How to enable "USER_PASSWORD_AUTH" flow ? Do we need to configure stacks or handle this in AWS console ?

{
  "errorMessage": "operation error Cognito Identity Provider: InitiateAuth, https response error StatusCode: 400, RequestID: 1ff27bbe-fce8-4c78-8774-986c5a133099, InvalidParameterException: USER_PASSWORD_AUTH flow not enabled for this client",
  "errorType": "OperationError"
}

const auth = new Auth(stack, "Auth", {
    login: ["email"],
  });

package main

import (
	"context"
	"encoding/json"
	"fmt"
	"os"

	"<http://github.com/aws/aws-lambda-go/events|github.com/aws/aws-lambda-go/events>"
	"<http://github.com/aws/aws-lambda-go/lambda|github.com/aws/aws-lambda-go/lambda>"
	"<http://github.com/aws/aws-sdk-go-v2/aws|github.com/aws/aws-sdk-go-v2/aws>"
	"<http://github.com/aws/aws-sdk-go-v2/config|github.com/aws/aws-sdk-go-v2/config>"
	cognito "<http://github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider|github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider>"
	"<http://github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types|github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types>"
)

type User struct {
	Email    string `json:"email" validate:"required"`
	Password string `json:"password" validate:"required"`
}

func Handler(request events.APIGatewayV2HTTPRequest) (events.APIGatewayProxyResponse, error) {
	var userInput User
	ApiResponse := events.APIGatewayProxyResponse{}
	err := json.Unmarshal([]byte(request.Body), &userInput)
	if err != nil {
		body := "Error: Invalid JSON payload ||| " + fmt.Sprint(err) + " Body Obtained" + "||||" + request.Body
		ApiResponse = events.APIGatewayProxyResponse{Body: body, StatusCode: 500, Headers: map[string]string{"Content-Type": "application/json"}}
		return ApiResponse, err
	} else {
		cfg, err := config.LoadDefaultConfig(context.TODO(), func(o *config.LoadOptions) error {
			o.Region = "ap-south-1"
			return nil
		})
		if err != nil {
			panic(err)
		}
		cognitoClient := cognito.NewFromConfig(cfg)
		user := &cognito.InitiateAuthInput{
			ClientId: aws.String(os.Getenv("cognitoClientId")),
			AuthFlow: "USER_PASSWORD_AUTH",
			AuthParameters: map[string]string{
				"USERNAME": userInput.Email,
				"PASSWORD": userInput.Password,
			},
		}

		result, err := cognitoClient.InitiateAuth(context.TODO(), user)

		if err != nil {
			body := "Error: Invalid JSON payload ||| " + fmt.Sprint(err) + " Body Obtained" + "||||" + request.Body
			ApiResponse = events.APIGatewayProxyResponse{Body: body, StatusCode: 500, Headers: map[string]string{"Content-Type": "application/json"}}
			return ApiResponse, err
		}

		response := struct {
			AuthResult *types.AuthenticationResultType
		}{
			AuthResult: result.AuthenticationResult,
		}

		body, _ := json.Marshal(response)
		ApiResponse = events.APIGatewayProxyResponse{Body: string(body), StatusCode: 200, Headers: map[string]string{"Content-Type": "application/json"}}
	}

	return ApiResponse, nil

}

func main() {
	lambda.Start(Handler)
}

you can configure this in your auth construct

const auth = new Auth(stack, "Auth", {
    login: ["email"],
    cdk: {
        userPoolClient: {
          authFlows: {
            userPassword: true
          }
        }
      },
  });

Thanks @John Stephen Soriao!