Closed briri closed 1 year ago
We will be protecting the Rest API and the Rails app (Fargate) with a WAF. We should also ensure that the Cognito auth endpoint for system-to-system integrations is also protected.
See this pattern about placing Cloudfront and WAF in front of the Cognito user pools since they allow direct access and we are going to be using client_credentials workflows: https://aws.amazon.com/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/
We will be protecting the Rest API and the Rails app (Fargate) with a WAF. We should also ensure that the Cognito auth endpoint for system-to-system integrations is also protected.
See this pattern about placing Cloudfront and WAF in front of the Cognito user pools since they allow direct access and we are going to be using client_credentials workflows: https://aws.amazon.com/blogs/security/protect-public-clients-for-amazon-cognito-by-using-an-amazon-cloudfront-proxy/