Terraform-provider-aws: Cognito feature to enable PreventUserExistenceErrors for user pool clients.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Cognito user pools now support a flag that prevents Cognito from raising errors that can be used to verify the existence of a user. This flag is currently set to legacy/false. It should be set to true to improve the security of application from fishing attacks. Till now, i couldn't find any key to work on that.
There is note from aws that:

After January 1st 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created User Pool Clients if no value is provided.

but we should be able to control it anyways.

New or Affected Resource(s)

• aws_cognito_user_pool_client

Potential Terraform Configuration

prevent_user_existence_errors = "enabled" | "legacy"

References

• https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
• https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html
• https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPoolClient.html