Security

MichiFinanzas uses AWS-native security patterns: Cognito authentication, WAF protections, encryption at rest, TLS in transit, and least-privilege IAM.

Authentication

Cognito user pools with strong password policy and optional MFA.

Edge security

AWS WAF managed rules and rate limiting attached to the API stage.

Data encryption

DynamoDB + S3 encrypted using KMS with key rotation.

For production hardening, follow: docs/security/enterprise-baseline.md