Creating aws cognito user pool using terraform disables email validation

2
votes

I am creating a cognito user pool using terraform 0.12.20.

I want to enable email verification by sending a code to the users email. I can see how to do this in the UI but not using terraform. The cognito API documentation doesn't seem to have any reference to enabling verification.

My terraform resource is:

resource "aws_cognito_user_pool" "pool" {
  name = "pool"

  username_attributes = ["email"]

  lambda_config {
    pre_sign_up = var.pre_sign_up_lambda.arn
  }

  verification_message_template {
    default_email_option = "CONFIRM_WITH_CODE"
  }

  email_configuration {
    email_sending_account = "COGNITO_DEFAULT"
  }

  password_policy {
    minimum_length    = 8
    require_lowercase = true
    require_numbers   = true
    require_symbols   = true
    require_uppercase = true
  }
}
2
terraformamazon-cognitoterraform-provider-aws

2 Answers

2
votes

After some trial and error it appears I was understanding the documentation incorrectly.

There is a auto_verified_attributes of the aws_cognito_user_pool resource. This is a list of attributes that you want to enable verification for.

For example, in my resource above I would need to add auto_verified_attributes = ["email"] which enables email verification with a code.

0
votes

i also had the same issue and the auto_verified_attributes worked for me as well but the documentation says something different:

auto_verified_attributes - (Optional) The attributes to be auto-verified. Possible values: email, phone_number.