How to protect your Cognito User Pools on AWS

Written By Brian H. Hough

Are you wondering about the various security mechanisms you have available to you in the AWS (Amazon Web Services) Management Console for their Amazon Cognito authentication service?

Here’s a quick playbook on the various configurations you can make to keep your apps and users protected:

  • Web Application Firewalls

  • Deletion Protection

AWS WAF (Web Application Firewall)

  • Coming soon




Deletion Protection

As described, this feature allows you to ensure that Infrastructure as Code updates, other users, or certain CloudFormation updates cannot delete a certain Cognito user pool while this setting is active. This is especially valuable for when scaling certain AWS resources or systems to add an extra buffer of protection.

  • Go to your Cognito User Pool of choice and on the tabs, select User pool properties

  • Scroll down to the section that says Deletion protection

  • Click Activate

  • This will bring up a pop-up that looks like the below - select Activate

    • To learn more about what this will specifically do, check out the AWS docs here

  • Once completed, you should see a ✅ Active status, meaning the setting was enabled for your Cognito user pool.

Brian H. Hough http://www.brianhhough.com
Previous

Google Colab disk space vs Google Drive disk space - What’s the difference?
Next

How to fix: You're importing a component that needs useState. It only works in a Client Component but none of its parents are marked with "use client", so they're Server Components by default.