search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.71k stars 3.93k forks source link

Cognito: Passwordless authentication support #32265

Open ataylorme opened 4 days ago

ataylorme commented 4 days ago

Describe the feature

Support Cognito managed passwordless login as described in this doc

Use Case

I would like to configure Cognito to manage passwordless authentication in my AWS CDK project.

I am stuck on the PoliciesProperty not supporting SignInPolicy

This type is generated from the CloudFormation user pools policy type which is in turn generated from the create user pool request

The create user pool request type is updated but the generated CloudFormation and CDK types stemming from it are not updated.

This seems to be a new feature released on November 22nd, 2024.

I expect auto generated types to be updated 24 hours later.

Proposed Solution

Update Cognito CDK to support the new Congito passwordless authentication features.

Other Information

No response

Acknowledgements

CDK version used

NodeJS aws-cdk-lib 2.170.0

Environment details (OS name and version, etc.)

Node 22

ataylorme commented 4 days ago

I might be missing something in the chain that goes from Cognito API requests to CDK. It looks like the AWS JavaScript SDK method for createUserPool doesn't have the passwordless fields either

I can create things in the console but this negates the benefits of Infrastructure as Code

pahud commented 3 days ago

Thank you for your feature request. To support that, we'll first need CloudFormation support.

Just checked https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-policies.html but unfortunately I can't find relevant support.

Please help the CFN team prioritize by create a feature request at cloudformation-coverage-roadmap, as soon as CFN rolls out the support, CDK should be ready to get it supported as well.

ataylorme commented 3 days ago

I opened #2200 there but I would request that AWS collaborate on support across teams internally.

The burden for starting the process of updating CloudFormation and CDK after Cognito API changes shouldn't fall to users. If anything, AWS can improve internal collaboration so support is launched along side new features, not lagging behind

BwL1289 commented 1 day ago

+1. Adding a link to https://github.com/aws-samples/amazon-cognito-passwordless-auth/blob/main/cdk/lib/cognito-passwordless.ts for more context.

Tietew commented 17 hours ago

CloudFormation support seems to be shipped. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-signinpolicy.html

L1 construct will be updated in a few days.