Add user_attribute_update_settings to user pool

lgallard / terraform-aws-cognito-user-pool

Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.

Apache License 2.0

93 stars 95 forks source link

Add user_attribute_update_settings to user pool #107

Closed endrec closed 1 year ago

endrec commented 1 year ago

This PR adds handling for the user_attribute_update_settings option It is a recent addition to the AWS provider, see https://github.com/hashicorp/terraform-provider-aws/issues/26726

endrec commented 1 year ago

@lgallard for some reason I can't add reviewers to this PR. Can you please have a look, and merge it if you think it's worthy?

lgallard commented 1 year ago

@endrec for documenting the examples, I assume it should be used as follows:

 auto_verified_attributes   = ["email", "phone_number"]
 user_attribute_update_settings = { 
 attributes_require_verification_before_update =  ["email", "phone_number" ]
 }

According to the code, we can also omit the user_attribute_update_settings declaration and it will take the same value as in auto_verified_attributes.

Let me know if I'm wrong. Mean while I'll be merging it!

endrec commented 1 year ago

Thank you for the merge, really appreciated.

According to the code, we can also omit the user_attribute_update_settings declaration and it will take the same value as in auto_verified_attributes.

In my understanding, you can specify a subset of auto_verified_attributes in attributes_require_verification_before_update.

So, you can have both email and phone number auto-verified, but you only require email to be re-validated before updating it:

 auto_verified_attributes   = [ "email", "phone_number" ]
 user_attribute_update_settings = { 
   attributes_require_verification_before_update =  [ "email" ]
 }