I do see the RecoveryOption listed here https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-recoveryoption.html
But the in UserPool, I don't see RecoveryOption https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
Anyone used RecoveryOption already with Cloudformation.
Please advice if this is an documentation issue or any limitation around it.
RecoveryOptions is part of RecoveryMechanism which is part of AccountRecoverySetting:
{
"RecoveryMechanisms" : [ RecoveryOption, ... ]
}
Here you are an example of an user pool with recovery options, put all together in your CloudFormation template like this:
testUserPool:
DependsOn: [ cognitoSMSRole ]
Type: AWS::Cognito::UserPool
Properties:
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
- Name: verified_phone_number
Priority: 2
AdminCreateUserConfig:
AllowAdminCreateUserOnly: False
AutoVerifiedAttributes:
- phone_number
EnabledMfas:
- SMS_MFA
MfaConfiguration: OPTIONAL
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: True
RequireNumbers: True
RequireSymbols: True
RequireUppercase: True
TemporaryPasswordValidityDays: 7
Schema:
- AttributeDataType: String
DeveloperOnlyAttribute: False
Mutable: False
Name: name
Required: True
- AttributeDataType: String
DeveloperOnlyAttribute: False
Mutable: False
Name: last_name
Required: False
SmsConfiguration:
ExternalId: !Sub cognito-sms-role-prod
SnsCallerArn: !GetAtt cognitoSMSRole.Arn
UsernameAttributes:
- phone_number
UsernameConfiguration:
CaseSensitive: False
UserPoolName: !Sub UserPool-prod
I found the RecoveryOption already. It is in AccountRecoverySetting https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-accountrecoverysetting