Deploy AWS UserPool via CloudFormation with attribute update

Question

If you deploy a UserPool via CloudFormation, e.g:

Resources:
  UserPool:
    Type: 'AWS::Cognito::UserPool'
    Properties:
      ...
      Schema:
        - Name: email
          AttributeDataType: String
          Mutable: true
          Required: true

and then update the attributes to make name required:

Schema:
  - Name: email
    AttributeDataType: String
    Mutable: true
    Required: true
  - Name: name
    AttributeDataType: String
    Mutable: true
    Required: true

AWS thinks that name is a custom attribute and fails with:

Required custom attributes are not supported currently. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: ...)

It's only an update that fails, deploying a clean stack correctly sets both the email and name standard attributes to required.

Is there any way for the update to succeed?

Answer 1

Unfortunately this is some sort of bug from CloudFormation. Very similar to other issues, for example on the update of DynamoDB tables with more than one index.

The only feasible way to do the update is to do that in two steps:

1. Remove the attribute that has to be changed (in your case name), deploy the CloudFormation
2. Add the attribute with the correct values (so adding Require: true in your case), deploy the CloudFormation

As previously said there are quite a lot of issues similar to that case, and you'd better signal your issue to AWS in order to get support and the bug fixed.