diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5e36b3..9dd72c8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Re-enable API write access.
 - Use newly migrated DB (using officeId).
 - Require officeId to be specified in config (to avoid renaming issues).
+- Disable public Cognito registrations.
 
 ## [1.2.0] - 2020-09-14
 
diff --git a/infrastructure/index.ts b/infrastructure/index.ts
index 3d320b2..43860dc 100644
--- a/infrastructure/index.ts
+++ b/infrastructure/index.ts
@@ -159,10 +159,9 @@ const userPool = new aws.cognito.UserPool(`${serviceName}-users`, {
     preSignUp: preSignUp.arn,
     verifyAuthChallengeResponse: verifyAuthChallengeResponse.arn,
   },
-  // TODO: Block public sign-ups to the user pool.
-  // adminCreateUserConfig: {
-  //   allowAdminCreateUserOnly: true,
-  // },
+  adminCreateUserConfig: {
+    allowAdminCreateUserOnly: true,
+  },
   tags,
 });