Menu
I use create_user_pool for creating new Cognito user pools. I see there's a SmsConfiguration option which takes an ExternalId.
If you set up MFA for your user pool using the Cognito portal, this External Id (which looks like an UUID) will be used in the automatically generated IAM SMS-Role.
Where do I find/generate the value for ExternalId if I want to manually (using boto3 or AWS CLI) create the user pool and the IAM SMS role?
My MFA setup looks like this:
434
You're right, it's a UUID that you define in the IAM Role. Here is an example CloudFormation Template with an External ID -
CognitoSMSRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Condition:
StringEquals:
"sts:ExternalId": 'this-is-my-external-id'
Path: "/"
CognitoSMSPolicy:
Type: "AWS::IAM::Policy"
Properties:
PolicyName: "CognitoSMSPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "sns:publish"
Resource:
- "*"
Roles:
- Ref: CognitoSMSRole
You can also find the External ID in the console.
IAM -> Roles -> Select your Role -> Trusted Relationships
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
