From d4da5d16359c1f91d492f62bc797fdfe5f43f41b Mon Sep 17 00:00:00 2001 From: Anton Stolov Date: Sun, 19 Mar 2023 22:46:28 +0200 Subject: [PATCH 1/5] Update main.tf Added 'attributes_require_verification_before_update' parameter --- main.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main.tf b/main.tf index 086d614..bfb5869 100644 --- a/main.tf +++ b/main.tf @@ -27,6 +27,10 @@ resource "aws_cognito_user_pool" "user_pool" { mfa_configuration = var.mfa_configuration + user_attribute_update_settings { + attributes_require_verification_before_update = var.attributes_require_verification_before_update + } + password_policy { minimum_length = var.password_minimum_length require_lowercase = var.password_require_lowercase From aa8cca3d1d5c4c588733e6e9d05683e87d5b2f74 Mon Sep 17 00:00:00 2001 From: Anton Stolov Date: Sun, 19 Mar 2023 22:50:21 +0200 Subject: [PATCH 2/5] Update variables.tf Added `attributes_require_verification_before_update` variable. --- variables.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/variables.tf b/variables.tf index 30b0b1d..004c4c2 100644 --- a/variables.tf +++ b/variables.tf @@ -252,6 +252,14 @@ variable "auto_verified_attributes" { ] } +variable "attributes_require_verification_before_update" { + type = set(string) + description = "(Required) A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number." + default = [ + "email" + ] +} + variable "account_recovery_mechanisms" { type = any description = "(Optional) A list of recovery_mechanisms which are defined by a `name` and its `priority`. Valid values for `name` are veri fied_email, verified_phone_number, and admin_only." From 739a4cf1edfe4c4db4f77c7b4e8db2c9f76cb07d Mon Sep 17 00:00:00 2001 From: Anton Stolov Date: Mon, 20 Mar 2023 00:05:24 +0200 Subject: [PATCH 3/5] Update README.md Added `user_attribute_update_settings` section description. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 99926dc..907fc00 100644 --- a/README.md +++ b/README.md @@ -251,6 +251,12 @@ for details and use-cases. Default is `1`. + [**`attributes_require_verification_before_update`**](#var-attributes_require_verification_before_update): *(Optional `string`)* + + A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number. When you update the value of an email or phone number attribute, your user must verify the new value. Until they verify the new value, they can receive messages and sign in with the original value. If you don't turn on this feature, your user can't sign in with that attribute before they verify the new value. + + Default is `["email"]`. + - [**`allow_software_mfa_token`**](#var-allow_software_mfa_token): *(Optional `bool`)* Boolean whether to enable software token Multi-Factor Authentication (MFA) tokens, such as Time-Based One-Time Password (TOTP). To disable software token MFA when `sms_configuration` is not present, the `mfa_configuration` argument must be set to `OFF` and the `software_token_mfa_configuration` configuration block must be fully removed. From 39dfedc8f98dc24e9bc8805bfdd447d5606d483f Mon Sep 17 00:00:00 2001 From: Anton Stolov Date: Sat, 22 Apr 2023 06:41:35 +0300 Subject: [PATCH 4/5] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index bfb5869..8c0d90b 100644 --- a/main.tf +++ b/main.tf @@ -215,7 +215,7 @@ locals { } resource "aws_cognito_user_pool_client" "client" { - for_each = var.module_enabled ? local.clients : {} + var.module_enabled ? local.clients : map(object({})) name = each.key From 9c59db7fa835151df1e7c2f3cb5ad86e52108904 Mon Sep 17 00:00:00 2001 From: Anton Stolov Date: Sat, 22 Apr 2023 06:57:35 +0300 Subject: [PATCH 5/5] Update main.tf fix cognito resource for_each meta-argument --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 8c0d90b..eab787a 100644 --- a/main.tf +++ b/main.tf @@ -215,7 +215,7 @@ locals { } resource "aws_cognito_user_pool_client" "client" { - var.module_enabled ? local.clients : map(object({})) + for_each = var.module_enabled ? local.clients : map(object({})) name = each.key