How to enable Cognito's "Attribute verification and user account confirmation" from cloudformation
I've been reading back and forth AWS documentations, but I am not able to find how to proper set the settings shown in the image below using cloudformation template. What I want to achieve is that, when a user signs up, Cognito sends an automatic email with a custom template presenting the user with the code to confirm its account.
The template.yml below creates a resource with:
Allow Cognito to automatically send messages to verify and confirm
Disabled
And it looks like:
# Create Cognito UserPool (i.e., the table with the users)
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: auth-template-user-pool
UsernameAttributes:
- email
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_CODE
EmailConfiguration:
EmailSendingAccount: COGNITO_DEFAULT
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: family_name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: false
Required: true
I thought the keys VerificationMessageTemplate and EmailConfiguration would do the job, but no email is received. However, when using the settings displayed in the image above, I do receive the confirmation code.
I think the key name (AutoVerifiedAttributes) for this feature is quite misleading since it may suggest that the attributes listed are auto-verified once a user has signed up.
Therefore, adding:
AutoVerifiedAttributes:
- email
does the job. Finally, the template must look like:
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: auth-template-user-pool
UsernameAttributes:
- email
AutoVerifiedAttributes:
- email
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_CODE
EmailConfiguration:
EmailSendingAccount: COGNITO_DEFAULT
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function
- AWS ElasticBeanstalk EC2 Termination Protection
- Allowing AWS Cognito Users to authentication to JIRA via SAML/SSO (Domain Not found)
- Install pgAgent on AWS RDS for Postgres
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- List all parameters in AWS SSM Parameter Store
- AWS push_down_predicate not working with DynamoDb
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- AWS ECS agent won't start
- AWS VPC (Virtual Private Cloud), rapidly increasing expenses
- SemaphoreCI OIDC AWS connection
- Can't delete AWS internet Gateway
- How to provide multiple StringNotEquals conditions in AWS policy?
- Not able to get ECS fargate metrics on Datadog
- 502 "Internal Server Error" with API Gateway + Lambda when deploying
- Java Springboot application not able to connect to AWS Elasticache Valkey Cache (Serverless)
- Splitting PDF with PyPDF2 in Lambda function
- "libdbus-glib-1.so.2: cannot open shared object file: No such file or directory"
- Partial credentials found in env, missing: AWS_SECRET_ACCESS_KEY
- Best way to store Firebase admin private key file for AWS lambda
- AWS Elastic Beanstalk and Secret Manager
- Unable to upload data using sagemaker_session.upload_data in s3 bucket that I created, it is getting stored in default s3 bucket
- Parse Aws IoT message in python
- How to temporarily switch profiles for AWS CLI?
- Python Sqlalchemy insert data into AWS Redshift
- Using AWS Bedrock Prompt Management with InvokeCommand
- How to skip IAM change confirmation during a cdk deploy?
- Restarting AWS lambda function to clear cache