Author: Mahmoud Matouk

September 8, 2023: It’s important to know that if you activate user sign-up in your user pool, anyone on the internet can sign up for an account and sign in to your apps. Don’t enable self-registration in your user pool unless you want to open your app to allow users to sign up. Sep 6 […]

January 28, 2025: The following blog post highlights how to implement passwordless authentication with Amazon Cognito and WebAuthn. Amazon Cognito added support for passwordless authentication, including passkeys, email one-time passwords (OTPs), and SMS OTPs, for secure and seamless sign-ins. However, this blog post may still be of interest to you if you want to learn […]

October 23: This post has been updated to utilize Duo Web v4 SDK and OIDC approach for integration with Duo two-factor authentication. Adding multi-factor authentication (MFA) reduces the risk of user account take-over, phishing, and password theft. Adding MFA while providing a frictionless sign-in experience requires you to offer a variety of MFA options that […]

AWS recently updated how Amazon Cognito user pools are created so that new user pools are case insensitive by default. An Amazon Cognito user pool is a user directory that helps you manage end-user identities. With this new feature, the native user name, email alias, and preferred user name alias are marked as case insensitive […]

March 31, 2025: We provided a note and links to resources in the third use case on using Route 53 profiles as a best practice to enable DNS resolutions between VPCs in different AWS accounts. April 19, 2023: In the section “Create private hosted zones” we updated step 1 to fix syntax error. September 27, […]

One of the most important things you can do as a customer to ensure the security of your resources is to maintain careful control over who has access to them. This is especially true if any of your AWS users have programmatic access. Programmatic access allows you to invoke actions on your AWS resources either […]

Note from June 5, 2019: The approach and architecture in this post is recommended if you prefer more control over DNS servers or prefer to use AWS Managed Active Directory for DNS resolution, however there are some limitations to this approach and we added a “Limitations and additional considerations” section to this post to describe […]