-
|
I have deployed a react website project with default setting similar with the readme walk through. How to disable the mfa for the existing user pool? A few users have been added, we want to continue using this userpool without re-sign-up everyone, but we don't want mfa, some people don't have authenticator app and there is huge friction to get those non-tech people to use it. The existing application-stack.ts, have this line which created that default mfa enabled user pool If I update the that line in application-stack.ts to below, build and redeploy, it will create a complete new user pool which is not desired. ` |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hey! Ahh this is a little tricky as if you create another user pool it'll have a different logical ID by default which means that CloudFormation will create a new resource. It's possible to override the logical ID of a resource, but that might get complicated if you need to deploy multiple stacks eg in a pipeline... I think the simplest approach would be to override the the MFA configuration of the existing First it's best to make sure you have a snapshot test so that you can verify the changes to the generated cfn template, ie: import { App } from "aws-cdk-lib";
import { Template } from "aws-cdk-lib/assertions";
import { ApplicationStack } from "../src/stacks/application-stack";
test("Snapshot", () => {
const app = new App();
const stack = new ApplicationStack(app, "test"); // Or whichever stack your UserIdentity construct is in
const template = Template.fromStack(stack);
expect(template.toJSON()).toMatchSnapshot();
});You should have one like this already if you're using the Next, you can access the underlying cloudformation user pool construct which allows us to override properties: const userIdentity = new UserIdentity(this, `${id}UserIdentity`);
const cfnUserPool = userIdentity.userPool.node.defaultChild as CfnUserPool;
cfnUserPool.mfaConfiguration = Mfa.OPTIONAL;You can then run a build and check that the snapshot diff is as expected, something like: --- a/packages/infra/test/__snapshots__/main.test.ts.snap
+++ b/packages/infra/test/__snapshots__/main.test.ts.snap
@@ -1566,7 +1566,7 @@ exports[`Snapshot 1`] = `
"SMS_MFA",
"SOFTWARE_TOKEN_MFA",
],
- "MfaConfiguration": "ON",
+ "MfaConfiguration": "OPTIONAL",
"Policies": {
"PasswordPolicy": {
"MinimumLength": 8,Hope that helps! |
Beta Was this translation helpful? Give feedback.
Hey! Ahh this is a little tricky as if you create another user pool it'll have a different logical ID by default which means that CloudFormation will create a new resource. It's possible to override the logical ID of a resource, but that might get complicated if you need to deploy multiple stacks eg in a pipeline...
I think the simplest approach would be to override the the MFA configuration of the existing
UserPoolwhich is part of theUserIdentityconstruct.First it's best to make sure you have a snapshot test so that you can verify the changes to the generated cfn template, ie: