Amazon Cognito now enables application developers to propagate IP address as part of the caller context data in unauthenticated calls to Amazon Cognito. When Amazon Cognito’s Advanced Security Features (ASF) are enabled, this feature improves risk calculation and resulting authentication decisions performed in flows such as sign-up, account confirmation, and password change. Prior to this change, the end user IP address was not available in unauthenticated calls if these calls were initiated behind a proxy. With this new feature, developers who build identity micro-services, authentication modules or identity proxies can now leverage APIs to gain visibility into the client’s IP address and utilize them in other security applications to better understand the risk of a particular user activity.
Source:: Amazon AWS