Reputation: 788
Error trying to enable SMS MFA factor in AWS Cognito
After going in circles for hours in AWS documentation, I still can't find the answer.
In AWS Cognito -> MFA and verifications tab I have:
- enabled Multi-Factor Authentication (MFA) and set it to
OPTIONAL - enabled both second factors (
SMS text messageandTime-based One-time Password) - clicked the
Create rolebutton to create***cognitouserpool-SMS-Role
After I click Save changes, I get an error message: You must create a SMS verification role.
Isn't this the role I created with the Create role button?
If I uncheck the SMS text message second-factor checkbox, everything saves without error.
Is this a bug or am I doing something wrong?
P.S.: in the IAM configuration for this role, the trusted relationship looks like this (I censored the ExternalId):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "********-****-****-****-************"
}
}
}
]
}
Upvotes: 0
Views: 1493
Answers (1)
Reputation: 2065
Open MFA and verifications, Select SMS text message,
At You must provide a role to allow Amazon Cognito to send SMS messages
You type new role name, and click create role again.
Wait some seconds, then save change
Upvotes: 1
Related Questions
- AWS MFA Issue Please verify your MFA serial number is valid and associated with this user
- Setup cognito hosted UI with MFA
- AWS Cognito - Enabling MFA | Error: MFA cannot be turned off if an SMS role is configured
- Cognito and MFA
- Creating an IAM service role to allow Amazon Cognito to send SMS messages for MFA
- Configure a Custom SMS Message for MFA in AWS Cognito
- AWS Cognito - MFA setup
- AWS Cognito SMS Role : Cannot create or assign a new role
- How to setup SMS configuration in AWS Cognito?
- AWS Cognito not sending verification SMS