A change was merged previously to CDK to support a workaround for getting the client secret. This custom resource requires someone deploying a stack with only cognito to have a VPC attachment to the custom resource for accounts with SCPs limiting lambdas to have to run in a VPC.
Describe the bug
A change was merged previously to CDK to support a workaround for getting the client secret. This custom resource requires someone deploying a stack with only cognito to have a VPC attachment to the custom resource for accounts with SCPs limiting lambdas to have to run in a VPC.
Expected Behavior
Native CFN is used to get Cognito Client Secrets
Current Behavior
As implemented here, a custom resource is used to get the client secret: https://github.com/aws/aws-cdk/pull/21262/files#diff-9713362aa6af827d0bf2a8c68319b5bb9c74f888f9ab417266ff1b98aa121ae2R429
Reproduction Steps
create a cognito app client w/ secret
Possible Solution
Since the CFN Attribute was fixed in 2023, Remove the custom resource and instead generate the following CFN during synth to access the client secret:
Additional Information/Context
No response
CDK CLI Version
2.117.0
Framework Version
No response
Node.js Version
v18.17.1
OS
OSX Sonoma
Language
Python
Language Version
3.10.11
Other information
No response