Disabling user signup in Cognito

Joshua Leaverton · Joshua Leaverton · commit 30d992739164 · 2020-09-29T15:57:22.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,9 @@
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2] - BUGFIX 2020-09-28
+- Changed Cognito user pool to only allow account creation by the Cognito Admin user
+
 ## [3.2] - 2019-12-18
 
 ### Added
diff --git a/deployment/centralized-logging-demo.template b/deployment/centralized-logging-demo.template
@@ -91,6 +91,11 @@ Resources:
       Tags:
       - Key: Name
         Value: centralized-logging-demo VPC
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: W60
+            reason: "This is a demo VPC with no ingress other than to the demo web server. VPC flow logs are not necessary."
 
   PublicSubnet:
     Type: AWS::EC2::Subnet
diff --git a/deployment/centralized-logging-primary.template b/deployment/centralized-logging-primary.template
@@ -162,6 +162,13 @@ Resources:
           AttributeDataType: String
           Mutable: false
           Required: true
+      AdminCreateUserConfig:
+        AllowAdminCreateUserOnly: True
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: F78
+            reason: "MFAConfiguration can be enabled by the customer upon implementation."
 
   # Custom resource to configure Cognito and ES
   SetupESCognito:
@@ -795,6 +802,11 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],  "clog-indexing-service.zip"]]
       Runtime: nodejs12.x
       Timeout: 300
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: W58
+            reason: "CloudWatch Logs write permissions granted to lambda-specific loggroup via LogStreamerRole"
 
   LogStreamerInvokePermission:
     Type: AWS::Lambda::Permission
diff --git a/deployment/centralized-logging-spoke.template b/deployment/centralized-logging-spoke.template
@@ -161,6 +161,11 @@ Resources:
         S3Key: !Join ["/", [!FindInMap ["SourceCode", "General", "KeyPrefix"],  "clog-indexing-service.zip"]]
       Runtime: nodejs12.x
       Timeout: 300
+    Metadata:
+      cfn_nag:
+        rules_to_suppress:
+          - id: W58
+            reason: "CloudWatch Logs write permissions granted to lambda-specific loggroup via LogStreamerRole"
 
   LogStreamerInvokePermission:
     Type: AWS::Lambda::Permission
diff --git a/source/services/indexing/package.json b/source/services/indexing/package.json
@@ -17,7 +17,7 @@
   "devDependencies": {
     "aws-sdk": "*",
     "chai": "*",
-    "sinon": "*",
+    "sinon": ">=4.0.0 <5.0.0",
     "sinon-chai": "*",
     "mocha": "*",
     "aws-sdk-mock": "*",
