feat(cognito): support email based MFA

[mazyu36]

Issue # (if applicable)

Closes #31815.

Reason for this change

To use email based MFA.

Description of changes

Add email option to MfaSecondFactor.

Description of how you validated changes

Add unit tests and integ test.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[sumupitchayan]

An idea to make this code more readable - we could add a helper function to validate email MFA, something like:

function validateEmailMfa(props: UserPoolProps) {
  if (!props.email || this.emailConfiguration?.emailSendingAccount !== 'DEVELOPER') {
    throw new Error('To enable email-based MFA, set `email` property to the Amazon SES email-sending configuration.');
  }
  
  if (props.advancedSecurityMode === AdvancedSecurityMode.OFF) {
    throw new Error('To enable email-based MFA, set `advancedSecurityMode` to `AdvancedSecurity.ENFORCED` or `AdvancedSecurity.AUDIT`.');
  }
}

and then replace the if statements with:

if (props.mfaSecondFactor!.otp) {
  enabledMfas.push('SOFTWARE_TOKEN_MFA');
}

if (props.mfaSecondFactor!.email) {
  validateEmailMfa(props);
  enabledMfas.push('EMAIL_OTP');
}

Makes it easier to follow this code

[mazyu36]

Thanks. I've updated.
I thought private methods would be better so I went with that approach.

[sumupitchayan]

Looks good, thanks @mazyu36 !

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[sumupitchayan]

@Mergifyio update

[mergify]

update

❌ Mergify doesn't have permission to update

Details

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/request-cli-integ-test.yml without workflows permission

Pull request has been modified.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 5bd23e2
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.