aws-cdk: [cognito] Unable to create user pool with MFA required
(See reproduction steps for code example)
Ideally, I would like to enable MFA required with OTP only (not SMS)
When mfaSecondFactor.sms is set to false, the stack is able to be synthesized, but CloudFormation gives this error:
SMS configuration and Auto verification for phone_number are required when MFA is required/optional (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: d5cbb83e-b38a-4f57-9993-65ff923ac325; Proxy: null)
When mfaSecondFactor.sms is set to `true, the stack is not able to be synthesized with the following error:
TypeError: Cannot read property 'uniqueId' of undefined
at UserPool.smsConfiguration (/Users/barrett/Projects/github.com/tributumtax/monorepo/.yarn/$$virtual/@aws-cdk-aws-cognito-virtual-cef0628d0c/0/cache/@aws-cdk-aws-cognito-npm-1.73.0-8a062b6262-b3bdc35f1d.zip/node_modules/@aws-cdk/aws-cognito/lib/user-pool.ts:884:37)
at new UserPool (/Users/barrett/Projects/github.com/tributumtax/monorepo/.yarn/$$virtual/@aws-cdk-aws-cognito-virtual-cef0628d0c/0/cache/@aws-cdk-aws-cognito-npm-1.73.0-8a062b6262-b3bdc35f1d.zip/node_modules/@aws-cdk/aws-cognito/lib/user-pool.ts:740:30)
at new AuthStack (/Users/barrett/Projects/github.com/tributumtax/monorepo/packages/aws/lib/auth-stack.ts:23:22)
at Object.<anonymous> (/Users/barrett/Projects/github.com/tributumtax/monorepo/packages/aws/bin/aws.ts:45:19)
at Module._compile (internal/modules/cjs/loader.js:1176:30)
at Module.m._compile (/Users/barrett/Projects/github.com/tributumtax/monorepo/.yarn/unplugged/ts-node-virtual-9b8834e7f3/node_modules/ts-node/src/index.ts:858:23)
at Module._extensions..js (internal/modules/cjs/loader.js:1196:10)
at Object.require.extensions.<computed> [as .ts] (/Users/barrett/Projects/github.com/tributumtax/monorepo/.yarn/unplugged/ts-node-virtual-9b8834e7f3/node_modules/ts-node/src/index.ts:861:12)
at Module.load (internal/modules/cjs/loader.js:1040:32)
at Function.external_module_.Module._load (/Users/barrett/Projects/github.com/tributumtax/monorepo/.pnp.js:26436:14)
Subprocess exited with error 1
Reproduction Steps
import { App, Stack, StackProps } from '@aws-cdk/core';
import * as cognito from '@aws-cdk/aws-cognito';
export class AuthStack extends Stack {
constructor(scope: App, id: string, props: StackProps) {
super(scope, id, props);
const userPool = new cognito.UserPool(this, 'UserPool', {
selfSignUpEnabled: true,
signInAliases: {
email: true,
},
autoVerify: {
email: true,
},
mfa: cognito.Mfa.REQUIRED,
mfaSecondFactor: {
sms: true,
otp: true,
},
passwordPolicy: {
minLength: 16,
requireLowercase: true,
requireUppercase: true,
requireDigits: true,
requireSymbols: true,
},
accountRecovery: cognito.AccountRecovery.EMAIL_ONLY,
});
}
}
What did you expect to happen?
I should be able to deploy the stack
What actually happened?
The synth fails if sms is true and CloudFormation fails if it is set to false.
Environment
- CDK CLI Version : 1.62.0
- Framework Version: 1.62.0
- Node.js Version: 14.2.0
- OS : OS X Catalina
- Language (Version): TypeScript (4.0.20
Other
This is 🐛 Bug Report
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 13
- Comments: 18 (4 by maintainers)
I believe this is also an issue with CloudFormation. I see this problem when using Serverless with CloudFormation templates.
The SMS configuration correlates to the auto verification service Cognito provides, if this verification method is set on
phone_numberthen SMS configuration is required.So make sure you don’t have auto verify enabled for phone number and MFA required with only otp enabled should work.
I just want to bump this issue. Fwiw I’m also seeing the same error with CloudFormation.