Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add WAF rules to Cognito user pool #902

Closed
dlpzx opened this issue Dec 4, 2023 · 0 comments · Fixed by #976
Closed

Add WAF rules to Cognito user pool #902

dlpzx opened this issue Dec 4, 2023 · 0 comments · Fixed by #976
Labels
effort: medium priority: high status: in-review This issue has been implemented and is currently in review and waiting for next release type: enhancement Feature enhacement
Milestone
v2.3.0

Comments

@dlpzx
Copy link
Contributor

dlpzx commented Dec 4, 2023

Is your idea related to a problem? Please describe.
Currently we use WAF to protect the API Gateway and CloudFront distribution. Cognito released in 2022 the integration with WAF, which adds WAF rules and protection to the Cognito user pool. We have the opportunity to increase security by implementing WAF rules in data.all Cognito.

Describe the solution you'd like
Add WAF rules to the Cognito user pool in data.all

P.S. Don't attach files. Please, prefer add code snippets directly in the message body.
@dlpzx dlpzx added type: enhancement Feature enhacement priority: high status: not-picked-yet At the moment we have not picked this item. Anyone can pick it up effort: medium labels Dec 4, 2023
@anmolsgandhi anmolsgandhi added this to the v2.3.0 milestone Jan 5, 2024
@noah-paige noah-paige linked a pull request Jan 14, 2024 that will close this issue
Add WAF ACL to Cognito User Pool #976
Merged
@anmolsgandhi anmolsgandhi added status: in-progress This issue has been picked and is being implemented status: in-review This issue has been implemented and is currently in review and waiting for next release and removed status: not-picked-yet At the moment we have not picked this item. Anyone can pick it up status: in-progress This issue has been picked and is being implemented labels Jan 18, 2024
@noah-paige noah-paige mentioned this issue Jan 24, 2024
Merged
noah-paige added a commit that referenced this issue Jan 24, 2024
@noah-paige
Add WAF ACL to Cognito User Pool (#976)
72c4ff6 
### Feature or Bugfix
<!-- please choose -->
- Feature

### Detail
- Add WAF ACL to Cognito

### Relates
- #902

### Security
Please answer the questions below briefly where applicable, or write
`N/A`. Based on
[OWASP 10](https://owasp.org/Top10/en/).

- Does this PR introduce or modify any input fields or queries - this
includes
fetching data from storage outside the application (e.g. a database, an
S3 bucket)?
  - Is the input sanitized?
- What precautions are you taking before deserializing the data you
consume?
  - Is injection prevented by parametrizing queries?
  - Have you ensured no `eval` or similar functions are used?
- Does this PR introduce any functionality or component that requires
authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
  - Are you logging failed auth attempts?
- Are you using or adding any cryptographic features?
  - Do you use a standard proven implementations?
  - Are the used keys controlled by the customer? Where are they stored?
- Are you introducing any new policies/roles/users?
  - Have you used the least-privilege principle? How?


By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort: medium priority: high status: in-review This issue has been implemented and is currently in review and waiting for next release type: enhancement Feature enhacement
Projects
None yet
Milestone
v2.3.0
Development

Successfully merging a pull request may close this issue.

Add WAF ACL to Cognito User Pool data-dot-all/dataall
2 participants
@dlpzx @anmolsgandhi