Using CustomSenderKmsKey in the AWS Cognito CDK

Question

I am configuring a Cognito User Pool using the CDK. In the UserPool constructor, there is a custom_sender_kms_key attribute that is set to None by default.

The documentation states that :
This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. Default: - No key ID configured.

I don't know if I should configure this or not. I'm not sure what it is used for. Any idea?

score 1 · Accepted Answer · answered Jul 27 '22 at 14:37

1

Unless you are using custom lambda to send the email and sms, you would not need to configure the key.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html

answered Jul 27 '22 at 14:37

Vikram S

792
4
7

Using CustomSenderKmsKey in the AWS Cognito CDK

1 Answers1