Cognito feature to enable PreventUserExistenceErrors for user pool clients.

[realanmup]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Cognito user pools now support a flag that prevents Cognito from raising errors that can be used to verify the existence of a user. This flag is currently set to legacy/false. It should be set to true to improve the security of application from fishing attacks. Till now, i couldn't find any key to work on that.
There is note from aws that:

After January 1st 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created User Pool Clients if no value is provided.

but we should be able to control it anyways.

New or Affected Resource(s)

• aws_cognito_user_pool_client

Potential Terraform Configuration

prevent_user_existence_errors = "enabled" | "legacy"

References

• https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
• https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html
• https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html

[hildoer]

+1

[claydanford]

@realanmup @hildoer Please see #11604

[alkis-hexa]

+1

[bflad]

Support for this functionality has been merged and will release with version 2.54.0 of the Terraform AWS Provider, later this week. Thanks to @claydanford for the implementation. 👍

[ghost]

This has been released in version 2.54.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!