AWS Cognito - How to create pool allowing sign up with email address, using CloudFormation?

Asked 7/10, 2017 at 11:42 Answered 31/3, 2023 at 14:0

Solved amazon-web-services aws-cloudformation serverless-framework amazon-cognito

I am attempting to create a UserPool using CloudFormation syntax, but I am unable to find which property I need to set in order to create the pool with email address sign up. How do I specify this?

As you can see in the screenshot, by default the pool is created with Usernames.

Here's my current pool config;

MyPool:
  Type: "AWS::Cognito::UserPool"
  Properties:
    Schema:
      - Name: sub
        StringAttributeConstraints:
          MinLength: '1'
          MaxLength: '2048'
        DeveloperOnlyAttribute: false
        Required: true
        AttributeDataType: String
        Mutable: false
      - Name: name
        StringAttributeConstraints:
          MinLength: '0'
          MaxLength: '2048'
        DeveloperOnlyAttribute: false
        Required: false
        AttributeDataType: String
        Mutable: true
      - Name: updated_at
        NumberAttributeConstraints:
          MinValue: '0'
        DeveloperOnlyAttribute: false
        Required: false
        AttributeDataType: Number
        Mutable: true
    UserPoolName: ${self:provider.environment.PARTNER_POOL}
    EmailVerificationMessage: 'Please click the link below to verify your email address.
        {####} '
    EmailVerificationSubject: Your verification link
    SmsAuthenticationMessage: 'Your authentication code is {####}. '
    DeviceConfiguration:
      ChallengeRequiredOnNewDevice: false
      DeviceOnlyRememberedOnUserPrompt: false
    AdminCreateUserConfig:
      InviteMessageTemplate:
        EmailMessage: 'Your username is {username} and temporary password is {####}. '
        EmailSubject: Your temporary password
        SMSMessage: 'Your username is {username} and temporary password is {####}. '
      UnusedAccountValidityDays: 7
      AllowAdminCreateUserOnly: false
    EmailConfiguration: {}
    AutoVerifiedAttributes:
      - email
    Policies:
      PasswordPolicy:
        RequireLowercase: false
        RequireSymbols: false
        RequireNumbers: true
        MinimumLength: 8
        RequireUppercase: false
    AliasAttributes:
      - email

Edgardoedge answered 7/10, 2017 at 11:42 Comment(2)

There's two ways to do it. One is by creating surrogate usernames (as uuids) and using email as an alias. The other way is to just put the email address as the user name and Cognito will work it out. Which one are you attempting? – Rashidarashidi 8/10, 2017 at 23:5

Emails as usernames seems like the best approach, I’ll give that a go. Thanks! – Edgardoedge 8/10, 2017 at 23:41

The ability to configure user pool with the new SignUp flow options is not yet supported through CloudFormation. The parameter that is used to specify the email or phone number only options is UsernameAttributes.

We will add this as a +1 to the feature request to support this with CloudFormation.

Trochee answered 11/10, 2017 at 13:43 Comment(1)

Any update on this? No way around it? Trying to handle my user pool via Cloudformation with the Serverless CLI. – Kal 31/10, 2017 at 21:56

You need to set the AliasAttributes.

AWS::Cognito::UserPool -> AliasAttributes

Here a sample CloudFormation template:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  UserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      AliasAttributes:
        - email
      UserPoolName:
        Ref: AWS::StackName

Emptor answered 7/10, 2017 at 12:31 Comment(3)

I have this property set, and I can set it when signing up, however it doesn’t cause the pool to be in “email or mobile number sign up” mode and still required a username when signing up. At present, I am providing a uuid as the username but I’m unsure of best practices. – Edgardoedge 7/10, 2017 at 12:45

Then you need to specify that email is one of the AutoVerifiedAttributes. – Rashidarashidi 8/10, 2017 at 0:8

@TrentBartlem It's already set. I've updated my OP with the config I'm using. – Edgardoedge 8/10, 2017 at 10:36

The ability to configure user pool with the new SignUp flow options is now supported through CloudFormation.

AWS::Cognito::UserPool -> UsernameAttributes like so,

    UserPool:
        Type: AWS::Cognito::UserPool
        Properties:
            UsernameAttributes: 
                - email

Yourself answered 8/10, 2019 at 8:25 Comment(0)

Works for me even on updating UserPool via CloudFormation template:

  Type: AWS::Cognito::UserPool
  Properties:
    AutoVerifiedAttributes:
      - email
    ## You can also change sign-up method from via code to via link. 
    VerificationMessageTemplate:
      DefaultEmailOption: CONFIRM_WITH_LINK

More configuration options available in the official AWS docs.

Hesitate answered 31/3, 2023 at 14:0 Comment(0)

Recommended topics

Hot tags