Amazon Cognito Managed Login integration with AWS WAF | Amazon Web Services

Amazon Web Services · Beginner ·☁️ DevOps & Cloud ·11mo ago

Key Takeaways

Integrates Amazon Cognito Managed Login with AWS WAF

Full Transcript

Are you looking to protect your cognitive login pages from common web exploits? Are you leveraging Cognto manage login? My name is Blake Franen. I'm a senior security solutions architect with the Adabus industry's customer acceleration team. And today I want to show you the new integration with Cognto managed login in Adabis W. This exciting new capability released in June 2025 allows you to protect your managed login endpoints from unwanted or malicious requests and web- based attacks. With this integration, you can now define rules that allow or block traffic to Cognto manage login based on your specific business or security requirements. This provides an additional layer of protection and is particularly valuable for organizations that need to obtain strict security standards while providing a seamless authentication experience for legitimate users. Let's discuss the components of this new integration. First, CNO managed login is a fully managed signin and signup experience that you can personalize to align with your company or application branding. and provides a readytouse user interface for authentication operations like signin, signouts, password management, and MFA management. This eliminates the need to build custom authentication interfaces. Manage login also functions as a service provider or relying party to various identity providers including SAL and OIDC based IDs as well as social login providers like Facebook, Amazon, Apple, and Google. It offers advanced features not available in the classic hosted UI such as pass key signin and a visual branding editor that allows you to customize the look and feel to match your brand. It's available in the cognto essentials and plus tiers providing a professional authentication experience that can now be further secured with adabis web is a web application firewall that lets you inspect HTTP and HTTPS requests before they are forwarded to your web application resources. With WT, you can create rules to filter web traffic based on common criteria such as IP addresses, headers, URI strings, or you can block common threats like SQL injection or cross- sight scripting. When integrated with Cognto manage login, W will inspect requests to all manage login endpoints. Based on your configured rules, you can set W to either count, allow, block, or present a capture in response to requests to these endpoints. This integration provides powerful security capabilities including protection against common web exploits and bots based rules to counter DOS attacks and much much more. This integration is available in all eight of regions where Amazon cognto is offered providing you a robust security layer for your authentication infrastructure needs. Now let's see this in action. We have a user pool configured and let's take a look at what manage login looks like. We'll go down to the branding tab and click manage login. And we can see that we have man manage login configuration configured here under styles. We will select this style ID. And here we can preview and make modifications to the branding of our signin or manage login experience. See I have a preconfigured one here that we'll be leveraging for this de demo. Now let's integrate ads w with our user pool. We will go to security and ads w. We can see this is currently inactive. We will click edit. Then use ads w user pool and we'll select user pool here. Purpose of this demo we'll use cognto test and click save changes. W is now integrated with our user pool but we have no rules configured here. Let's go and configure some W rules. We'll move over to the W console and we can see here I have a pre-created rule that we need to modify called capture. We will select that checkbox and click edit. And within here, we want to create a rule that will present a capture challenge to end users. Now, if you choose to use the capture action with manage login, you need to customize that rule to exclude specific headers as this can impact the TOTP or timebased onetime password experience for manage login. Specifically, you need to match against two statements. They're both matching this header field called X Amazon Cognto operation name, but two different strings or values to match here. And we negate these statements. So this means that for all requests that don't match these two header values, we will require a capture action. The first is associate software token. The second is verify software token. Once we have that configured, we can scroll down and flip this from what is currently set to allow to the capture response. We will click save rule. And then we just need to set a rule priority. This is the only rule. So there's no change needed here. And we can click save. This capture response is now active. Let's take a look at what this experience looks like. So we'll go back to the Cognto console. We will select an app client where we currently have the manage login configured. It's under my web app client. We will select login pages. You can see the manage login is available here. We can view the login page. I will copy this link. We'll open a new incognito tab. Visit the site. And we can see we're first prompted before we get to that manage login experience to perform a capture. We will click begin and then complete this capture challenge. Click confirm. We successfully completed that. Now we can log into our application. I have credentials here. We will sign in and then I'm into my application and I can perform whatever actions needed after signing in. You see that's working successfully. Now let's say we want to add a custom rule that will block certain types of traffic. Let's go back to the W console here. We want to add a IP block list. So we'll add our own custom rule. Let's call this IP block. It is a regular rule still and we want to match on a specific statement in this case that originates from an IP address in an IP set that we have defined. this case I have one already defined with my IP for the purposes of the demo matching source IP address and then we will leave the default action of block because we want to block this traffic. Click add rule. We will set the rule priority above just for the purposes of this demo and click save. That IP block is now active. I still have that link copied. So I will open up another tab visit again and we can see we're unable to access that manage login experience now because we have a 403 error. We are blocked from performing that action that is intended as what we want to see. To recap what you saw during this demonstration, we first integrated advis with cognto allowing you to protect cognto manage login endpoints. Then we configured two W rules. First that presented a capture challenge to end users before logging in and then second we blocked specific IP addresses to that application. Now, grab your newest application, integrate with Cognto, attach it to swap to user pool, and protect your Cognto login. Also, take a look at the Cognto documentation and let us know in the comments if you have any questions. Thanks.

Original Description

Amazon Cognito introduces AWS Web Application Firewall (AWS WAF) support in Cognito Managed Login. This new capability allows customers to protect their Managed Login endpoints configured in Cognito user pools from unwanted or malicious requests and web-based attacks. Managed Login, a fully-managed, hosted sign-in and sign-up experience that customers can personalize to align with their company or application branding, now offers an additional layer of protection against threat vectors through integration with AWS WAF web access control lists (web ACLs). This integration provides customers with powerful new capabilities to safeguard their applications against malicious attacks. With AWS WAF support, you can now define rules that enforce rate limits, gain visibility into web traffic to your applications, and allow or block traffic to Cognito Managed Login based on your specific business or security requirements. Additionally, the AWS WAF integration enables you to optimize costs by controlling bot traffic to your Cognito user pools. Managed Login and WAF support in Managed Login are offered as part of the Cognito Essentials and Plus tiers and are available in all AWS Regions where Amazon Cognito is available. Please note that AWS WAF charges apply for the inspection of user pool requests. For more information, see AWS WAF Pricing. To learn more, see Using AWS WAF to protect Amazon Cognito User Pools, and to get started, visit the Amazon Cognito console. Learn more at - http://go.aws/3HgjLlI Subscribe to AWS: https://go.aws/subscribe Sign up for AWS: https://go.aws/signup AWS free tier: https://go.aws/free Explore more: https://go.aws/more Contact AWS: https://go.aws/contact Next steps: Explore on AWS in Analyst Research: https://go.aws/reports Discover, deploy, and manage software that runs on AWS: https://go.aws/marketplace Join the AWS Partner Network: https://go.aws/partners Learn more on how Amazon builds and operates software: https://go.aws/library
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Amazon Web Services · Amazon Web Services · 0 of 60

← Previous Next →
1 Agentic AI Design Patterns Introduction and walkthrough | Amazon Web Services
Agentic AI Design Patterns Introduction and walkthrough | Amazon Web Services
Amazon Web Services
2 Galileo on modernizing on banking infrastructure | Amazon Web Services
Galileo on modernizing on banking infrastructure | Amazon Web Services
Amazon Web Services
3 Alliander Speeds Innovation and Energy Transition Using AWS | Amazon Web Services
Alliander Speeds Innovation and Energy Transition Using AWS | Amazon Web Services
Amazon Web Services
4 AWS and Scuderia Ferrari HP streamline F1 power unit assembly | Amazon Web Services
AWS and Scuderia Ferrari HP streamline F1 power unit assembly | Amazon Web Services
Amazon Web Services
5 How AWS machine learning supports Scuderia Ferrari HP pit stops | Amazon Web Services
How AWS machine learning supports Scuderia Ferrari HP pit stops | Amazon Web Services
Amazon Web Services
6 Nasdaq Builds Market Infrastructure of the Future with AWS | Amazon Web Services
Nasdaq Builds Market Infrastructure of the Future with AWS | Amazon Web Services
Amazon Web Services
7 AWS Security Hub Exposure Findings | Amazon Web Services
AWS Security Hub Exposure Findings | Amazon Web Services
Amazon Web Services
8 How do I use Session Manager port forwarding to connect to my EC2 instance through RDP?
How do I use Session Manager port forwarding to connect to my EC2 instance through RDP?
Amazon Web Services
9 How do I extend an EBS volume with LVM partitions?
How do I extend an EBS volume with LVM partitions?
Amazon Web Services
10 AWS Graviton makes it easy to optimize performance, cost, and sustainability | Amazon Web Services
AWS Graviton makes it easy to optimize performance, cost, and sustainability | Amazon Web Services
Amazon Web Services
11 Run Cloud Adoption Framework workshops with Miro | Amazon Web Services
Run Cloud Adoption Framework workshops with Miro | Amazon Web Services
Amazon Web Services
12 Getting Started with AWS Cost Optimization Hub | Amazon Web Services
Getting Started with AWS Cost Optimization Hub | Amazon Web Services
Amazon Web Services
13 Why did my Amazon SQS messages get sent to a dead-letter queue?
Why did my Amazon SQS messages get sent to a dead-letter queue?
Amazon Web Services
14 Declarative Policies for EC2 | Amazon Web Services
Declarative Policies for EC2 | Amazon Web Services
Amazon Web Services
15 How do I troubleshoot IAM permission issues for the Billing and Cost Management console?
How do I troubleshoot IAM permission issues for the Billing and Cost Management console?
Amazon Web Services
16 Integrity at Scale: Inside the Flo Health Mission | Amazon Web Services
Integrity at Scale: Inside the Flo Health Mission | Amazon Web Services
Amazon Web Services
17 Fueling Success: Small shifts, powerful performance | Amazon Web Services
Fueling Success: Small shifts, powerful performance | Amazon Web Services
Amazon Web Services
18 WEX enhances customer experience with AI-powered chatbot | Amazon Web Services
WEX enhances customer experience with AI-powered chatbot | Amazon Web Services
Amazon Web Services
19 Accelerate troubleshooting with Amazon CloudWatch investigations | Amazon Web Services
Accelerate troubleshooting with Amazon CloudWatch investigations | Amazon Web Services
Amazon Web Services
20 Why is my Windows WorkSpace stuck in the starting, rebooting, or stopping status?
Why is my Windows WorkSpace stuck in the starting, rebooting, or stopping status?
Amazon Web Services
21 Telemetry Pipelines for AI | Amazon Web Services
Telemetry Pipelines for AI | Amazon Web Services
Amazon Web Services
22 Getting Control over Security and Observability Data | Amazon Web Services
Getting Control over Security and Observability Data | Amazon Web Services
Amazon Web Services
23 The Problem with Telemetry Data Volume | Amazon Web Services
The Problem with Telemetry Data Volume | Amazon Web Services
Amazon Web Services
24 Telemetry Pipelines on AWS | Amazon Web Services
Telemetry Pipelines on AWS | Amazon Web Services
Amazon Web Services
25 What are Telemetry Pipelines? | Amazon Web Services
What are Telemetry Pipelines? | Amazon Web Services
Amazon Web Services
26 Using AI for RegEx on Telemetry Pipelines | Amazon Web Services
Using AI for RegEx on Telemetry Pipelines | Amazon Web Services
Amazon Web Services
27 Multi-Session Support in the AWS Console | Amazon Web Services
Multi-Session Support in the AWS Console | Amazon Web Services
Amazon Web Services
28 How CloudHedge delivers assessment with AWS ISV Tooling Program at no cost?
How CloudHedge delivers assessment with AWS ISV Tooling Program at no cost?
Amazon Web Services
29 How customers speed up migration and modernization to AWS with CloudHedge | Amazon Web Services
How customers speed up migration and modernization to AWS with CloudHedge | Amazon Web Services
Amazon Web Services
30 Chaos Experiment with Amazon ElastiCache | Amazon Web Services
Chaos Experiment with Amazon ElastiCache | Amazon Web Services
Amazon Web Services
31 Amazon S3 Access Points: Easily manage access for shared datasets on S3 | Amazon Web Services
Amazon S3 Access Points: Easily manage access for shared datasets on S3 | Amazon Web Services
Amazon Web Services
32 ElastiCache Valkey 8.0 - Savings and Efficiency | Amazon Web Services
ElastiCache Valkey 8.0 - Savings and Efficiency | Amazon Web Services
Amazon Web Services
33 Pennymac scales document processing with AWS | Amazon Web Services
Pennymac scales document processing with AWS | Amazon Web Services
Amazon Web Services
34 AWS | Next Level Innovation | Amazon Web Services
AWS | Next Level Innovation | Amazon Web Services
Amazon Web Services
35 Driving Cloud Innovation: Mindtickle's Partnership with AWS Enterprise Support | Amazon Web Services
Driving Cloud Innovation: Mindtickle's Partnership with AWS Enterprise Support | Amazon Web Services
Amazon Web Services
36 A Leader's Edge from Executive Insights | Amazon Web Services
A Leader's Edge from Executive Insights | Amazon Web Services
Amazon Web Services
37 How do I create a custom Amazon WorkSpaces image?
How do I create a custom Amazon WorkSpaces image?
Amazon Web Services
38 Charles Leclerc tests his AI-generated race track | Amazon Web Services
Charles Leclerc tests his AI-generated race track | Amazon Web Services
Amazon Web Services
39 Redington Scales India’s Cloud Access with AWS Partnership | Amazon Web Services
Redington Scales India’s Cloud Access with AWS Partnership | Amazon Web Services
Amazon Web Services
40 How do I prevent the resources in my CloudFormation stack from getting deleted or updated?
How do I prevent the resources in my CloudFormation stack from getting deleted or updated?
Amazon Web Services
41 How do I troubleshoot authentication errors when I use RDP to connect to an EC2 Windows instance?
How do I troubleshoot authentication errors when I use RDP to connect to an EC2 Windows instance?
Amazon Web Services
42 Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Amazon Web Services
43 Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Exploring the Possibilities of Digital Twin & AI at the Edge | Amazon Web Services
Amazon Web Services
44 AWS at the FORMULA 1 AWS GRAN PREMIO DELL'EMILIA-ROMAGNA 2025 | Amazon Web Services
AWS at the FORMULA 1 AWS GRAN PREMIO DELL'EMILIA-ROMAGNA 2025 | Amazon Web Services
Amazon Web Services
45 What's new in RCPs | Amazon Web Services
What's new in RCPs | Amazon Web Services
Amazon Web Services
46 API Caching using Amazon ElastiCache | Amazon Web Services
API Caching using Amazon ElastiCache | Amazon Web Services
Amazon Web Services
47 Pendula: Amazon Nova Customer Testimonial | Amazon Web Services
Pendula: Amazon Nova Customer Testimonial | Amazon Web Services
Amazon Web Services
48 InDebted : Amazon Nova Customer Testimonial | Amazon Web Services
InDebted : Amazon Nova Customer Testimonial | Amazon Web Services
Amazon Web Services
49 Amazon DynamoDB global tables with multi-Region strong consistency | Amazon Web Services
Amazon DynamoDB global tables with multi-Region strong consistency | Amazon Web Services
Amazon Web Services
50 Siemens Mobility uses AWS to operate securely, efficiently on a global scale | Amazon Web Services
Siemens Mobility uses AWS to operate securely, efficiently on a global scale | Amazon Web Services
Amazon Web Services
51 How do I reuse a knowledge base session in Amazon Bedrock?
How do I reuse a knowledge base session in Amazon Bedrock?
Amazon Web Services
52 EP5: MBZUAI, CMU : Causal AI, Answering The “Why“ and “What if“ Questions | AWS for AI Podcast
EP5: MBZUAI, CMU : Causal AI, Answering The “Why“ and “What if“ Questions | AWS for AI Podcast
Amazon Web Services
53 Hema scales time to market developing a data mesh on AWS (Technical) - Cloud Adventures
Hema scales time to market developing a data mesh on AWS (Technical) - Cloud Adventures
Amazon Web Services
54 Hema scales time to market developing a data mesh on AWS (Business) - Cloud Adventures
Hema scales time to market developing a data mesh on AWS (Business) - Cloud Adventures
Amazon Web Services
55 How Langfuse Scaled Their AI Platform with AWS: From Open-Source to Enterprise | Amazon Web Services
How Langfuse Scaled Their AI Platform with AWS: From Open-Source to Enterprise | Amazon Web Services
Amazon Web Services
56 SLMs and LLMs: What’s the Difference? | Amazon Web Services
SLMs and LLMs: What’s the Difference? | Amazon Web Services
Amazon Web Services
57 SLMs and LLMs: When to use them? | Amazon Web Services
SLMs and LLMs: When to use them? | Amazon Web Services
Amazon Web Services
58 SLMs on CPU | Amazon Web Services
SLMs on CPU | Amazon Web Services
Amazon Web Services
59 Intelligent Model Routing | Amazon Web Services
Intelligent Model Routing | Amazon Web Services
Amazon Web Services
60 SLMs, LLMs, and Model Routing in Agents | Amazon Web Services
SLMs, LLMs, and Model Routing in Agents | Amazon Web Services
Amazon Web Services

Related Reads

📰
Terraform Cloudflare DNS Checklist Before Every Apply
Learn a checklist to ensure correct Terraform Cloudflare DNS configuration before applying changes to prevent potential downtime
Dev.to · Oleksandr Kuryzhev
📰
Building a Windows Laptop Monitoring Agent with Webex and Email Alerts
Learn to build a Windows laptop monitoring agent with Webex and email alerts for real-time notifications
Dev.to · sam codex
📰
What Is Infrastructure as Code? A Beginner's Guide
Learn the basics of Infrastructure as Code (IaC) and how to manage servers and cloud resources with code
Dev.to · Muskan Bandta
📰
I just released SKTR, a deterministic architecture review CLI
Learn about SKTR, a deterministic architecture review CLI for reviewing Git changes and how to use it to improve code quality
Dev.to · Pablo Rubianes 🇺🇾
Up next
AWS, Azure, GCP: The One Thing Every Business Gets Wrong
AI Daily
Watch →