Registering users not receiving verification code on new forks/branches

[athewsey]

When creating a new fork/branch in Amplify (therefore a new stack), newly registering users don't seem to be receiving their verification codes to email initially.

This seems to be because of some kind of misconfiguration in the Amplify auth resource... Manual workaround to correct a new environment is to:

• Open the Cognito User Pools console and select the relevant user pool
• In General Settings > MFA and Verifications set Which attributes do you want to verify? to Email. You might also have to set Do you want to enable Multi-Factor Authentication (MFA)? to Optional
• Either force-confirm the previously registered users in the Cognito console, or delete and ask them to re-register

Ideally hoping there's some way the Amplify configuration can be fixed to set the user pool up right-first-time

[athewsey]

Just realized there's an additional problem with the setup driving inability to log in when deploying a new fork/branch: The Cognito roles have incorrect trust policies when first created. Need to edit the trust relationships of your authRole and unauthRole (can use IAM console) so that they trust your Cognito identity pool: Something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "ap-southeast-1:12345678-abcd-cdef-9876-0123456789abcdef"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}

Can find your Cognito identity pool ID from the Cognito Identity Pools Console with "Edit identity pool".

This should likewise be fixed in the stack to save the manual workaround