Merge pull request #6 from clouddrove/internal-202

Feat: Updated the mfa configuration in the aws cognito tf module
clouddrove · Feb 28, 2023 · e5b8254 · e5b8254
2 parents 812a610 + 5b24963
commit e5b8254
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -85,7 +85,8 @@ module "cognito" {
   allow_admin_create_user_only          = false
   advanced_security_mode                = "OFF"
   domain                                = "test"
-  mfa_configuration                     = "OFF"
+  mfa_configuration                     = "ON"
+  allow_software_mfa_token              = true
   deletion_protection                   = "INACTIVE"
   users = {
             user01 = {

diff --git a/README.yaml b/README.yaml
@@ -50,7 +50,8 @@ module "cognito" {
   allow_admin_create_user_only          = false
   advanced_security_mode                = "OFF"
   domain                                = "test"
-  mfa_configuration                     = "OFF"
+  mfa_configuration                     = "ON"
+  allow_software_mfa_token              = true
   deletion_protection                   = "INACTIVE"
   users = {
             user01 = {

diff --git a/_example/example.tf b/_example/example.tf
@@ -13,7 +13,8 @@ module "cognito" {
   allow_admin_create_user_only          = false
   advanced_security_mode                = "OFF"
   domain                                = "test"
-  mfa_configuration                     = "OFF"
+  mfa_configuration                     = "ON"
+  allow_software_mfa_token              = true  
   deletion_protection                   = "INACTIVE"
   users = {
             user01 = {

diff --git a/main.tf b/main.tf
@@ -238,6 +238,14 @@ resource "aws_cognito_user_pool" "user_pool" {
     advanced_security_mode = var.advanced_security_mode
   }
 
+  # software_token_mfa_configuration
+  dynamic "software_token_mfa_configuration" {
+    for_each = var.allow_software_mfa_token ? [true] : []
+
+    content {
+      enabled = true
+    }
+  }
 
   username_configuration {
     case_sensitive = var.case_sensitive

diff --git a/variables.tf b/variables.tf
@@ -75,6 +75,12 @@ variable "mfa_configuration" {
   description = "Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF, ON and OPTIONAL."
 }
 
+variable "allow_software_mfa_token" {
+  description = "(Optional) Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA when 'sms_configuration' is not present, the 'mfa_configuration' argument must be set to OFF and the 'software_token_mfa_configuration' configuration block must be fully removed."
+  type        = bool
+  default     = true
+}
+
 variable "advanced_security_mode" {
   type        = string
   default     = "OFF"