A Terraform module to create and manage Cognito User Pools (Simple and Secure User Sign-Up, Sign-In, and Access Control) on Amazon Web Services (AWS). https://aws.amazon.com/cognito
License: Apache License 2.0
It seems that current aws provider is constrained as aws = ">= 3.50, < 4.0". AWS Provider 4.0.0 has released today. Would you please a cut compatible release please?
I am unable to use device tracking currently because of the limitation it places on using refresh tokens.
I am able to successfully turn device tracking off by using this combination of parameters
device_only_remembered_on_user_prompt = null
challenge_required_on_new_device = nullbut the result is that a change is always detected:
Alternatively I could open a PR? Maybe add an enable_device_tracking boolean parameter that would omit the device_configuration block if false?
According to this README.md file, the second link (user-pool-with-default-settings/ ) contains examples of cognito user pool with default settings. But it is wrongly labelled as "Deploy a Cognito User Pool with custom settings."
This needs to be fixed.
Original Text => Deploy a Cognito User Pool with custom settings.
Text after fix => Deploy a Cognito User Pool with default settings.
Hello!
Guys, I can't find this in the module, what parameter is responsible for enabling this feature?
Hey,
i wanted to clarify regarding the usage of using Cognito with MFA token.
mfa_configuration = "ON"
allow_software_mfa_token = true
Does this require the block for software_token_mfa_configuration?
software_token_mfa_configuration {
enabled = true
}
If i add this i keep running into:
Error: Unsupported block type
Blocks of type "software_token_mfa_configuration" are not expected here.
Is this a version issue with my TF or where might i have to potentially look there to enable this feature?
Hi,
I've encountered an issue while running Terraform, and it appears to be related to the provider requirements in the versions.tf file of my module. The error I'm encountering is:
Finding hashicorp/aws versions matching ">= 3.50, < 5.0"...
Error: Failed to query available provider packages
Could not retrieve the list of available versions for provider hashicorp/aws: no available releases match the given constraints >= 3.50, < 5.0
Upon reviewing the code, I noticed that the required_providers block in versions.tf file is specified as follows:
terraform {
required_version = ">= 0.12.20, < 2.0"
required_providers {
aws = ">= 3.50, < 5.0"
}
}
However, it seems there's an issue with this version specification, as I'm getting an error when running Terraform. I propose updating the required_providers block in the versions.tf file as follows:
terraform {
required_version = ">= 0.12.20, < 2.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.50"
}
}
}
This modification should resolve the issue and ensure the correct resolution of AWS provider versions.
Thank you for your attention.
Hey, I try to use the module to create a fresh Cognito User Pool. The terraform plan -refresh-only fails with
Terraform v1.1.3
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
╷
│ Error: Unsupported attribute
│
│ on .terraform/modules/aws-cognito-user-pool/outputs.tf line 16, in locals:
│ 16: tags = local.o_user_pool_tags != null ? local.user_pool.tags : {}
│ ├────────────────
│ │ local.user_pool is object with no attributes
│
│ This object does not have an attribute named "tags".
╵Provider: hashicorp/aws v3.74.3
For me that looks like a bug or do I wrongly used something?
I just upgraded the Terraform version into 0.14 and it couldn't work with this source code anymore.
So, can you please resolve that issue?
According to the readme:
email_message_by_link: (Optional string)
The email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder. Default is "Please click the link below to verify your email address. {##Verify Email##}.".
How come {##Click Here##} is mandatory yet the default doesn't contain it?
Nice module, saved me quite a lot of time and confusion setting up cognito in terraform!
I am creating a single client and wanted to output its id for further downstream tasks to use. The readme states that clients is a list, so I would have expected this to work:
output "cognito_app_client_id" {
value = element(module.cognito_user_pool.clients,0).id
}
However, it seems that clients is in fact a map, so I needed to output using this:
output "cognito_app_client_id" {
value = lookup(module.cognito_user_pool.clients, "my-client-name").id
}
Hello,
Seems the custom sms sender not supported. for now we are adding custom sms sender manually.
e.g
aws cognito-idp update-user-pool --lambda-config "CustomSMSSender={LambdaVersion=V1_0,LambdaArn="XXXXXX:custom_sms_sender-dev"},KMSKeyID=XXXX" --user-pool-id eu-central-1_XXXX --profile XXXXX
It seems that we are not treating the default values in the right way. Setting nonexisting values to null will the recreation of some resources on every run.
Hi!
Guys, I try to add to my pool custom domain, but any time faced with errors like:
Error: Error creating Cognito User Pool Domain: InvalidParameterException: The domain name contains an invalid character. Domain names can only contain lower-case letters, numbers, and hyphens. Please enter a different name that follows this format: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$
and
Error: Error creating Cognito User Pool Domain: InvalidParameterException: Domain already associated with another user pool.
The last answer it is if I use only subdomain without my main domain, this answer I understood affilated wif used internal aws domain (but any my subdomain is already used anyway).
But my question is, any examples for cognito custom domain?
A recent update to AWS provider added a cognito setting:
hashicorp/terraform-provider-aws#12444
As a consequence, mineiros cognito module is no longer idempotent
- account_recovery_setting {
}
Nice module, saved me quite a lot of time and confusion setting up cognito in terraform!
I am creating a single client and wanted to output its id for further downstream tasks to use. The readme states that clients is a list, so I would have expected this to work:
output "cognito_app_client_id" {
value = element(module.cognito_user_pool.clients,0).id
}
However, it seems that clients is in fact a map, so I needed to output using this:
output "cognito_app_client_id" {
value = lookup(module.cognito_user_pool.clients, "my-client-name").id
}
Currently only refresh tokens are available to set, is it possible to update the code and refresh access and id tokens as well? or use token_validity_units?
If a non-null value is passed in the alias_attributes variable, it is incorrectly passed as null to aws_cognito_user_pool.
I am using this module and getting this error.
on .terraform/modules/cognito_user_pool.cognito_user_pool/main.tf line 236, in resource "aws_cognito_user_pool_client" "client":
236: for_each = length(each.value.token_validity_units) > 0 ? [true] : []
|----------------
| each.value.token_validity_units is null
Invalid value for "value" parameter: argument must not be null.```
After upgrade to latest terraform, some of my user pools are invalid. I have errors like this:
│ Error: Inconsistent conditional result types
│
│ on .terraform/modules/acme_user_pool/main.tf line 214, in resource "aws_cognito_user_pool_client" "client":
│ 214: for_each = var.module_enabled ? local.clients : {}
│ ├────────────────
│ │ local.clients is object with 2 attributes
│
│ The true result value has the wrong type: attribute types must all match for conversion to map.
If I hotpatch the code to look like this, it fixes this for me.
for_each = var.module_enabled ? local.clients : map(object({}))I am not sure if there is an error in my configuration or if this is a legitimate fix for this issue. I can open a PR if needed
Some app clients require assigning custom scopes to client users which are based on resource servers declared on the user pool.
I'd like to be able to dynamically declare resource servers and scopes via this module per the AWS Cognito Resource Server terraform documentation.
The syntax I'm envisioning for configuring resource servers might look something like the following:
resource_servers = [
{
identifier = "https://api.resourceserver.com"
name = "API"
scopes = [
{
scope_name = "users:read"
scope_description = "Read user data"
},
{
scope_name = "users:write"
scope_description = "Write user data"
}
]
}
]Error: Unsupported argument
on cognito.tf line 34, in module "cognito_user_pool":
34: device_only_remembered_on_user_prompt = false
An argument named "device_only_remembered_on_user_prompt" is not expected
here.
Seems like this variable is removed but complete example still have this.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.