Closed HariboDev closed 1 month ago
@HariboDev this is indeed a CloudFormation limitation. https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1176
This will be blocked until CloudFormation supports this behavior.
I think this issue can be closed. https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1176 was shipped and CDK works as expected now.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
Using old Cognito console to require MFA on an existing user pool results in an error being thrown and the deployment failing.
However, in the new Cognito console this is possible, but not through the CDK.
Considering that the CDK uses CloudFormation to deploy its resources, I am aware that this could be a CloudFormation bug rather than one with the CDK.
Expected Behavior
Due to it being possible in the new Cognito console, it is expected that the CDK can update the Cognito User Pool MFA settings and set MFA to
required
.Current Behavior
The CDK and CloudFormation return an error stating that MFA cannot be set to
required
on an existing user pool. The stack then fails to deploy.Reproduction Steps
Deploy the below Cognito User Pool:
Then update to include:
Possible Solution
According to the Cognito developer documentation, MFA can only be set as Required when initially creating the user pool. It states to switch to the new console or use the
SetUserPoolMfaConfig
API to set MFA torequired
for an existing user pool.Therefore, should the API used by the CDK to deploy MFA changes be the
SetUserPoolMfaConfig
API?Reference: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html#user-pool-settings-mfa-prerequisites
Additional Information/Context
No response
CDK CLI Version
2.33.0 (build 859272d)
Framework Version
No response
Node.js Version
16.13.2
OS
Ubuntu (Linux)
Language
Typescript
Language Version
TypeScript (3.9.7)
Other information
No response