The different ways in which a user pool’s MFA enforcement can be configured.
cognito.UserPool(self, "myuserpool", # ... mfa=cognito.Mfa.REQUIRED, mfa_second_factor=cognito.MfaSecondFactor( sms=True, otp=True ) )
Users are not required to use MFA for sign in, and cannot configure one.
Users are not required to use MFA for sign in, but can configure one if they so choose to.
Users are required to configure an MFA, and have to use it to sign in.