cdk user pool configuration not working

Question

I am trying to enable the email auto verification of user pool, the code looks like below right now, although I have set autoVerify for email to be true and set up the userVerification property, after deployed, "Cognito-assisted verification and confirmation" in Sign-up experience was set as No, and has to be manually switched to Yes so verification email can be sent when a new user is registered. And the message template was also default instead of what is specified in userVerification property, email style is CODE. Email sending service is also cognito as default.

const userPool = new cognito.UserPool(this, "UserPool", {
      userPoolName: "RecruitmentManagerUserPool",
      selfSignUpEnabled: true,
      signInAliases: { email: true },
      autoVerify: { email: true },
      removalPolicy: RemovalPolicy.DESTROY,
      passwordPolicy: {
        minimumLength: 8,
        requireLowercase: true,
        requireUppercase: true,
        requireNumbers: true,
        requireSymbols: true,
      },
      email: cognito.UserPoolEmail.withSES({
        fromEmail: emailFrom,
        fromName: "Recruitment Manager",
        replyTo: emailFrom,
        sesRegion: this.region,
        sesVerifiedDomain: emailDomain,
        role: cognitoSESRole, 
      }),
      userVerification: {
        emailSubject: "Verify your email for Recruitment Manager!",
        emailBody:
          "Please click the following link to verify your email: {##Click Here##}",
        emailStyle: cognito.VerificationEmailStyle.LINK,
      },
    });

re:Post Agent · Answer

It appears that there might be a misunderstanding in how the auto-verification and user verification settings work in the AWS CDK for Cognito User Pools.

The `autoVerify` property you've set to `{ email: true }` is correct for enabling automatic verification of email addresses. However, this doesn't automatically enable the "Cognito-assisted verification and confirmation" feature.

To enable the email verification process during sign-up, you need to ensure that `selfSignUpEnabled` is set to `true`, which you have done correctly.

The `userVerification` property you've specified is used to customize the verification message, but it doesn't control whether verification is enabled or not. It only defines the content and style of the verification message when it is sent.

To ensure that the verification email is sent and uses your custom template, you might need to adjust your configuration slightly:

1. Make sure `selfSignUpEnabled` is set to `true` (which you already have).
2. Keep the `autoVerify: { email: true }` setting.
3. Ensure that `signInAliases` includes email (which you have done).
4. The `userVerification` property should be configured as you have it.

If after making these adjustments, you still don't see the expected behavior, it's possible that there might be a bug or limitation in the CDK version you're using. In that case, you may need to manually enable the "Cognito-assisted verification and confirmation" in the AWS Console after deployment.

Regarding the email sending service defaulting to Cognito instead of using your SES configuration, make sure that the `cognitoSESRole` you're passing has the necessary permissions to send emails via SES. Also, verify that the email address and domain you're using for SES are properly verified in the SES console.

If the issue persists, you might want to consider using the `cfnUserPool.overrideLogicalId()` method to ensure that CDK doesn't create a new User Pool on each deployment, which could reset your manual changes.

Remember to test thoroughly after making these changes, as email verification is a critical part of the user sign-up process.

**Sources**  
[class UserPool (construct) · AWS CDK](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPool.html)  
[interface UserPoolProps · AWS CDK](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.UserPoolProps.html)

cdk user pool configuration not working

Relevant content