I am new to AWS and I am trying to create a new user-pool in that i want to achieve the below highlighted settings to be done using Cloud Formation. can you point me in the right direction to achieve this?
Please based on this one to change a bit for you. This is I'm using which is very close to your requirement already.
AWSTemplateFormatVersion: 2010-09-09
Description: >
AWS CloudFormation template to create core infrastructure
Parameters:
Product:
Type: String
Default: "your-product-name"
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Join ["-", [!Ref Product, "user-pool"]]
AutoVerifiedAttributes:
- email
Schema:
- AttributeDataType: "String"
Mutable: true
Name: "email"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "family_name"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "given_name"
Required: true
UsernameAttributes:
- email
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
AllowAdminCreateUserOnly: False
UsernameConfiguration:
CaseSensitive: false
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
TemporaryPasswordValidityDays: 30
DeviceConfiguration:
ChallengeRequiredOnNewDevice: false
DeviceOnlyRememberedOnUserPrompt: false
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
UserPoolTags:
product: !Ref Product
If you need more than that, please comment more.
To set phone number as a username:
UsernameAttributes:
- phone_number
and to set phone number as a required attribute:
Schema:
- Name: email
AttributeDataType: String
Required: true
Mutable: true
You can refer https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html to get the detailed information.
Related
I have this SAM template:
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
Passwordless SMS authentication backend using Amazon Cognito User Pools CUSTOM AUTH challenge flow w/ AWS Lambda triggers and Amazon SNS for sending SMS TOTP
Metadata:
AWS::ServerlessRepo::Application:
Name: passwordless-sms-email-auth
Description: >
Passwordless SMS authentication backend using Amazon Cognito User Pools CUSTOM AUTH challenge flow w/ AWS Lambda triggers and Amazon SNS for sending SMS TOTP
SpdxLicenseId: MIT
LicenseUrl: LICENSE
Labels: ['passwordless', 'authentication', 'cognito', 'auth', 'sms', 'iOS', 'mobile', 'pinpoint', 'serverless', 'amplify']
SemanticVersion: 1.14.20
Globals:
Function:
Timeout: 3
Parameters:
UserPoolName:
Type: String
Description: The name you want the User Pool to be created with
Default: rafaelTest
Resources:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Ref UserPoolName
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: true
Required: false
- Name: email
AttributeDataType: String
Mutable: true
Required: false
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
UsernameAttributes:
- phone_number
- email
MfaConfiguration: "OFF"
LambdaConfig:
CreateAuthChallenge: !GetAtt CreateAuthChallenge.Arn
DefineAuthChallenge: !GetAtt DefineAuthChallenge.Arn
PreSignUp: !GetAtt PreSignUp.Arn
VerifyAuthChallengeResponse: !GetAtt VerifyAuthChallengeResponse.Arn
UserPoolClient:
Type: "AWS::Cognito::UserPoolClient"
Properties:
ClientName: sms-auth-client
GenerateSecret: false
UserPoolId: !Ref UserPool
ExplicitAuthFlows:
- CUSTOM_AUTH_FLOW_ONLY
Outputs:
UserPoolId:
Description: ID of the User Pool
Value: !Ref UserPool
UserPoolClientId:
Description: ID of the User Pool Client
Value: !Ref UserPoolClient
When creating the userpool, I wanted users to be able to use either just their email or just their phone as their username.
This way it is done, I always need to send both email and phone number.
Does anyone know how I solve this?
I want users to be able to log in by putting one of the following information:
email + name
phone number + name
Anyone help me?
Users can login with their email or phone number, using this SAM template and use a random uuid as username when sign up.
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Ref UserPoolName
Schema:
- Name: phone_number
AttributeDataType: String
Mutable: true
- Name: email
AttributeDataType: String
Mutable: true
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
AliasAttributes:
- email
- phone_number
MfaConfiguration: "OFF"
But now I need to know with alias users use on sign in, anyone know how?
i'm doing a passwordless flow with cognito and the event on create-auth-lambda triggers is always the same.
I have been trying to add a User Pool using AWS cloud formation template but it fails on the Deploy executechange set stage.
CognitoUsers:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: MoreLinksUsers-pool
UsernameConfiguration:
CaseSensitive: false
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireSymbols: true
RequireUppercase: true
TemporaryPasswordValidityDays: 1
UsernameAttributes:
- email
MfaConfiguration: "OFF"
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: email
ClientAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref CognitoUsers
ClientName: ClientApp
GenerateSecret: false
RefreshTokenValidity: 30
AllowedOAuthFlows:
- code
- implicit
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
# CallbackURLs: !Ref AllowedCallbacks
AllowedOAuthScopes:
- email
- openid
- profile
- aws.cognito.signin.user.admin
AllowedOAuthFlowsUserPoolClient: true
PreventUserExistenceErrors: ENABLED
SupportedIdentityProviders:
- COGNITO
Any attribute that I'm missing? Any advice would be greatly appreciated. Thanks.
I'm using the serverless framework in order to create a Cognito User Pool using the following CloudFormation configuration:
Resources:
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
# Generate a name based on the stage
UserPoolName: ${opt:stage}-user-pool
# Set email as an alias
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
MfaConfiguration: OFF
EmailVerificationMessage: 'message here'
EmailVerificationSubject: 'subject here'
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: true
RequireNumbers: false
RequireSymbols: true
RequireUppercase: true
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: address
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: email
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: family_name
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: gender
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: name
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: phone_number
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: website
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: role
Required: false
EmailConfiguration:
EmailSendingAccount: COGNITO_DEFAULT
# The email is taken from command line arguments, the region and account id through pseudo parameters
SourceArn: "arn:aws:ses:#{AWS::Region}:#{AWS::AccountId}:identity/${env:SES_EMAIL}"
As you can see, the AutoVerifiedAttributes is set to email; so, Cognito should send the verification code through the email configured in SES. But I'm getting the following error in my CI/CD pipeline: User pool does not have SMS configuration to send messages. Any hints of why is this happening?
Found the issue, it was actually not related to the user pool. I had a resource that created the default user, which had not set the DesiredDeliveryMedium property; said property defaults to SMS, setting it to EMAIL solved it.
I think I tried all properties here:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
couldn't get this box checked:
My config currently:
CognitoUserPoolGeneral:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: general
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
Schema:
- AttributeDataType: String
Name: preferredLocale
DeveloperOnlyAttribute: false
Mutable: true
Required: false
EmailVerificationMessage: "Here's your verification code: {####}. Please provide it inside the application."
EmailVerificationSubject: "subject"
You can add
AutoVerifiedAttributes:
- email
To your Properties key, like so:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Sub ${AuthName}-user-pool
AutoVerifiedAttributes:
- email
Policies:.....
For an excellent example of a CloudFormation template that creates Cognito resources, see:
https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
I'm trying to create a user using the Cognito User Pool Console (I'm setting values for the username and the temporary password) but I keep getting this error.
Attributes did not conform to the schema: birthdate: Number must be no longer than 10 characters (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 98f3de9e-5ce3-11e7-98e8-9d0c69d31df9)
The User Pool is created with the following using serverless
Type: AWS::Cognito::UserPool
DeletionPolicy: Retain
Properties:
UserPoolName: employees
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
Schema:
- Name: "picture"
AttributeDataType: String
Mutable: true
Required: false
- Name: "given_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "middle_name"
AttributeDataType: String
Mutable: true
Required: false
- Name: "family_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "address"
AttributeDataType: String
Mutable: true
Required: false
- Name: "birthdate"
AttributeDataType: String
Mutable: true
Required: true
- Name: "gender"
AttributeDataType: String
Mutable: true
Required: true
It must be quite late but try below code, I defined the MinLength and MaxLength:
Type: AWS::Cognito::UserPool
DeletionPolicy: Retain
Properties:
UserPoolName: employees
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
Schema:
- Name: "picture"
AttributeDataType: String
Mutable: true
Required: false
- Name: "given_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "middle_name"
AttributeDataType: String
Mutable: true
Required: false
- Name: "family_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "address"
AttributeDataType: String
Mutable: true
Required: false
- Name: "birthdate"
AttributeDataType: String
Mutable: true
Required: true
DeveloperOnlyAttribute: false
StringAttributeConstraints:
MinLength: "10"
MaxLength: "10"
- Name: "gender"
AttributeDataType: String
Mutable: true
Required: true