search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.8k stars 819 forks source link

Create cognito user pool with AllowAdminCreateUserOnly=true #2187

Open DanielMuller opened 4 years ago

DanielMuller commented 4 years ago

Is your feature request related to a problem? Please describe. For partner or intranet dashboards/apps, I want to disable user sign-up and only allow admins to create users. User will then be added via an alternate way to the pool (AWS-CLI, Cognito console, alternate app). amplify add auth doesn't allow me to do that

Is there a way to do this with custom CF templates? I didn't find out how to do this, if there is a solution, can you point me to it?

Describe the solution you'd like When asked about the type of pool, I would like to see another option: Admin sign-up, sign-in, connected with AWS IAM ..._

It could also be a standalone question, but only when Federation won't be setup. I don't think you can have federation and admin-sign-up?

Describe alternatives you've considered

Additional context This could perhaps have been a comment on RFC #766, but the thread is so big already and seems to be more dealing with administrative tasks than Cloudformation setup.

yuth commented 4 years ago

Amplify CLI does not support this yet. I am marking this as feature request.

But you could update your cloudformation to include this. I would like to call out that if you run amplify auth update these changes will be overwritten. 

AWSTemplateFormatVersion: 2010-09-09

Parameters:
    # ...Params

Conditions:
    ShouldNotCreateEnvResources: !Equals [!Ref env, NONE]

Resources:
    # existing resources

    # BEGIN USER POOL RESOURCES
    UserPool:
        # Created upon user selection
        # Depends on SNS Role for Arn if MFA is enabled
        Type: AWS::Cognito::UserPool
        UpdateReplacePolicy: Retain
        Properties:
            # existing properties

            AutoVerifiedAttributes: !Ref autoVerifiedAttributes
            # Add this to make admin only
            AdminCreateUserConfig:
                AllowAdminCreateUserOnly: True
                InviteMessageTemplate:
                    EmailMessage: Your user name is {username} and temporary password is {####}
                    EmailSubject: Join my site
                    SMSMessage: Your user name is {username} and temporary password is {####}
                UnusedAccountValidityDays: 7
DanielMuller commented 4 years ago

This worked, thanks. But as you said amplify auth update will cancel my changes. As long as all devs are aware of it, it's doable.

lukeburns commented 3 years ago

Is there a way to make custom cloudformation changes so that it's not overwritten by the CLI?

kaustavghosh06 commented 3 years ago

@lukeburns Currently that's not possible for the auth category - for not overwriting on an update, but this is a feature request that our took can look into. cc @renebrandel

AndreasEK commented 2 years ago

With the new override feature with amplify 7.0.0 and later, even the possibility to extend the template manually is gone, is that correct? Or how could I bring back the custom invitation messages?

psabharwal123 commented 1 year ago

any update on this?