Avoid creating Cognito user pool in DUM and use shared user pool

[ramesh-maddegoda]

Are you sure this is not a new requirement or bug?

Yes

Task Type

Sub-task

💡 Description

Description

As a DUM developer, I want to avoid creating a Cognito user pool within DUM and instead use a shared PDS Cognito user pool, so that identity management is centralized and consistent across services.

---

Problem

Currently, DUM Terraform:

• Creates its own Cognito user pool
• Manages users, groups, and domain

This leads to:

• Duplication of identity management
• Inconsistent configurations across environments
• Tight coupling between DUM and Cognito infrastructure

---

Proposed Solution

• Avoid creating Cognito user pool in DUM
• Use shared Cognito user pool managed by a separate Terraform stack
• Read user pool ID from SSM parameter:
  • /pds/cds-infra/cognito/user-pool/user-pool-id
• Create a DUM-specific Cognito app client:
  • pds-dum-auth-client
• Store client ID in SSM:
  • /pds/dum/cognito-auth-client-id
• Update Lambda authorizer to:
  • Use shared user pool ID
  • Use DUM-specific client ID
• Do not create or manage users, groups, or domains in DUM

---

Acceptance Criteria

• DUM does not create a Cognito user pool
• Shared Cognito user pool ID is read from SSM
• DUM creates only its own app client
• App client ID is stored in /pds/dum/cognito-auth-client-id
• Lambda authorizer uses shared user pool and client ID
• No user pools, users, or groups are created by DUM
• Terraform plan shows no unintended impact to shared Cognito resources

[ramesh-maddegoda]

The terraform used to create Cognito user pool, users and groups were removed from the DUM code. The DUM was deployed in MCP Dev. However, DUM client is now failing to authenticate with DUM services. Currently troubleshooting.