[Enhancement]: Support Email MFA from Cognito User Pools

[whatnick]

Description

AWS Cognito support Email MFA for login verification, however it is not clear how this is configured and how message templates for email messages for MFA are set.

Affected Resource(s) and/or Data Source(s)

• aws_cognito_user_pool

Potential Terraform Configuration

resource "aws_cognito_user_pool" "example" {
  # ... other configuration ...

  mfa_configuration          = "ON"
  sms_authentication_message = "Your code is {####}"
  email_authentication_message = "Your MFA code is {####}"

  sms_configuration {
    external_id    = "example"
    sns_caller_arn = aws_iam_role.example.arn
    sns_region     = "us-east-1"
  }

  email_configuration {
    external_id = "example"
    ses_caller_arn = aws_iam_role.example.arn
    ses_region     = "us-east-1"
  }

  software_token_mfa_configuration {
    enabled = true
  }
}

References

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security-email-mfa.html

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[DrFaust92]

I think you need to use verification_message_template -> default_email_option