Amazon Cognito Managed Login integration with AWS WAF | Amazon Web Services
Key Takeaways
Integrates Amazon Cognito Managed Login with AWS WAF
Full Transcript
Are you looking to protect your cognitive login pages from common web exploits? Are you leveraging Cognto manage login? My name is Blake Franen. I'm a senior security solutions architect with the Adabus industry's customer acceleration team. And today I want to show you the new integration with Cognto managed login in Adabis W. This exciting new capability released in June 2025 allows you to protect your managed login endpoints from unwanted or malicious requests and web- based attacks. With this integration, you can now define rules that allow or block traffic to Cognto manage login based on your specific business or security requirements. This provides an additional layer of protection and is particularly valuable for organizations that need to obtain strict security standards while providing a seamless authentication experience for legitimate users. Let's discuss the components of this new integration. First, CNO managed login is a fully managed signin and signup experience that you can personalize to align with your company or application branding. and provides a readytouse user interface for authentication operations like signin, signouts, password management, and MFA management. This eliminates the need to build custom authentication interfaces. Manage login also functions as a service provider or relying party to various identity providers including SAL and OIDC based IDs as well as social login providers like Facebook, Amazon, Apple, and Google. It offers advanced features not available in the classic hosted UI such as pass key signin and a visual branding editor that allows you to customize the look and feel to match your brand. It's available in the cognto essentials and plus tiers providing a professional authentication experience that can now be further secured with adabis web is a web application firewall that lets you inspect HTTP and HTTPS requests before they are forwarded to your web application resources. With WT, you can create rules to filter web traffic based on common criteria such as IP addresses, headers, URI strings, or you can block common threats like SQL injection or cross- sight scripting. When integrated with Cognto manage login, W will inspect requests to all manage login endpoints. Based on your configured rules, you can set W to either count, allow, block, or present a capture in response to requests to these endpoints. This integration provides powerful security capabilities including protection against common web exploits and bots based rules to counter DOS attacks and much much more. This integration is available in all eight of regions where Amazon cognto is offered providing you a robust security layer for your authentication infrastructure needs. Now let's see this in action. We have a user pool configured and let's take a look at what manage login looks like. We'll go down to the branding tab and click manage login. And we can see that we have man manage login configuration configured here under styles. We will select this style ID. And here we can preview and make modifications to the branding of our signin or manage login experience. See I have a preconfigured one here that we'll be leveraging for this de demo. Now let's integrate ads w with our user pool. We will go to security and ads w. We can see this is currently inactive. We will click edit. Then use ads w user pool and we'll select user pool here. Purpose of this demo we'll use cognto test and click save changes. W is now integrated with our user pool but we have no rules configured here. Let's go and configure some W rules. We'll move over to the W console and we can see here I have a pre-created rule that we need to modify called capture. We will select that checkbox and click edit. And within here, we want to create a rule that will present a capture challenge to end users. Now, if you choose to use the capture action with manage login, you need to customize that rule to exclude specific headers as this can impact the TOTP or timebased onetime password experience for manage login. Specifically, you need to match against two statements. They're both matching this header field called X Amazon Cognto operation name, but two different strings or values to match here. And we negate these statements. So this means that for all requests that don't match these two header values, we will require a capture action. The first is associate software token. The second is verify software token. Once we have that configured, we can scroll down and flip this from what is currently set to allow to the capture response. We will click save rule. And then we just need to set a rule priority. This is the only rule. So there's no change needed here. And we can click save. This capture response is now active. Let's take a look at what this experience looks like. So we'll go back to the Cognto console. We will select an app client where we currently have the manage login configured. It's under my web app client. We will select login pages. You can see the manage login is available here. We can view the login page. I will copy this link. We'll open a new incognito tab. Visit the site. And we can see we're first prompted before we get to that manage login experience to perform a capture. We will click begin and then complete this capture challenge. Click confirm. We successfully completed that. Now we can log into our application. I have credentials here. We will sign in and then I'm into my application and I can perform whatever actions needed after signing in. You see that's working successfully. Now let's say we want to add a custom rule that will block certain types of traffic. Let's go back to the W console here. We want to add a IP block list. So we'll add our own custom rule. Let's call this IP block. It is a regular rule still and we want to match on a specific statement in this case that originates from an IP address in an IP set that we have defined. this case I have one already defined with my IP for the purposes of the demo matching source IP address and then we will leave the default action of block because we want to block this traffic. Click add rule. We will set the rule priority above just for the purposes of this demo and click save. That IP block is now active. I still have that link copied. So I will open up another tab visit again and we can see we're unable to access that manage login experience now because we have a 403 error. We are blocked from performing that action that is intended as what we want to see. To recap what you saw during this demonstration, we first integrated advis with cognto allowing you to protect cognto manage login endpoints. Then we configured two W rules. First that presented a capture challenge to end users before logging in and then second we blocked specific IP addresses to that application. Now, grab your newest application, integrate with Cognto, attach it to swap to user pool, and protect your Cognto login. Also, take a look at the Cognto documentation and let us know in the comments if you have any questions. Thanks.
Original Description
Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito user pools from unwanted or malicious requests and web-based attacks. Managed Login, a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding, now offers an additional layer of protection against threat vectors through integration with AWS WAF web access control lists (web ACLs).
This integration provides customers with powerful new capabilities to safeguard their applications against malicious attacks. With AWS WAF support, you can now define rules that enforce rate limits, gain visibility into web traffic to your applications, and allow or block traffic to Cognito Managed Login based on your specific business or security requirements. Additionally, the AWS WAF integration enables you to optimize costs by controlling bot traffic to your Cognito user pools.
Managed Login and WAF support in Managed Login are offered as part of the Cognito Essentials and Plus tiers and are available in all AWS Regions where Amazon Cognito is available. Please note that AWS WAF charges apply for the inspection of user pool requests. For more information, see AWS WAF Pricing. To learn more, see Using AWS WAF to protect Amazon Cognito User Pools, and to get started, visit the Amazon Cognito console.
Learn more at - http://go.aws/3HgjLlI
Subscribe to AWS: https://go.aws/subscribe
Sign up for AWS: https://go.aws/signup
AWS free tier: https://go.aws/free
Explore more: https://go.aws/more
Contact AWS: https://go.aws/contact
Next steps:
Explore on AWS in Analyst Research: https://go.aws/reports
Discover, deploy, and manage software that runs on AWS: https://go.aws/marketplace
Join the AWS Partner Network: https://go.aws/partners
Learn more on how Amazon builds and operates software: https://go.aws/library
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Amazon Web Services · Amazon Web Services · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Agentic AI Design Patterns Introduction and walkthrough | Amazon Web Services
Amazon Web Services
Galileo on modernizing on banking infrastructure | Amazon Web Services
Amazon Web Services
Alliander Speeds Innovation and Energy Transition Using AWS | Amazon Web Services
Amazon Web Services
AWS and Scuderia Ferrari HP streamline F1 power unit assembly | Amazon Web Services
Amazon Web Services
How AWS machine learning supports Scuderia Ferrari HP pit stops | Amazon Web Services
Amazon Web Services
Nasdaq Builds Market Infrastructure of the Future with AWS | Amazon Web Services
Amazon Web Services
AWS Security Hub Exposure Findings | Amazon Web Services
Amazon Web Services
How do I use Session Manager port forwarding to connect to my EC2 instance through RDP?
Amazon Web Services
How do I extend an EBS volume with LVM partitions?
Amazon Web Services
AWS Graviton makes it easy to optimize performance, cost, and sustainability | Amazon Web Services
Amazon Web Services
Run Cloud Adoption Framework workshops with Miro | Amazon Web Services
Amazon Web Services
Getting Started with AWS Cost Optimization Hub | Amazon Web Services
Amazon Web Services
Why did my Amazon SQS messages get sent to a dead-letter queue?
Amazon Web Services
Declarative Policies for EC2 | Amazon Web Services
Amazon Web Services
How do I troubleshoot IAM permission issues for the Billing and Cost Management console?
Amazon Web Services
Integrity at Scale: Inside the Flo Health Mission | Amazon Web Services
Amazon Web Services
Fueling Success: Small shifts, powerful performance | Amazon Web Services
Amazon Web Services
WEX enhances customer experience with AI-powered chatbot | Amazon Web Services
Amazon Web Services
Accelerate troubleshooting with Amazon CloudWatch investigations | Amazon Web Services
Amazon Web Services
Why is my Windows WorkSpace stuck in the starting, rebooting, or stopping status?
Amazon Web Services
Telemetry Pipelines for AI | Amazon Web Services
Amazon Web Services
Getting Control over Security and Observability Data | Amazon Web Services
Amazon Web Services
The Problem with Telemetry Data Volume | Amazon Web Services
Amazon Web Services
Telemetry Pipelines on AWS | Amazon Web Services
Amazon Web Services
What are Telemetry Pipelines? | Amazon Web Services
Amazon Web Services
Using AI for RegEx on Telemetry Pipelines | Amazon Web Services
Amazon Web Services
Multi-Session Support in the AWS Console | Amazon Web Services
Amazon Web Services
How CloudHedge delivers assessment with AWS ISV Tooling Program at no cost?
Amazon Web Services
How customers speed up migration and modernization to AWS with CloudHedge | Amazon Web Services
Amazon Web Services
Chaos Experiment with Amazon ElastiCache | Amazon Web Services
Amazon Web Services
Amazon S3 Access Points: Easily manage access for shared datasets on S3 | Amazon Web Services
Amazon Web Services
ElastiCache Valkey 8.0 - Savings and Efficiency | Amazon Web Services
Amazon Web Services
Pennymac scales document processing with AWS | Amazon Web Services
Amazon Web Services
AWS | Next Level Innovation | Amazon Web Services
Amazon Web Services
Driving Cloud Innovation: Mindtickle's Partnership with AWS Enterprise Support | Amazon Web Services
Amazon Web Services
A Leader's Edge from Executive Insights | Amazon Web Services
Amazon Web Services
How do I create a custom Amazon WorkSpaces image?
Amazon Web Services
Charles Leclerc tests his AI-generated race track | Amazon Web Services
Amazon Web Services
Redington Scales India’s Cloud Access with AWS Partnership | Amazon Web Services
Amazon Web Services
How do I prevent the resources in my CloudFormation stack from getting deleted or updated?
Amazon Web Services
How do I troubleshoot authentication errors when I use RDP to connect to an EC2 Windows instance?
Amazon Web Services
Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Amazon Web Services
Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Amazon Web Services
AWS at the FORMULA 1 AWS GRAN PREMIO DELL'EMILIA-ROMAGNA 2025 | Amazon Web Services
Amazon Web Services
What's new in RCPs | Amazon Web Services
Amazon Web Services
API Caching using Amazon ElastiCache | Amazon Web Services
Amazon Web Services
Pendula: Amazon Nova Customer Testimonial | Amazon Web Services
Amazon Web Services
InDebted : Amazon Nova Customer Testimonial | Amazon Web Services
Amazon Web Services
Amazon DynamoDB global tables with multi-Region strong consistency | Amazon Web Services
Amazon Web Services
Siemens Mobility uses AWS to operate securely, efficiently on a global scale | Amazon Web Services
Amazon Web Services
How do I reuse a knowledge base session in Amazon Bedrock?
Amazon Web Services
EP5: MBZUAI, CMU : Causal AI, Answering The “Why“ and “What if“ Questions | AWS for AI Podcast
Amazon Web Services
Hema scales time to market developing a data mesh on AWS (Technical) - Cloud Adventures
Amazon Web Services
Hema scales time to market developing a data mesh on AWS (Business) - Cloud Adventures
Amazon Web Services
How Langfuse Scaled Their AI Platform with AWS: From Open-Source to Enterprise | Amazon Web Services
Amazon Web Services
SLMs and LLMs: What’s the Difference? | Amazon Web Services
Amazon Web Services
SLMs and LLMs: When to use them? | Amazon Web Services
Amazon Web Services
SLMs on CPU | Amazon Web Services
Amazon Web Services
Intelligent Model Routing | Amazon Web Services
Amazon Web Services
SLMs, LLMs, and Model Routing in Agents | Amazon Web Services
Amazon Web Services
Related Reads
📰
📰
📰
📰
Terraform Cloudflare DNS Checklist Before Every Apply
Dev.to · Oleksandr Kuryzhev
Building a Windows Laptop Monitoring Agent with Webex and Email Alerts
Dev.to · sam codex
What Is Infrastructure as Code? A Beginner's Guide
Dev.to · Muskan Bandta
I just released SKTR, a deterministic architecture review CLI
Dev.to · Pablo Rubianes 🇺🇾
🎓
Tutor Explanation
DeepCamp AI