Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UserPool props option to disable creation of SMS role #6730

Closed
2 tasks
fractionalJoe opened this issue Mar 15, 2020 · 2 comments
Closed
2 tasks

UserPool props option to disable creation of SMS role #6730

fractionalJoe opened this issue Mar 15, 2020 · 2 comments
Assignees
@nija-at
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md

Comments

@fractionalJoe
Copy link

Currently, UserPool creates an IAM role for SMS communication (using SNS) if a role is not supplied via the smsRole property in the props. I propose adding a way to prevent the creation of that role without supplying a role.

Use Case

The UserPool I maintain does not store a phone number and so does not provide SMS messaging. Our security posture is very conservative, so that autogenerated roles and policies are not allowed. This requires the security team to create and document an empty role, for my UserPool to reference. Needless to say this is a frowned upon practice. Adding this feature would remove this workaround.

Proposed Solution

I propose that the smsRole be of type string | IRole.

  • If smsRole === "DEFAULT", then the UserPool is generated as it is today when smsRole is undefined and a role is created.
  • If smsRole is of type IRole, then the UserPool is generated as it is today when a role is provided through smsRole, where no role is created and the provided role is referenced in the templates SmsConfiguration.
  • If smsRole === NONE, then the UserPool is generated without the following properties in the template: SmsConfiguration, SmsVerificationMessage, VerificationMessageTemplate.SmsMessage

Additionally, an enum could be created for these smsRole values.

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@fractionalJoe fractionalJoe added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 15, 2020
@SomayaB SomayaB added the @aws-cdk/aws-cognito Related to Amazon Cognito label Mar 31, 2020
@nija-at nija-at added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md and removed needs-triage This issue or PR still needs to be triaged. labels Apr 1, 2020
@ryaeng
Copy link

ryaeng commented Apr 16, 2020

This is a duplicate of #6943

@nija-at
Copy link
Contributor

nija-at commented Apr 16, 2020

Closing since this is a duplicate

@nija-at nija-at closed this as completed Apr 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nija-at nija-at

Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fractionalJoe @nija-at @ryaeng @SomayaB