Cloudformation-coverage-roadmap: AWS::Cognito::UserPoolClient-Devices

Created on 17 Apr 2020  路  5Comments  路  Source: aws-cloudformation/cloudformation-coverage-roadmap

1. Title

AWS::Cognito::UserPoolClient-Devices-Always/User Opt-In/No

2. Scope of request

Coverage of CRUD actions on the Cognito User Pool Client's "Remember Devices" attribute, which is not yet available via CloudFormation

5. Helpful Links to speed up research and evaluation

This is a followup on AWS CDK issue https://github.com/aws/aws-cdk/issues/7245 for Web Console's UserPool->General Settings->Devices, a.k.a:

"Do you want to remember your user's devices?"

Ska虉rmavbild 2020-04-17 kl 22 20 27

security identity compliance
Source
picture brainstorm

Most helpful comment

Isn't this already available under DeviceConfiguration?

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-deviceconfiguration.html#cfn-cognito-userpool-deviceconfiguration-challengerequiredonnewdevice

Always, MFA Yes

DeviceConfiguration:
  ChallengeRequiredOnNewDevice: true

Always, MFA No

DeviceConfiguration:
  ChallengeRequiredOnNewDevice: false
  DeviceOnlyRememberedOnUserPrompt: false

User Opt In, MFA No

DeviceConfiguration:
  DeviceOnlyRememberedOnUserPrompt: true

User Opt In, MFA Yes

DeviceConfiguration:
  DeviceOnlyRememberedOnUserPrompt: true
  ChallengeRequiredOnNewDevice: true

No

Omit DeviceConfiguration

This domain modeling drives me nuts (see also AccountRecoverySetting). Way more difficult and confusing than it should be in my opinion. Maybe Cognito team is planning for features that may/may not happen. No idea.

picture cmckni3 on 13 Aug 2020
👍6 🚀3 🎉1

All 5 comments

Isn't this already available under DeviceConfiguration?

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-deviceconfiguration.html#cfn-cognito-userpool-deviceconfiguration-challengerequiredonnewdevice

Always, MFA Yes

DeviceConfiguration:
  ChallengeRequiredOnNewDevice: true

Always, MFA No

DeviceConfiguration:
  ChallengeRequiredOnNewDevice: false
  DeviceOnlyRememberedOnUserPrompt: false

User Opt In, MFA No

DeviceConfiguration:
  DeviceOnlyRememberedOnUserPrompt: true

User Opt In, MFA Yes

DeviceConfiguration:
  DeviceOnlyRememberedOnUserPrompt: true
  ChallengeRequiredOnNewDevice: true

No

Omit DeviceConfiguration

This domain modeling drives me nuts (see also AccountRecoverySetting). Way more difficult and confusing than it should be in my opinion. Maybe Cognito team is planning for features that may/may not happen. No idea.

cmckni3 picture cmckni3 on 13 Aug 2020
👍6 🚀3 🎉1

@cmckni3 Thanks for supplying all the permutations for this! Such a frustrating API.

bensie picture bensie on 29 Aug 2020
👍4

Thanks for the help. I was looking for the "No" option

ayozemr picture ayozemr on 13 Nov 2020
👍1

Saved my cloudformation. Thank you.

codelogn picture codelogn on 16 Mar 2021

Thanks for comfirming the solution I was about to implement..
A complementary blog post on how to use that , if required : https://aws.amazon.com/fr/blogs/mobile/tracking-and-remembering-devices-using-amazon-cognito-your-user-pools/

wascou picture wascou on 5 Jun 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

luiseduardocolon picture luiseduardocolon  路  4Comments
mweagle picture mweagle  路  3Comments
fimbulvetr picture fimbulvetr  路  3Comments
hoegertn picture hoegertn  路  4Comments
johnkoehn picture johnkoehn  路  3Comments