Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator.

[phsstory]

Description:

Immutable AWS::Cognito::UserPool properties are not supported in the SAM translator.

Reference Documentation links:

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-usernameconfiguration
• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-accountrecoverysetting

Expected missing keys in property_types in samtranslator/model/cognito.py

Steps to reproduce the issue:

Use the following template snippet in a deploy

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  CognitoUserPool:
    Type: AWS::Cognito::UserPool
    Properties:
      UsernameConfiguration:
        CaseSensitive: False
      AccountRecoverySetting:
        RecoveryMechanisms:
          - Name: verified_email
            Priority: 1

Observed result:

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED.

Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Resource with id [CognitoUserPool] is invalid. property UsernameConfiguration not defined for resource of type AWS::Cognito::UserPool

Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Resource with id [CognitoUserPool] is invalid. property AccountRecoverySetting not defined for resource of type AWS::Cognito::UserPool

Expected result:

Successful deploy

[ShreyaGangishetty]

AWS::Cognito::UserPool is a passthrough property in SAM. Thanks for reporting the issue! We would really appreciate community contributions on this issue. All the properties of UserPool resource need to be updated here for SAM support.

[dipak1296]

The above template mentioned by @phsstory now seems to be working but there are still a few cases where the serverless transform fails with the same error. Example:

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Resources:
  UserPool:
    Type: 'AWS::Cognito::UserPool'
    Properties:
      AccountRecoverySetting:
        RecoveryMechanisms:
          - Name: verified_email
            Priority: 1

  ApiGatewayApi:
    Type: 'AWS::Serverless::Api'
    Properties:
      StageName: dev

  ServerlessFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: python3.6
      InlineCode: |
        def handler(event, context):
          print("Hello, world!")
      Events:
        CognitoUserPoolPostConfirm:
          Type: Cognito
          Properties:
            UserPool:
              Ref: UserPool
            Trigger: PostConfirmation
        ApiEvent:
          Type: Api
          Properties:
            Path: /
            Method: get
            RestApiId:
              Ref: ApiGatewayApi

Fails with the error: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [UserPool] is invalid. property AccountRecoverySetting not defined for resource of type AWS::Cognito::UserPool

If we remove the "CognitoUserPoolPostConfirm" from the ServerlessFunction, the template get deployed without any issue.

Just wanted to specify this related issue so that it could be fixed along.

[hoffa]

The properties from this issue are included:

https://github.com/aws/serverless-application-model/blob/f3db0f380ec25e117c75f5253e359212aa23deb1/samtranslator/model/cognito.py#L8-L31

Similar issues: https://github.com/aws/serverless-application-model/issues/3042 https://github.com/aws/serverless-application-model/issues/2581