Modify Amplify-generated Cognito resources with CDK
Amplify Auth provides sensible defaults for the underlying Amazon Cognito resource definitions. You can customize your authentication resource to enable it to behave exactly as needed for your use cases by modifying it directly using AWS Cloud Development Kit (CDK)
Override Cognito UserPool password policies
You can override the password policy by using the L1 cfnUserPool construct and adding a addPropertyOverride.
amplify/backend.ts
1import { defineBackend } from '@aws-amplify/backend';2import { auth } from './auth/resource';3
4const backend = defineBackend({5 auth,6});7// extract L1 CfnUserPool resources8const { cfnUserPool } = backend.auth.resources.cfnResources;9// use CDK's `addPropertyOverride` to modify properties directly10cfnUserPool.addPropertyOverride(11 "Policies",12 {13 PasswordPolicy: {14 MinimumLength: 10,15 RequireLowercase: true,16 RequireNumbers: true,17 RequireSymbols: true,18 RequireUppercase: true,19 TemporaryPasswordValidityDays: 20,20 },21 }22);Custom Attributes
The following code will allow you to add custom attributes using the Userpool schema property with the L1 cfnUserPool construct.
amplify/backend.ts
1import { defineBackend } from '@aws-amplify/backend';2import { auth } from './auth/resource';3import { data } from './data/resource';4
5const backend = defineBackend({6 auth,7 data8});9
10// extract L1 CfnUserPool resources11const { cfnUserPool } = backend.auth.resources.cfnResources;12// use CDK's `addPropertyOverride` to modify properties directly13cfnUserPool.addPropertyOverride("Schema", [14 {15 Name: "publicName",16 AttributeDataType: "String",17 Mutable: true,18 },19]);