search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

Cognito UserPool MFA methods in Cloudformation #1981

Closed shishirTimsina1 closed 3 months ago

shishirTimsina1 commented 3 months ago

Resource Name

AWS::Cognito::UserPool

Details

I can't seem to find a way to enable SMS message and Authenticator apps in Mfa methods for a UserPool, through a CloudFormation template.

image

Through the console it was possible, but I was not able to do it when using a CF template. I could not find anything in the documentation that readily stated how to configure the user pool to have Mfa configuration: Optional, and have the two Mfa methods both enabled. My general question would be, is this possible and if so how? I need both MFA methods, and MFA Optional

A snippet of the code I tried: image

The code snippet above is obviously incomplete, I have run it with it being complete and working before. When I run it without "EnabledMfas" I get the UserPool created with MFA Optional and SMS Message as the MFA method, but no Authenticator Apps.

I would think that the "EnabledMfas" would allow that configuration, but I get an error saying Resource handler returned message: "Invalid request provided: Can't turn off SMS_MFA when SMS configuration is set for the user pool with a required or optional MFAConfiguration."

I dont want to turn of SMS MFA, I would like to have both SMS and Authenticator Apps.

shishirTimsina1 commented 3 months ago

Just wanted to close this as this can be done by having both SOFTWARE_TOKEN_MFA and SMS_MFA in EnabledMfas. This allows both types. The documentation made it seem that I had to choose one or the other.