Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cognito: advanced security features for userpool #7405

Closed
2 tasks
brainstorm opened this issue Apr 17, 2020 · 3 comments · Fixed by #23261
Closed
2 tasks

Cognito: advanced security features for userpool #7405

brainstorm opened this issue Apr 17, 2020 · 3 comments · Fixed by #23261
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p1

Comments

@brainstorm
Copy link

This is a followup issue from #7245 (comment)

After creating a UserPool, the web console section that reads like the following:

"Do you want to enable advanced security features for this user pool?"

Skärmavbild 2020-04-17 kl 21 01 40

Does not seem to be found on CDK.

Use Case

I need this feature for security auditing purposes on a clinical genomics context.

Proposed Solution

Find out the equivalent Cloudformation section for this, implement it in CDK.

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@brainstorm brainstorm added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 17, 2020
@SomayaB SomayaB added the @aws-cdk/aws-cognito Related to Amazon Cognito label Apr 20, 2020
@nija-at nija-at added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md and removed needs-triage This issue or PR still needs to be triaged. labels Apr 22, 2020
@brainstorm brainstorm mentioned this issue Apr 22, 2020
Closed
winky added a commit to winky/aws-cdk that referenced this issue May 3, 2020
@winky
feat(cognito): advanced security option for userpool
7ec6389 
Support for  advanced security option in the user pool module. Advanced security option can be explicitly configured for enforced, audito or off

fixes aws#7405
@winky winky mentioned this issue May 3, 2020
Closed
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label May 5, 2020
@nija-at nija-at mentioned this issue Jun 18, 2020
Closed
@nija-at nija-at added the p1 label Aug 17, 2020
@mirgj mirgj mentioned this issue Dec 9, 2021
Closed
@ann8ty
Copy link

ann8ty commented Sep 12, 2022

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html

The underlying cloudformation supports this feature. It is AWS::Cognito::UserPool UserPoolAddOns

AdvancedSecurityMode
The advanced security mode.

Required: No

Type: String

Allowed values: AUDIT | ENFORCED | OFF

@ulaskeles
Copy link

You can do this in CDK. For example in TypeScript:

import cognito = require("@aws-cdk/aws-cognito");
...
const userPool = new cognito.UserPool(...);
const cfnUserPool = userPool.node.defaultChild as cognito.CfnUserPool;
cfnUserPool.userPoolAddOns = { advancedSecurityMode: "AUDIT" };

@watany-dev watany-dev mentioned this issue Dec 7, 2022
Merged
4 tasks
@mergify mergify bot closed this as completed in #23261 Dec 7, 2022
mergify bot pushed a commit that referenced this issue Dec 7, 2022
@watany-dev
feat(cognito): add new AdvancedSecurityMode property (#23261)
9cc9bd3 
fixes #7405


https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooladdons
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode

We refer to the following suspended PRs
#17923

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Dec 7, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Dec 9, 2022
@watany-dev
feat(cognito): add new AdvancedSecurityMode property (aws#23261)
78e84e7 
fixes aws#7405


https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooladdons
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode

We refer to the following suspended PRs
aws#17923

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Jan 20, 2023
@watany-dev
feat(cognito): add new AdvancedSecurityMode property (aws#23261)
c1f1683 
fixes aws#7405


https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooladdons
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode

We refer to the following suspended PRs
aws#17923

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
brennanho pushed a commit to brennanho/aws-cdk that referenced this issue Feb 22, 2023
@watany-dev
feat(cognito): add new AdvancedSecurityMode property (aws#23261)
c541478 
fixes aws#7405


https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooladdons
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode

We refer to the following suspended PRs
aws#17923

----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Construct Runtime Dependencies:

* [ ] This PR adds new construct runtime dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-construct-runtime-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-cognito Related to Amazon Cognito effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p1
Projects
None yet
Milestone
No milestone
5 participants
@brainstorm @ulaskeles @nija-at @SomayaB @ann8ty