource indicators to simplify enhancing protection of OAuth 2.0 resources Amazon Cognito now enables app clients to specify resource indicators during access token requests as part of its OAuth 2.0 authorization code grant and implicit grant flows. The resource indicator identifies the protected resource, such as a user’s bank account record or a specific file in a file server that the user needs to access. After authenticating the client, Cognito then issues an access token for that specific resource. This ensures that access tokens can be limited from broad service level access down to accessing specific individual resources. This capability makes it simpler to protect resources that a user needs to access. For example, agents (an example of app clients) on behalf of users can request access tokens for specific protected resources, such as a user’s banking records. After validation, Cognito issues an access token with the audience claim set to the specific resource. Previously, clients had to use non-standard claims or scopes for Cognito to infer and issue resource-specific access tokens. Now, customers can specify the target resource in a simple and consistent way using standards-based resource parameter. This capability is available to Amazon Cognito Managed Login customers using Essentials or Plus tiers in AWS Regions where Cognito is available, including the AWS GovCloud (US) Regions. To learn more, refer to the developer guide, and pricing for Cognito Essentials and Plus tier.

🆕 Amazon Cognito now supports OAuth 2.0 resource indicators, allowing app clients to specify resources during access token requests, ensuring tokens are limited to specific resources like bank accounts. Available for Essentials or Plus tiers in supported AWS reg…

#AWS #AwsGovcloudUs #AmazonCognito

Amazon Cognito adds terms of use and privacy policy documents support to Managed Login Amazon Cognito now allows you to configure terms of use and privacy policy documents for https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html pages. This helps customers seamlessly present legal terms during user registration while simplifying implementation. With Managed Login, Cognito customers could previously use its no-code editor to customize the user journey from signup and login to password recovery and multi-factor authentication. Now, customers can additionally use Managed Login to easily set up terms of use and privacy policy documents, saving development teams from building custom solutions. With this capability, you can configure terms of use and privacy policy URLs for each app client in your Cognito user pool. When users register, they see text indicating that by signing up, they agree to your terms of use and privacy policy, and a link to your webpage with the agreement. You can configure different URLs for each https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-localization to match your Managed Login localization settings. For example, if you have configured the privacy policy and terms of use documents for French (fr) and the same is selected in the lang query-parameter on the sign-up page URL, users will see the French URL you configured. This capability is available to Amazon Cognito customers using the https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html in AWS Regions where Cognito is available, including the AWS GovCloud (US) Regions. To learn more, refer to the https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-terms-documents and https://aws.amazon.com/cognito/pricing/ for Cognito Essentials and Plus tier.

Amazon Cognito adds terms of use and privacy policy documents support to Managed Login

Amazon Cognito now allows you to configure terms of use and privacy policy documents for docs.aws.amazon.com/cognito/latest/developer...

#AWS #AwsGovcloudUs #AmazonCognito

Amazon Cognito adds terms of use and privacy policy documents support to Managed Login Amazon Cognito now allows you to configure terms of use and privacy policy documents for https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html pages. This helps customers seamlessly present legal terms during user registration while simplifying implementation. With Managed Login, Cognito customers could previously use its no-code editor to customize the user journey from signup and login to password recovery and multi-factor authentication. Now, customers can additionally use Managed Login to easily set up terms of use and privacy policy documents, saving development teams from building custom solutions. With this capability, you can configure terms of use and privacy policy URLs for each app client in your Cognito user pool. When users register, they see text indicating that by signing up, they agree to your terms of use and privacy policy, and a link to your webpage with the agreement. You can configure different URLs for each https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-localization to match your Managed Login localization settings. For example, if you have configured the privacy policy and terms of use documents for French (fr) and the same is selected in the lang query-parameter on the sign-up page URL, users will see the French URL you configured. This capability is available to Amazon Cognito customers using the https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html in AWS Regions where Cognito is available, including the AWS GovCloud (US) Regions. To learn more, refer to the https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html#managed-login-terms-documents and https://aws.amazon.com/cognito/pricing/ for Cognito Essentials and Plus tier.

Amazon Cognito adds terms of use and privacy policy documents support to Managed Login

Amazon Cognito now allows you to configure terms of use and privacy policy documents for docs.aws.amazon.com/cognito/latest/developer...

#AWS #AwsGovcloudUs #AmazonCognito

Amazon Cognito adds terms of use and privacy policy documents support to Managed Login Amazon Cognito now allows you to configure terms of use and privacy policy documents for Managed Login pages. This helps customers seamlessly present legal terms during user registration while simplifying implementation. With Managed Login, Cognito customers could previously use its no-code editor to customize the user journey from signup and login to password recovery and multi-factor authentication. Now, customers can additionally use Managed Login to easily set up terms of use and privacy policy documents, saving development teams from building custom solutions. With this capability, you can configure terms of use and privacy policy URLs for each app client in your Cognito user pool. When users register, they see text indicating that by signing up, they agree to your terms of use and privacy policy, and a link to your webpage with the agreement. You can configure different URLs for each supported language to match your Managed Login localization settings. For example, if you have configured the privacy policy and terms of use documents for French (fr) and the same is selected in the lang query-parameter on the sign-up page URL, users will see the French URL you configured. This capability is available to Amazon Cognito customers using the Essentials or Plus tiers in AWS Regions where Cognito is available, including the AWS GovCloud (US) Regions. To learn more, refer to the developer guide and Pricing Detail Page for Cognito Essentials and Plus tier.

🆕 Amazon Cognito now supports terms of use and privacy policy documents for Managed Login, simplifying legal terms presentation during user registration and saving development time. Available for Essentials and Plus tiers in supported regions.

#AWS #AwsGovcloudUs #AmazonCognito

Vaibhav Gujral, Kunle Adeleke and Pichaimani Rajesh Kumar have Sessions on Cloud Computing at Nebraska.Code() next week.

nebraskacode.amegala.com

#Kubernetes #Azure #CloudComputing #AmazonCognito #Nebraska #AccessManagement #TechConference #softwareengineering #softwaredevelopment #AWS

Designing a Scalable Multi-Tenant SaaS Architecture on AWS Discover how to build a scalable, secure multi-tenant SaaS architecture on AWS using best practices, cloud-native tools, and proven design patterns.

"Designing a Scalable Multi-Tenant SaaS Architecture on AWS" by Prasanth Nambiar

#saas #multi-tenant #saas-arch #best practices #amazoncognito

Smart Receipts Tracker - AWS LAmbda Hackthon Smart Receipts Tracker is an AI-powered expense management application designed to simplify receipt tracking, categorization, and financial reporting. Users can upload receipt images, and the system automatically extracts and categorizes expense details using AWS Bedrock's AI capabilities. All expense data is securely stored in DynamoDB, and the application provides features for viewing, editing, deleting, and exporting expense records, along with weekly spending reports and a tax calendar.

"Smart Receipts Tracker - AWS LAmbda Hackthon" by Shaista Aman

#awsbedrock #claude3 #aws-lambda #amazoncognito #dynamodb

OAuth2 Scope Authorization with Amazon Verified Permissions Learn to implement OAuth2 scope-based authorization using Amazon Verified Permissions and Cognito for fine-grained machine-to-machine API access control.

"OAuth2 Scope Authorization with Amazon Verified Permissions" by Owen Hawkins

#verified-permissions #amazon-verified-permissions #cognito #amazoncognito

Amazon Cognito introduces AWS WAF support for Managed Login Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito user pools from unwanted or malicious requests and web-based attacks. Managed Login, a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding, now offers an additional layer of protection against threat vectors through integration with AWS WAF web access control lists (web ACLs). This integration provides customers with powerful new capabilities to safeguard their applications against malicious attacks. With AWS WAF support, you can now define rules that enforce rate limits, gain visibility into web traffic to your applications, and allow or block traffic to Cognito Managed Login based on your specific business or security requirements. Additionally, the AWS WAF integration enables you to optimize costs by controlling bot traffic to your Cognito user pools. Managed Login and WAF support in Managed Login are offered as part of the Cognito Essentials and Plus tiers and are available in all AWS Regions where Amazon Cognito is available. Please note that AWS WAF charges apply for the inspection of user pool requests. For more information, see https://aws.amazon.com/waf/pricing/. To learn more, see Using https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html, and to get started, visit the https://console.aws.amazon.com/cognito/home.  

Amazon Cognito introduces AWS WAF support for Managed Login

Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito...

#AWS #AmazonCognito #AwsGovcloudUs

Amazon Cognito introduces AWS WAF support for Managed Login Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito user pools from unwanted or malicious requests and web-based attacks. Managed Login, a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding, now offers an additional layer of protection against threat vectors through integration with AWS WAF web access control lists (web ACLs). This integration provides customers with powerful new capabilities to safeguard their applications against malicious attacks. With AWS WAF support, you can now define rules that enforce rate limits, gain visibility into web traffic to your applications, and allow or block traffic to Cognito Managed Login based on your specific business or security requirements. Additionally, the AWS WAF integration enables you to optimize costs by controlling bot traffic to your Cognito user pools. Managed Login and WAF support in Managed Login are offered as part of the Cognito Essentials and Plus tiers and are available in all AWS Regions where Amazon Cognito is available. Please note that AWS WAF charges apply for the inspection of user pool requests. For more information, see AWS WAF Pricing. To learn more, see Using AWS WAF to protect Amazon Cognito User Pools, and to get started, visit the Amazon Cognito console.

🆕 Amazon Cognito now supports AWS WAF for Managed Login, enhancing protection against attacks, optimizing bot traffic, and offering cost savings. Available in all regions for Essentials and Plus tiers. AWS WAF charges apply.

#AWS #AmazonCognito #AwsGovcloudUs

Pichaimani Rajesh Kumar presents 'Securing your workload with a modern customer identity and access management (CIAM) - Amazon Cognito' July 25th at Nebraska.Code().

nebraskacode.amegala.com

#AmazonCognito #AccessManagement #CIAM #TechWorkload #UserAuth #Techconf #AdaptiveAuthentication #Nebraska

Kunle Adeleke presents 'Securing your workload with a modern customer identity and access management (CIAM) - Amazon Cognito' July 25th at Nebraska.Code().

nebraskacode.amegala.com

#AmazonCognito #AccessManagement #multifactorauthentication #Nebraska #SeamlessIntegration #Technology #TechConf

Amazon Cognito now supports OIDC prompt parameter Amazon Cognito announces support for the OpenID Connect (OIDC) prompt parameter in Cognito Managed Login. Managed Login provides a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding. This new capability enables customers to control authentication flows more precisely by supporting two commonly requested prompt values: 'login' for re-authentication scenarios and 'none' for silent authentication state check. These prompt parameters respectively allow applications to specify whether users should be prompted to authenticate again or leverage existing sessions, enhancing both security and user experience. With this launch, Cognito can also pass through select_account and consent prompts to third-party OIDC providers when the user pool is configured for federated sign-in. With the 'login' prompt, applications can now require users to re-authenticate explicitly while maintaining their existing authenticated sessions. This is particularly useful for scenarios requiring additional and more recent authentication verification, such as right before accessing sensitive information or performing transactions. The 'none' prompt enables a silent check on authentication state, allowing applications to check if users have an existing active authentication session without having to re-authenticate. This prompt can be valuable for implementing seamless single sign-on experiences across multiple applications sharing the same user pool. This enhancement is available in Amazon Cognito Managed Login to customers on the Essentials or Plus tiers in all AWS Regions where Amazon Cognito is available. To learn more about implementing these authentication flows, visit the https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html.  

Amazon Cognito now supports OIDC prompt parameter

Amazon Cognito announces support for the OpenID Connect (OIDC) prompt parameter in Cognito Managed Login. Managed Login provides a fully-managed, hosted sign-in and sign-up experience that customers can perso...

#AWS #AmazonCognito #AwsGovcloudUs