AWS Cognito identity pool allows unauthenticated guest access

Description

This policy checks whether AWS Cognito identity pools allows unauthenticated guest access. Guest access poses a security risk as it could enable unauthorized individuals to access sensitive data or functionality. Disabling guest access helps maintain system and data security.

Code Example

resource "aws_cognito_identity_pool" "example" {
  ...
+  allow_unauthenticated_identities = false
}

Remediation

Terraform

Resource: aws_cognito_identity_pool
Arguments: allow_unauthenticated_identities

To fix this issue:

Set the `allow_unauthenticated_identities` property is set to false within the `aws_cognito_identity_pool` resource, as displayed in the example below.

Rule Details

Field	Value
ID	IAC-0413
Severity	MEDIUM
IaC Type	Cloudformation
Frameworks	Terraform, TerraformPlan, CloudFormation
Checkov ID	CKV_AWS_366

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Cognito identity pool allows unauthenticated guest access

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Cognito identity pool allows unauthenticated guest access ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Cognito identity pool allows unauthenticated guest access

Description

Code Example

Remediation

Rule Details

References