Open ghferrari opened 6 months ago
Thanks for filing this @ghferrari; My reading of the error message is actually that it's objecting to setting UnusedAccountValidityDays
not complaining about missing TemporaryPasswordValidityDays
. Is there any chance the update you made is modifying UnusedAccountValidityDays
or AdminCreateUserConfig
?
Hi Matt,
My password policy is defined exactly as above and doesn't include UnusedAccountValidityDays
at all. So really, there are two mysteries here:
TemporaryPasswordValidityDays
being absent when it isn't?UnusedAccountValidityDays
when I don't define that in my UserPool?Many thanks for your help - much appreciated.
Thanks for the additional detail @ghferrari.
It's possible that we're sending in a default value somewhere for UnusedAccountValidityDays
, it's also possible that that the API expects the client to send TemporaryPasswordValidityDays
with the update even though it has not changed.
I think our next step to debug will be to try the update from the aws client: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudcontrol/update-resource.html and see if we can figure out what the API expects here.
+1
What happened?
I created an
aws-native.cognito.UserPool
with the following policies:Later when I attempt to make a trivial update to this user pool, I receive the following error:
Since my password policy already uses
TemporaryPasswordValidityDays
, this is a bug.Example
See above
Output of
pulumi about
Additional context
None
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).