change the expiry time set to the verification code sent through Email using AWS cognito

Question

Currently when I am creating a user I am sending one verification 6digit code on user added email, which expires after 24 hours. I had gone through the AWS Cognito Email verification document but didn't get anything the modify the expiry time of Email verification code. Can anyone please let me know how can I change the timing from 24hours to 10mins

This is the link which i had gone through

Answer 1

From the link you provided, the 24 hours value is fixed and cannot be changed with configuration:

The verification code or link is valid for 24 hours.

One way to workaround it would be to set a Post confirmation Lambda trigger that would check the time between User creation and the confirmation, if greater than 10 minutes, delete (or any other preferred operation) the User, eg:

const AWS = require('aws-sdk');

// expiry time of 10 minutes, in ms
const CODE_EXPIRY = 10 * 60 * 1000;

exports.handler = async (event) => {
    var cognitoIdentityServiceProvider = new AWS.CognitoIdentityServiceProvider({ apiVersion: '2016-04-18' });

    // get the user from the pool, ids are in the lambda event
    let params = {
        UserPoolId: event.userPoolId,
        Username: event.userName
    };
    let user = await cognitoIdentityServiceProvider.adminGetUser(params).promise();

    let currentDate = +new Date();
    let createDate = +new Date(user.UserCreateDate);
    if ((currentDate - createDate) > CODE_EXPIRY) {
        // timeout exceeded for confirmation, revert user creation
        await cognitoIdentityServiceProvider.adminDeleteUser(params).promise();
        // this makes the confirmation return a failure message
        throw 'Confirmation code expired';
    }
    
    return event;
};

When the custom timeout is expired, it appears the confirmation has failed, as both Hosted UI and API will fail with message "PostConfirmation failed with error Confirmation code expired."