Cognito User Pool Error AwsSolutions-COG3
See original GitHub issueGeneral Issue
My stack adds “AdvancedSecurityMode” : “ENFORCED” but cdk-nag raises Error
The Question
I am running CDK 2.41.0 (build 6ad48a3) on Windows 10 using Python 3.9.12. I am deploying a Cognito User Pool. Since CDK apparently does not support “AdvancedSecurityMode”, I used the Cloud Formation “escape hatch” to add it to my User Pool.
user_pool.node.default_child.add_property_override(
'UserPoolAddOns.AdvancedSecurityMode',
'ENFORCED'
)
When I deploy my stack, I can see in the AWS Console that my User Pool does have “AdvancedSecurityMode” enabled. But cdk-nag
doesn’t see it. The output is:
[Error at /Cognito-test-ech/CognitoUserPool/Resource] AwsSolutions-COG3: The Cognito user pool does not have AdvancedSecurityMode set to ENFORCED.
I am not clear on how cdk-nag
introspects my stack, so I didn’t open a Bug
, but I need help understanding if this is a bug or not.
cdk-nag version
“2.18.12”
Language
Python
Other information
No response
Issue Analytics
- State:
- Created a year ago
- Comments:5
Top Results From Across the Web
Managing error responses - Amazon Cognito
Amazon Cognito supports customizing error responses returned by user pools. Custom error responses are available for user creation and authentication, ...
Read more >AWS Cognito user pool signup "Unknown error, the response ...
In request to cognito-idp.us-west-2.amazonaws.com the header X-Amz-User-Agent: aws-amplify/0.1.x js is passed, but i don't use Amplify. Maybe ...
Read more >Cannot perform specific action because there does not exist a ...
I created a subdomain in the Cognito config and and the user pool error went away but then I got a InvalidParameterException: The...
Read more >amazon-cognito-identity-js - npm
Your User Pool in Amazon Cognito is a fully managed user ... Note that the various errors returned by the service are valid...
Read more >Use an existing Cognito User Pool and Identity Pool
Configure the Amplify CLI to use existing Amazon Cognito User Pool and Identity Pool resources as an authentication & authorization mechanism for other ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I understand. I guess I was initially surprised that
cdk-nag
would raise an error about a resource setting that CDK doesn’t allow one to set. But, it is definitely better to know about it in order to do something about it! Thanks for explaining!I initially thought that
cdk-nag
would tell me I hadn’t set the right property using CDK, and so I was surprised to getting “nagged” about something that CDK doesn’t let me (directly) fix. But it all makes sense, as I know CDK is a work-in-progress. I’m glad the rules are independent of what’s easy to do with CDK, because we want to make our app secure, and need to know. Thanks again!