Open josefaidt opened 3 months ago
System: OS: macOS 14.5 CPU: (10) arm64 Apple M1 Pro Memory: 98.95 MB / 32.00 GB Shell: /opt/homebrew/bin/fish Binaries: Node: 20.14.0 - ~/.local/state/fnm_multishells/44106_1718394805068/bin/node Yarn: undefined - undefined npm: 10.7.0 - ~/.local/state/fnm_multishells/44106_1718394805068/bin/npm pnpm: 9.1.4 - ~/.local/state/fnm_multishells/44106_1718394805068/bin/pnpm NPM Packages: @aws-amplify/backend: 1.0.3 @aws-amplify/backend-cli: 1.0.4 aws-amplify: 6.3.6 aws-cdk: 2.144.0 aws-cdk-lib: 2.144.0 typescript: 5.4.5 AWS environment variables: AWS_PROFILE = josef-gen2 AWS_STS_REGIONAL_ENDPOINTS = regional AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1 AWS_SDK_LOAD_CONFIG = 1 No CDK environment variables
As a developer building an enterprise microsite, or an application using my existing enterprise identity provider with SAML, etc., I want to disable self sign-up on the Cognito User Pool and force end users to authenticate via SAML.
Today I can disable using CDK:
// amplify/backend.ts import { defineBackend } from "@aws-amplify/backend" import { auth } from "./auth/resource" const backend = defineBackend({ auth, }) const { cfnUserPool } = backend.auth.resources.cfnResources cfnUserPool.adminCreateUserConfig = { // disables self sign-up for non-federated users allowAdminCreateUserOnly: true, }
However the property name to modify is a bit ambiguous compared to the construct prop selfSignUpEnabled.
selfSignUpEnabled
Consider surfacing a method on backend.auth to easily disable
backend.auth
// amplify/backend.ts import { defineBackend } from "@aws-amplify/backend" import { auth } from "./auth/resource" const backend = defineBackend({ auth, }) backend.auth.disableSelfSignUp()
Or provide a way of configuring an external provider without also enabling email sign-in by default
email
// amplify/auth/resource.ts import { defineAuth } from "@aws-amplify/backend" export const auth = defineAuth({ loginWith: { // not specifying `email` here implicitly disables self sign-up externalProviders: { /* details */ } } })
Marking this as feature request.
Environment information
Description
As a developer building an enterprise microsite, or an application using my existing enterprise identity provider with SAML, etc., I want to disable self sign-up on the Cognito User Pool and force end users to authenticate via SAML.
Today I can disable using CDK:
However the property name to modify is a bit ambiguous compared to the construct prop
selfSignUpEnabled
.Consider surfacing a method on
backend.auth
to easily disableOr provide a way of configuring an external provider without also enabling
email
sign-in by default