device configuration Options are wrong #124

xronz · 2023-10-02T12:34:34Z

aws-cloudformation/cloudformation-coverage-roadmap#448 (comment)

Line 257 in 8130dae

    
           device_configuration = lookup(local.device_configuration_default, "challenge_required_on_new_device") == false && lookup(local.device_configuration_default, "device_only_remembered_on_user_prompt") == false ? [] : [local.device_configuration_default]

### Due to the above statement assuming that both attributes are false, it is set to both attributes as null. 
### So the option was forced to be set as a "Don’t remember" Option.
### However, the following configuration should be "Always remember", Allow users to bypass MFA for trusted devices "NO"
device_configuration = {
    challenge_required_on_new_device      = false
    device_only_remembered_on_user_prompt = false
}


### These are the following combinations for device configuration:
### 1) "Don’t remember" Option
device_configuration = {
    challenge_required_on_new_device      = null
    device_only_remembered_on_user_prompt = null
}

### 2) "User opt-in", Allows users to bypass MFA for trusted devices "YES"  Option
device_configuration = {
    challenge_required_on_new_device      = true
    device_only_remembered_on_user_prompt = true
}

### 3) "User opt-in", Allows users to bypass MFA for trusted devices "NO"  Option
device_configuration = {
    challenge_required_on_new_device      = false
    device_only_remembered_on_user_prompt = true
}

### 4) "Always remember", Allow users to bypass MFA for trusted devices "NO"  Option
device_configuration = {
    challenge_required_on_new_device      = false
    device_only_remembered_on_user_prompt = false
}

### 5) "Always remember", Allow users to bypass MFA for trusted devices "YES"  Option
device_configuration = {
    challenge_required_on_new_device      = true
    device_only_remembered_on_user_prompt = false
}

### Modify "main.tf" file
### Commented the Line 40 device_configuration
# device_configuration
# dynamic "device_configuration" {
#   for_each = local.device_configuration
#   content {
#     challenge_required_on_new_device      = lookup(device_configuration.value, "challenge_required_on_new_device")
#     device_only_remembered_on_user_prompt = lookup(device_configuration.value, "device_only_remembered_on_user_prompt")
#   }
# }

### Replaced with the following as Hotfix
device_configuration {
    challenge_required_on_new_device      = try(var.device_configuration.challenge_required_on_new_device, null)
    device_only_remembered_on_user_prompt = try(var.device_configuration.device_only_remembered_on_user_prompt, null)
}

The text was updated successfully, but these errors were encountered:

xronz mentioned this issue Oct 2, 2023

Unable to have devices remembered and force MFA sign in every time #122

Open

xronz changed the title ~~device configuration Options is wrong~~ device configuration Options are wrong Oct 2, 2023

lgallard mentioned this issue Nov 13, 2023

Removing device configuration config where challenge_required_on_new_… #123

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

device configuration Options are wrong #124

device configuration Options are wrong #124

xronz commented Oct 2, 2023 •

edited

Loading

device configuration Options are wrong #124

device configuration Options are wrong #124

Comments

xronz commented Oct 2, 2023 • edited Loading

xronz commented Oct 2, 2023 •

edited

Loading