-
For the Attributes choose
phone numbers
as required attribute and allow both email address and phone number as username. -
MFA as optional
-
Let console create
IAM
role -
Create app client
-
Clone the CustomSmsSender lambda function from Github
-
Create zip and upload it to AWS
-
Set the environment variables, for more information check the CustomSMSSender README.adoc file.
-
Go to AWS Key Management Service [KMS]
-
Create
Symmetric Key
-
Add the lambda
iam
user in the key user -
then update the
key arn`
value into thelambda env
variables.
Grant Amazon Cognito service principal cognito-idp.amazonaws.com access to invoke the Lambda function
aws lambda add-permission --function-name lambda_arn --statement-id "CognitoLambdaInvokeAccess" --action lambda:InvokeFunction --principal cognito-idp.amazonaws.com
aws cognito-idp update-user-pool --user-pool-id userpool-id --lambda-config "CustomSMSSender={LambdaVersion=V1_0,LambdaArn= lambda-arn },KMSKeyID= key-id"
After executing the above step it will reset the MFA
, so we need to re-configure it
-
Modify
SIGN-IN Experience
to enable user to change
-
SIGN-UP Experience
-
Lambda name must appears in the
user poll
properties