Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

CLI: User pool update with cli-input-json fails validation with fine JSON

0

Hello,
trying to execute an user pool update with parsable and valid JSON file via CLI using aws cognito-idp update-user-pool --user-pool-id AWSRegion_PoolID --cli-input-json file://./input.json command, I got as validation error

Parameter validation failed:
Unknown parameter in AdminCreateUserConfig: "TemporaryPasswordValidityDays", must be one of: AllowAdminCreateUserOnly, UnusedAccountValidityDays, InviteMessageTemplate

but can't figure out what's wrong in input JSON...
The following is an excerpt

  "AdminCreateUserConfig": {
    "InviteMessageTemplate": {
      "EmailMessage": "Il nome utente è {username} e la password temporanea è {####}. ",
      "EmailSubject": "La tua password temporanea",
      "SMSMessage": "Il nome utente è {username} e la password temporanea è {####}. "
    },
    "UnusedAccountValidityDays": 14,
    "AllowAdminCreateUserOnly": false
  }

so TemporaryPasswordValidityDays is not specified here.
I could have miss something, but can't figure out what... can someone help or give any advice? TY

Themen
Management & Unternehmensführung
Tags
AWS Befehlszeilenschnittstelle
Sprache
English
alessio
gefragt vor 4 Jahren1015 Aufrufe
2 Antworten
1

Since I was using v1 AWS CLI, I thought that using v2 could have a passed validation, so I upgraded.

Now, using the same update command, I got An error occurred (InvalidParameterException) when calling the UpdateUserPool operation: Please use TemporaryPasswordValidityDays in PasswordPolicy instead of UnusedAccountValidityDays with

   "PasswordPolicy": {
     "RequireNumbers": true,
     "RequireLowercase": true,
     "RequireSymbols": false,
     "RequireUppercase": true,
     "TemporaryPasswordValidityDays": 14,
     "MinimumLength": 8
   }

, so the issue seems again about TemporaryPasswordValidityDays just changed a little.

This thing started puzzling me a lot... by comparing update skeleton or even reading AWS CloudFormation reference for AWS::Cognito::UserPool PasswordPolicy https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html we are allowed to use TemporaryPasswordValidityDays.
Comparing for what is raised on error, the only occurence for UnusedAccountValidityDays is in another part of the file

 "AdminCreateUserConfig": {
   "UnusedAccountValidityDays": 14,
   "AllowAdminCreateUserOnly": false,
   "InviteMessageTemplate": {
     "EmailSubject": "AIR - La tua password temporanea",
     "SMSMessage": "Il nome utente è {username} e la password temporanea è {####}. ",
     "EmailMessage": "Il nome utente è {username} e la password temporanea è {####}."
   }
 },

that I can see still valid at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html as AWS CloudFormation reference.

So now I start doubting about validation...

The side questions are now: What is the purpose of validation that raises error when input is fine? Is it possible to skip this kind of validation?
Thanks

alessio
beantwortet vor 4 Jahren
1

I tried mixed configurations and in the end I got a successful update by deleting AdminCreateUserConfig.UnusedAccountValidityDays

alessio
beantwortet vor 4 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt