Cannot Delete Amazon Cognito User Pool with DeletionProtection enabled

[benriou]

aws-nuke could not delete a given user-pool resulting a permanent error.

Version : aws-nuke version v3.38.0

************ - CognitoUserPool - doctrine-users-dev-2 - [ID: "eu-central-1_qqRfNd1uC", Name: "doctrine-users-dev-2"] - failed
ERRO[0053] InvalidParameterException: All attributes in AttributesRequireVerificationBeforeUpdate must exist in AutoVerifiedAttributes 
FATA[0053] failed                                       

I could reproduce the error.
I had to peform the deletion-protection call manually by specifying explicitely the required settings as shown :

❯ aws cognito-idp update-user-pool --user-pool-id eu-central-1_qqRfNd1uC --user-attribute-update-settings='AttributesRequireVerificationBeforeUpdate=email' --auto-verified-attributes='email' --deletion-protection INACTIVE

Then the cognito-idp user-pool-deletion succeeded

❯ aws cognito-idp delete-user-pool --user-pool-id eu-central-1_qqRfNd1uC

The issue is located here where the user-attribute-update-settings and auto-verified-attributes need to be set.

I'm not confident enough to be able to present a PR by myself.

You can reproduce the issue by creating a cognito-user-pool from the AWS Console (then the deletion protection is automatically set), then attempting to delete it via aws-nuke.

[ekristen]

🎉 This issue has been resolved in version 3.38.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀