I'm trying to create a user using the Cognito User Pool Console (I'm setting values for the username and the temporary password) but I keep getting this error.
Attributes did not conform to the schema: birthdate: Number must be no longer than 10 characters (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 98f3de9e-5ce3-11e7-98e8-9d0c69d31df9)
The User Pool is created with the following using serverless
Type: AWS::Cognito::UserPool
DeletionPolicy: Retain
Properties:
UserPoolName: employees
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
Schema:
- Name: "picture"
AttributeDataType: String
Mutable: true
Required: false
- Name: "given_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "middle_name"
AttributeDataType: String
Mutable: true
Required: false
- Name: "family_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "address"
AttributeDataType: String
Mutable: true
Required: false
- Name: "birthdate"
AttributeDataType: String
Mutable: true
Required: true
- Name: "gender"
AttributeDataType: String
Mutable: true
Required: true
It must be quite late but try below code, I defined the MinLength and MaxLength:
Type: AWS::Cognito::UserPool
DeletionPolicy: Retain
Properties:
UserPoolName: employees
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
Schema:
- Name: "picture"
AttributeDataType: String
Mutable: true
Required: false
- Name: "given_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "middle_name"
AttributeDataType: String
Mutable: true
Required: false
- Name: "family_name"
AttributeDataType: String
Mutable: true
Required: true
- Name: "address"
AttributeDataType: String
Mutable: true
Required: false
- Name: "birthdate"
AttributeDataType: String
Mutable: true
Required: true
DeveloperOnlyAttribute: false
StringAttributeConstraints:
MinLength: "10"
MaxLength: "10"
- Name: "gender"
AttributeDataType: String
Mutable: true
Required: true
Related
I have been trying to add a User Pool using AWS cloud formation template but it fails on the Deploy executechange set stage.
CognitoUsers:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: MoreLinksUsers-pool
UsernameConfiguration:
CaseSensitive: false
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireSymbols: true
RequireUppercase: true
TemporaryPasswordValidityDays: 1
UsernameAttributes:
- email
MfaConfiguration: "OFF"
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: email
ClientAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
UserPoolId: !Ref CognitoUsers
ClientName: ClientApp
GenerateSecret: false
RefreshTokenValidity: 30
AllowedOAuthFlows:
- code
- implicit
ExplicitAuthFlows:
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
# CallbackURLs: !Ref AllowedCallbacks
AllowedOAuthScopes:
- email
- openid
- profile
- aws.cognito.signin.user.admin
AllowedOAuthFlowsUserPoolClient: true
PreventUserExistenceErrors: ENABLED
SupportedIdentityProviders:
- COGNITO
Any attribute that I'm missing? Any advice would be greatly appreciated. Thanks.
I am new to AWS and I am trying to create a new user-pool in that i want to achieve the below highlighted settings to be done using Cloud Formation. can you point me in the right direction to achieve this?
Please based on this one to change a bit for you. This is I'm using which is very close to your requirement already.
AWSTemplateFormatVersion: 2010-09-09
Description: >
AWS CloudFormation template to create core infrastructure
Parameters:
Product:
Type: String
Default: "your-product-name"
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: !Join ["-", [!Ref Product, "user-pool"]]
AutoVerifiedAttributes:
- email
Schema:
- AttributeDataType: "String"
Mutable: true
Name: "email"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "family_name"
Required: true
- AttributeDataType: "String"
Mutable: true
Name: "given_name"
Required: true
UsernameAttributes:
- email
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
AllowAdminCreateUserOnly: False
UsernameConfiguration:
CaseSensitive: false
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
TemporaryPasswordValidityDays: 30
DeviceConfiguration:
ChallengeRequiredOnNewDevice: false
DeviceOnlyRememberedOnUserPrompt: false
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
UserPoolTags:
product: !Ref Product
If you need more than that, please comment more.
To set phone number as a username:
UsernameAttributes:
- phone_number
and to set phone number as a required attribute:
Schema:
- Name: email
AttributeDataType: String
Required: true
Mutable: true
You can refer https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html to get the detailed information.
I'm using the serverless framework in order to create a Cognito User Pool using the following CloudFormation configuration:
Resources:
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
# Generate a name based on the stage
UserPoolName: ${opt:stage}-user-pool
# Set email as an alias
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
MfaConfiguration: OFF
EmailVerificationMessage: 'message here'
EmailVerificationSubject: 'subject here'
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: true
RequireNumbers: false
RequireSymbols: true
RequireUppercase: true
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: address
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: email
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: family_name
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: gender
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: name
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: phone_number
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: website
Required: true
- AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Name: role
Required: false
EmailConfiguration:
EmailSendingAccount: COGNITO_DEFAULT
# The email is taken from command line arguments, the region and account id through pseudo parameters
SourceArn: "arn:aws:ses:#{AWS::Region}:#{AWS::AccountId}:identity/${env:SES_EMAIL}"
As you can see, the AutoVerifiedAttributes is set to email; so, Cognito should send the verification code through the email configured in SES. But I'm getting the following error in my CI/CD pipeline: User pool does not have SMS configuration to send messages. Any hints of why is this happening?
Found the issue, it was actually not related to the user pool. I had a resource that created the default user, which had not set the DesiredDeliveryMedium property; said property defaults to SMS, setting it to EMAIL solved it.
I think I tried all properties here:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
couldn't get this box checked:
My config currently:
CognitoUserPoolGeneral:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: general
Policies:
PasswordPolicy:
MinimumLength: 6
RequireLowercase: false
RequireNumbers: false
RequireSymbols: false
RequireUppercase: false
Schema:
- AttributeDataType: String
Name: preferredLocale
DeveloperOnlyAttribute: false
Mutable: true
Required: false
EmailVerificationMessage: "Here's your verification code: {####}. Please provide it inside the application."
EmailVerificationSubject: "subject"
You can add
AutoVerifiedAttributes:
- email
To your Properties key, like so:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: !Sub ${AuthName}-user-pool
AutoVerifiedAttributes:
- email
Policies:.....
For an excellent example of a CloudFormation template that creates Cognito resources, see:
https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
I am attempting to create a UserPool using CloudFormation syntax, but I am unable to find which property I need to set in order to create the pool with email address sign up. How do I specify this?
As you can see in the screenshot, by default the pool is created with Usernames.
Here's my current pool config;
MyPool:
Type: "AWS::Cognito::UserPool"
Properties:
Schema:
- Name: sub
StringAttributeConstraints:
MinLength: '1'
MaxLength: '2048'
DeveloperOnlyAttribute: false
Required: true
AttributeDataType: String
Mutable: false
- Name: name
StringAttributeConstraints:
MinLength: '0'
MaxLength: '2048'
DeveloperOnlyAttribute: false
Required: false
AttributeDataType: String
Mutable: true
- Name: updated_at
NumberAttributeConstraints:
MinValue: '0'
DeveloperOnlyAttribute: false
Required: false
AttributeDataType: Number
Mutable: true
UserPoolName: ${self:provider.environment.PARTNER_POOL}
EmailVerificationMessage: 'Please click the link below to verify your email address.
{####} '
EmailVerificationSubject: Your verification link
SmsAuthenticationMessage: 'Your authentication code is {####}. '
DeviceConfiguration:
ChallengeRequiredOnNewDevice: false
DeviceOnlyRememberedOnUserPrompt: false
AdminCreateUserConfig:
InviteMessageTemplate:
EmailMessage: 'Your username is {username} and temporary password is {####}. '
EmailSubject: Your temporary password
SMSMessage: 'Your username is {username} and temporary password is {####}. '
UnusedAccountValidityDays: 7
AllowAdminCreateUserOnly: false
EmailConfiguration: {}
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
RequireLowercase: false
RequireSymbols: false
RequireNumbers: true
MinimumLength: 8
RequireUppercase: false
AliasAttributes:
- email
The ability to configure user pool with the new SignUp flow options is not yet supported through CloudFormation. The parameter that is used to specify the email or phone number only options is UsernameAttributes.
We will add this as a +1 to the feature request to support this with CloudFormation.
You need to set the AliasAttributes.
AWS::Cognito::UserPool -> AliasAttributes
Here a sample CloudFormation template:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
UserPool:
Type: AWS::Cognito::UserPool
Properties:
AliasAttributes:
- email
UserPoolName:
Ref: AWS::StackName
The ability to configure user pool with the new SignUp flow options is now supported through CloudFormation.
AWS::Cognito::UserPool -> UsernameAttributes like so,
UserPool:
Type: AWS::Cognito::UserPool
Properties:
UsernameAttributes:
- email