Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito User Pool SMS configuration problem #1252

Closed
karakter98 opened this issue Nov 19, 2019 · 7 comments
Closed

Cognito User Pool SMS configuration problem #1252

karakter98 opened this issue Nov 19, 2019 · 7 comments

Comments

@karakter98
Copy link

Description:
When trying to create a Cognito user pool using SAM templates, SAM throws the error

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [CognitoUserPool] is invalid. Type of property 'SmsConfiguration' is invalid.

when specifying SmsConfiguration property.
In the template, there is also a Lambda trigger that has Cognito configured as an event source.
After looking through the project and doing some tests, I believe the error could appear in the samtranslator module:
'SmsConfiguration': PropertyType(False, list_of(dict)),
From the CloudFormation docs, SmsConfiguration seems to be a simple dict, but in the code snippet above, it is validated as a list of dicts.
Indeed, if I modify the corresponding part of the template from a mapping to a YAML list consisting of a single object, validation passes, but when the stack is created by CloudFormation, it fails with

Property validation failure: [Value of property {/SmsConfiguration} does not match type {Object}]

which is consistent with the type of the property specified in the CloudFormation docs.

Steps to reproduce the issue:

  1. Create a SAM template with a Cognito user pool configured to use SMS MFA and a Lambda trigger associated.
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  Example YAML.
Globals:
  Function:
    Timeout: 3
    Handler: lambda_function.lambda_handler
    Runtime: python3.6
    MemorySize: 128
Resources:
  PreSignupValidationLambda:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/pre_signup_validation/
      Events:
        CognitoTrigger:
          Type: Cognito
          Properties:
            UserPool: !Ref CognitoUserPool
            Trigger: PreSignUp
  CognitoUserPool:
    Type: 'AWS::Cognito::UserPool'
    Properties:
      AutoVerifiedAttributes:
        - phone_number
      MfaConfiguration: OPTIONAL
      Schema:
        - AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: false
          Name: sub
          Required: true
          StringAttributeConstraints:
            MaxLength: 2048
            MinLength: 0
        - AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Name: email
          Required: true
          StringAttributeConstraints:
            MaxLength: 2048
            MinLength: 0
        - AttributeDataType: String
          DeveloperOnlyAttribute: false
          Mutable: true
          Name: phone_number
          Required: true
          StringAttributeConstraints:
            MaxLength: 2048
            MinLength: 0
      SmsConfiguration:
        ExternalId: 'xxx-xxx-xxx'
        SnsCallerArn: !GetAtt CognitoSMSRole.Arn
      UsernameAttributes:
        - email
        - phone_number
      UserPoolName: Customers
  CognitoSMSRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: 'cognito-idp.amazonaws.com'
            Action:
              - 'sts:AssumeRole'
            Condition:
              StringEquals:
                'sts:ExternalId': 'xxx-xxx-xxx'
      Policies:
        - PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - 'sns:Publish'
                Resource:
                  - '*'
          PolicyName: CognitoSendSMS
      RoleName: CognitoSMSRole
  1. Write a basic Lambda function in <template_location>/src/pre_signup_validation/lambda_function.py
def lambda_handler(event: dict, context: dict):
    return event
  1. Run (Commands from the AWS Toolkit for PyCharm when trying to deploy application)
sam build --template template.yaml --build-dir build --use-container
sam package --template-file build/template.yaml --output-template-file build/packaged-template.yaml --s3-bucket <your_s3_bucket>
sam deploy --template-file build/packaged-template.yaml --stack-name test --no-execute-changeset

Observed result:
SAM validates the SmsConfiguration parameter of Cognito user pools as a list of type dict.
Expected result:
Validation should be consistent with CloudFormation specification.
@lafiosca
Copy link
Contributor

lafiosca commented May 1, 2020

Why was this closed @karakter98 ? Did you resolve your problem? I'm in the process of converting a CloudFormation template to a SAM template and experiencing the same error.

lafiosca added a commit to lafiosca/serverless-application-model that referenced this issue May 1, 2020
@lafiosca
correct CognitoUserPool SmsConfiguration type from list of dict to di…
f60dbe9 
…ct; fixes aws#1252
@lafiosca lafiosca mentioned this issue May 1, 2020
Merged
5 tasks
@lafiosca
Copy link
Contributor

lafiosca commented May 1, 2020

I've created a PR to fix this mistake: #1582

@ShadowBearVR
Copy link

Hi there. Was there ever any resolution to this issue @karakter98 ?

@karakter98
Copy link
Author

@snowhalo we ended up ditching the SMS verification feature altogether because of this. I have no idea if it's been fixed in the meantime.

@dbenader
Copy link

@lafiosca has this effort been abandoned?

@lafiosca
Copy link
Contributor

@dbenader I think only @jfuss can answer that. This is not my project.

@dbenader dbenader mentioned this issue Jan 9, 2022
Closed
mildaniel added a commit that referenced this issue Jan 17, 2022
@lafiosca @mildaniel
fix: Correct CognitoUserPool SmsConfiguration validation type (#1582)
a65e59e 
* correct CognitoUserPool SmsConfiguration type from list of dict to dict; fixes #1252

* Add tests for cognito userpool sms configuration type change

Co-authored-by: Daniel Mil <mladan@amazon.com>
@giulianoantonanzas
Copy link

look this

https://github.com/aws-samples/aws-serverless-airline-booking/blob/develop/amplify/backend/auth/awsserverlessairline44ea6421/awsserverlessairline44ea6421-cloudformation-template.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dbenader @lafiosca @ShadowBearVR @karakter98 @giulianoantonanzas