This update introduces a systematic approach to managing user inactivity within our AWS Lambda function. It implements a tiered strategy for user notifications and account deactivation/removal based on inactivity duration thresholds: 30, 45, and 90 days. Addresses issue #2458
💠Motivation and Context
The need for this enhancement arises from our commitment to maintaining a secure, active user base and adhering to data management best practices. By proactively managing inactive accounts through notifications, password resets, and eventual removal, we mitigate security risks and comply with data protection standards.
🧪 Testing
Testing was conducted in a controlled environment to simulate user inactivity scenarios. The updated function was verified to:
Notify users of impending deactivation after 30 days of inactivity.
Reset passwords and notify users at the 45-day mark.
Remove user accounts from both AWS Cognito and the database after 90 days, following a notification.
The function accurately identifies inactive users based on the lastLoggedIn timestamp and performs actions without affecting active users. Unit tests were added for the new logic, and integration tests were updated accordingly.
✅ Pre-approval Checklist
[x] Informative, human-readable PR title.
[x] Limited changes to a single goal to avoid scope creep.
[x] Captured all future TODOs in issues with references in code comments.
Enhance Inactive User Account Management
🗣 Description
This update introduces a systematic approach to managing user inactivity within our AWS Lambda function. It implements a tiered strategy for user notifications and account deactivation/removal based on inactivity duration thresholds: 30, 45, and 90 days. Addresses issue #2458
💠Motivation and Context
The need for this enhancement arises from our commitment to maintaining a secure, active user base and adhering to data management best practices. By proactively managing inactive accounts through notifications, password resets, and eventual removal, we mitigate security risks and comply with data protection standards.
🧪 Testing
Testing was conducted in a controlled environment to simulate user inactivity scenarios. The updated function was verified to:
The function accurately identifies inactive users based on the
lastLoggedIn
timestamp and performs actions without affecting active users. Unit tests were added for the new logic, and integration tests were updated accordingly.✅ Pre-approval Checklist
✅ Pre-merge Checklist
✅ Post-merge Checklist