By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CLI: User pool update with cli-input-json fails validation with fine JSON

0

Hello,
trying to execute an user pool update with parsable and valid JSON file via CLI using aws cognito-idp update-user-pool --user-pool-id AWSRegion_PoolID --cli-input-json file://./input.json command, I got as validation error

Parameter validation failed:
Unknown parameter in AdminCreateUserConfig: "TemporaryPasswordValidityDays", must be one of: AllowAdminCreateUserOnly, UnusedAccountValidityDays, InviteMessageTemplate

but can't figure out what's wrong in input JSON...
The following is an excerpt

  "AdminCreateUserConfig": {
    "InviteMessageTemplate": {
      "EmailMessage": "Il nome utente è {username} e la password temporanea è {####}. ",
      "EmailSubject": "La tua password temporanea",
      "SMSMessage": "Il nome utente è {username} e la password temporanea è {####}. "
    },
    "UnusedAccountValidityDays": 14,
    "AllowAdminCreateUserOnly": false
  }

so TemporaryPasswordValidityDays is not specified here.
I could have miss something, but can't figure out what... can someone help or give any advice? TY

Topics
Management & Governance
Tags
AWS Command Line Interface
Language
English
alessio
asked 4 years ago996 views
2 Answers
1

Since I was using v1 AWS CLI, I thought that using v2 could have a passed validation, so I upgraded.

Now, using the same update command, I got An error occurred (InvalidParameterException) when calling the UpdateUserPool operation: Please use TemporaryPasswordValidityDays in PasswordPolicy instead of UnusedAccountValidityDays with

   "PasswordPolicy": {
     "RequireNumbers": true,
     "RequireLowercase": true,
     "RequireSymbols": false,
     "RequireUppercase": true,
     "TemporaryPasswordValidityDays": 14,
     "MinimumLength": 8
   }

, so the issue seems again about TemporaryPasswordValidityDays just changed a little.

This thing started puzzling me a lot... by comparing update skeleton or even reading AWS CloudFormation reference for AWS::Cognito::UserPool PasswordPolicy https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html we are allowed to use TemporaryPasswordValidityDays.
Comparing for what is raised on error, the only occurence for UnusedAccountValidityDays is in another part of the file

 "AdminCreateUserConfig": {
   "UnusedAccountValidityDays": 14,
   "AllowAdminCreateUserOnly": false,
   "InviteMessageTemplate": {
     "EmailSubject": "AIR - La tua password temporanea",
     "SMSMessage": "Il nome utente è {username} e la password temporanea è {####}. ",
     "EmailMessage": "Il nome utente è {username} e la password temporanea è {####}."
   }
 },

that I can see still valid at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html as AWS CloudFormation reference.

So now I start doubting about validation...

The side questions are now: What is the purpose of validation that raises error when input is fine? Is it possible to skip this kind of validation?
Thanks

alessio
answered 4 years ago
1

I tried mixed configurations and in the end I got a successful update by deleting AdminCreateUserConfig.UnusedAccountValidityDays

alessio
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content