Description
🚨 Please Note 🚨
To ensure efficient investigation of the issue, please fill out the fields below with as much detail as possible. Reports that do not follow this template may be closed without notification. We appreciate your cooperation.
🐞Describe the bug
Although IP restrictions are applied using the company's global IP address, once access has been gained, access from outside the company is also possible.
I am very concerned that this could be a security hole.
🔄 To Reproduce
Steps to reproduce the behavior:
- Accessing BCC without a VPN connection: The browser freezes and the screen remains white.
Another service via Cloudfront returns 403 normally. - Connect to VPN and access: The login screen appears normally.
- Disconnect the VPN again and access: BCC displays the login screen normally. Other services return 403.
interim measures:
By adding the API WAF to Cognito as shown below, IP restrictions for sign-in were implemented. I hope this helps.
This seems to be a different issue than browser cache.
Could you please review this so that WAF can be set up on Cognito and APIGateway?
📷 Screenshots
WAF is configured on Cloudfront.
🔎 Logs for Chat Issues
If the issue occurs during a chat interaction, please check the following logs on Amazon Cloudwatch Logs and include the relevant entries in your issue:
/aws/lambda/BedrockChatStack-BackendApiHandlerXXXX/aws/lambda/BedrockChatStack-WebSocketHandlerXXXX
🔎 Logs for Bot Creation/Update Issues
If the issue occurs during bot creation or updating, please check the execution records of the AWS Step Functions state machine named EmbeddingStateMachineXXX and include the details in your issue.
📝 Additional context
Add any other context about the problem here.