Home > Mobile >  How can I enable Cognito 'Email address or phone number' login using Terraform?
How can I enable Cognito 'Email address or phone number' login using Terraform?

Time:08-22

I'm trying to create a new AWS Cognito user pool using Terraform, and currently have the following problem:

I've been trying to get Email address or phone number -> Allow email addresses (shown below in red) selected, instead of what is currently selected (Username -> Also allow sign in with verified email address)

Screenshot of AWS Cognito

The relevant section of my main.tf file looks like this:

resource "aws_cognito_user_pool" "app_cognito_user_pool" {
  name = "app_cognito_user_pool"

  alias_attributes         = ["email"]
  auto_verified_attributes = ["email"]
  account_recovery_setting {
    recovery_mechanism {
      name     = "verified_email"
      priority = 1
    }
  }
}

resource "aws_cognito_user_pool_client" "app_cognito_user_pool_client" {
  name         = "app_cognito_user_pool_client"
  user_pool_id = aws_cognito_user_pool.app_cognito_user_pool.id

  prevent_user_existence_errors = "ENABLED"
  supported_identity_providers  = ["COGNITO"]
}


resource "aws_cognito_user_pool_domain" "app_cognito_user_pool_domain" {
  domain       = "app"
  user_pool_id = aws_cognito_user_pool.app_cognito_user_pool.id
}

No matter what I try, I always get Username, instead of Email address or phone number selected. I want the user pool not to use a username, but use an email address instead.

What Terraform argument(s) or value(s) am I missing?

CodePudding user response:

Only set username_attributes - and not alias_attributes - to ["email"].

Setting alias_attributes specifies the 'top part' i.e. Also sign in with verified email address / phone number.

It specifies the extra (alias) ways you can sign in, in addition to the username.

Setting username_attributes specifies the 'bottom part' i.e. Allow email addresses / phone numbers / both email addresses and phone numbers ...

It specifies what to use instead of the username.

Unset alias_attributes (as it conflicts with username_attributes) & then set `username_attributes' to one of the following:

  1. [“email”] - Allow email addresses
  2. [“phone_number”] - Allow phone numbers
  3. [“email”, “phone_number”] - Allow both email addresses and phone numbers (users can choose one

In your case, you need to set username_attributes to ["email"].

This should work:

resource "aws_cognito_user_pool" "app_cognito_user_pool" {
  name = "app_cognito_user_pool"

  username_attributes      = ["email"]
  auto_verified_attributes = ["email"]
  account_recovery_setting {
    recovery_mechanism {
      name     = "verified_email"
      priority = 1
    }
  }
}
...

Page link:https//www.codepudding.com/Mobile/518600.html

Prev:How to specify KMS VPC endpoint url using Boto3?
Next:AWS CDK: Use Previous Build for Deployment
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding