Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cognito - Enabling MFA | Error: MFA cannot be turned off if an SMS role is configured

Tags:

amazon-web-services

amazon-cognito

multi-factor-authentication

Im trying to enable MFA for an existing AWS Cognito user pool. Im editing the user-pool configuration, but trying to save the new configuration results in a MFA cannot be turned off if an SMS role is configured error (see picture). I don't understand that error message, and Google is no help.

Question: What am I do wrong, how can I enable MFA for an existing user pool?

enter image description here

like image 959
Vingtoft Avatar asked Jun 04 '18 13:06

Vingtoft

People also ask

What is MFA in Cognito?

Multi-factor authentication (MFA) increases security for your app. It adds a something you have authentication factor to the something you know factor of user name and password. You can choose SMS text messages or time-based one-time passwords (TOTP) as second factors to sign in your users.

How do I set up authentication in Cognito?

Go to AWS Cognito service and click “Manage Identity Pools”. 2. Enter “Identity pool name”, expand the “Authentication providers” section and select “Cognito” tab. This is where the Cognito authentication provider will be registered with the Identity pool.

Can Cognito be used as authorization?

Amazon Cognito enables simple, secure user authentication, authorization and user management for web and mobile apps. With Cognito, a user or visitor can sign in with a username and password through Amazon, or through a third party like Facebook, Google or Apple.

2 Answers

Go to IAM and make sure you didn't accidently created an SMS role. Under the step :

You must provide a role to allow Amazon Cognito to send SMS messages

If you press Create Role then this will generate the error you mentioned. I guess in order to continue you need to properly configure your SMS.

To solve this issue I had to remove an SMS role (IAM) linked to my Users Pool.

So by removing the SMS role I was able to continue the creation of the new User Pool.

You can do that by signing to your console. Go to IAM on the left side under the dashboard go to Roles. Select from the list the SMS role associated to your User pool and delete it.

like image 104
Mohamed Salem Lamiri Avatar answered Sep 21 '22 11:09

Mohamed Salem Lamiri

The SNSRole is added automatically, can't be changed by any available parameter and can't be modified later. The current workaround is to manually modify the yaml configuration and remove that part.

  • amplify add auth
  • go through all the config
  • open the file backend/auth/<name>/<name>-cloudformation-template.yml
  • remove SNSRole row in Resources and SmsConfiguration in Resources > UserPool > Properties
  • amplify push

from: https://github.com/aws-amplify/amplify-js/issues/2906

like image 29
b26 Avatar answered Sep 22 '22 11:09

b26
Sign in to Comment

Related questions

React Router DOM not working correctly on Amplify Console AWS
Specifying a custom role for lambda with the AWS CDK
git aws.push: No module named boto
What is meant by "Security Groups are stateful"?
How to install Tomcat in Amazon Web Services EC2
How do I find the OS of a running EC2 instance?
Exclude directories from elastic beanstalk deploy
htaccess works in localhost but doesn't work in EC2 instance
AWS S3 Sync with JS/Node SDK
Search AWS CloudWatch Logs with special character in JSON property name
Django application 504 error after saving model
AWS API Get Any Resource By ARN
How do the amazon web services work?
serverless-aws-documentation model definitions with optional fields?
How to configure a Laravel based app on AWS ECS using Fargate?
AWS Amazon IAM user Policy to access ONLY one EC2 instance on EU-WEST-1 region
log to specific logstream in cloudwatch from lambda
Multiple Policy Statements for CloudFront Custom Policy (Signed Cookies)
Tomcat takes too much time to start - Java SecureRandom
Cross-compile node module with native bindings with node-gyp

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!