Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator. #1506

phsstory · 2020-03-11T05:25:02Z

Description:

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator.

Reference Documentation links:

Expected missing keys in property_types in samtranslator/model/cognito.py

Steps to reproduce the issue:

Use the following template snippet in a deploy

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UsernameConfiguration:
        CaseSensitive: False
      AccountRecoverySetting:
        RecoveryMechanisms:
          - Name: verified_email
            Priority: 1

Observed result:

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED.

Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Resource with id [CognitoUserPool] is invalid. property UsernameConfiguration not defined for resource of type AWS::Cognito::UserPool

Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Resource with id [CognitoUserPool] is invalid. property AccountRecoverySetting not defined for resource of type AWS::Cognito::UserPool

Expected result:

Successful deploy

ShreyaGangishetty · 2020-03-11T18:23:30Z

AWS::Cognito::UserPool is a passthrough property in SAM.
Thanks for reporting the issue! We would really appreciate community contributions on this issue.
All the properties of UserPool resource need to be updated here for SAM support.


          fix : missing UserPool properties (aws#1506)


          fix : missing UserPool properties (#1506) (#1581)

dipak1296 · 2020-07-09T13:30:55Z

The above template mentioned by @phsstory now seems to be working but there are still a few cases where the serverless transform fails with the same error. Example:

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Resources:
  UserPool:
    Type: 'AWS::Cognito::UserPool'
    Properties:
      AccountRecoverySetting:
        RecoveryMechanisms:
          - Name: verified_email
            Priority: 1

  ApiGatewayApi:
    Type: 'AWS::Serverless::Api'
    Properties:
      StageName: dev

  ServerlessFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: python3.6
      InlineCode: |
        def handler(event, context):
          print("Hello, world!")
      Events:
        CognitoUserPoolPostConfirm:
          Type: Cognito
          Properties:
            UserPool:
              Ref: UserPool
            Trigger: PostConfirmation
        ApiEvent:
          Type: Api
          Properties:
            Path: /
            Method: get
            RestApiId:
              Ref: ApiGatewayApi

Fails with the error:
Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [UserPool] is invalid. property AccountRecoverySetting not defined for resource of type AWS::Cognito::UserPool

If we remove the "CognitoUserPoolPostConfirm" from the ServerlessFunction, the template get deployed without any issue.

Just wanted to specify this related issue so that it could be fixed along.


          Release v1.26.0 (#1680)

* feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com>


          Release v1.26.0 (#1680) (#1685)

* feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com>


          Release/v1.27.0 resolveconflict (#1717)

* Release v1.26.0 (#1680) * feat: add support for VPCEndpointIds in EndpointConfiguration * fix: update formatting with black * docs: update 2016-10-31.md * docs: added api endpointconfiguration example * docs: make example more generic * fix: remove nested EndpointConfiguration types from output * fix: only allow one EndpointConfiguration Type * doc: update example to reflect only allowing one EndpointConfiguration Type * fix : missing UserPool properties (#1506) (#1581) * fix: resource policy generation for {path+} (#1580) * refactor: Remove 2016-10-31 examples * update PR template * adjust pr template * Adding authorization scopes as list validation in ApiGatewayAuthorizer (v1 and v2). (#1670) * Adding authorization scopes as list validation in ApiGatewayAuthorizer and ApiGatewayV2Authorizer. * make black. * Adding functional test for invalid auth scope. * adding error condition for invalid test. * removing test template file. * feat: MSK event type support for AWS::Serverless::Function (#52) Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> * Fix: Updated Slack Invite Link (#1712) * Updated Slack Invite Link * Restricted jsonschema to Python 2 * Forced pyrsistent to 0.16 in Python 2 * Reverted Changes to enum34 Co-authored-by: Sriram Madapusi Vasudevan <3770774+sriram-mv@users.noreply.github.com> Co-authored-by: Steve Brown <steve@fabric.com> Co-authored-by: jtaylor00 <joetaylor00@gmail.com> Co-authored-by: Jacob Fuss <jfuss@users.noreply.github.com> Co-authored-by: Alex Wood <awood45@gmail.com> Co-authored-by: Tarun <c2tarun@users.noreply.github.com> Co-authored-by: Cosh_ <CoshUS@users.noreply.github.com>

ShreyaGangishetty added contributors/good-first-issue good first issue labels Mar 11, 2020

jtaylor00 mentioned this issue Apr 29, 2020

fix : missing UserPool properties (#1506) #1581

Merged

1 of 5 tasks complete

sriram-mv mentioned this issue Aug 14, 2020

Merge master back onto develop #1685

Merged

0 of 4 tasks complete

Aug	SEP	Oct
	30
2019	2020	2021

aws / serverless-application-model

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator. #1506

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator. #1506

phsstory commented Mar 11, 2020

ShreyaGangishetty commented Mar 11, 2020

dipak1296 commented Jul 9, 2020 •

edited

aws / serverless-application-model

Join GitHub today

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator. #1506

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator. #1506

Comments

phsstory commented Mar 11, 2020

ShreyaGangishetty commented Mar 11, 2020

dipak1296 commented Jul 9, 2020 • edited

dipak1296 commented Jul 9, 2020 •

edited