aws.cognito.UserPool
Explore with Pulumi AI
Provides a Cognito User Pool resource.
Example Usage
Basic configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const pool = new aws.cognito.UserPool("pool", {name: "mypool"});
import pulumi
import pulumi_aws as aws
pool = aws.cognito.UserPool("pool", name="mypool")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
Name: pulumi.String("mypool"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var pool = new Aws.Cognito.UserPool("pool", new()
{
Name = "mypool",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new UserPool("pool", UserPoolArgs.builder()
.name("mypool")
.build());
}
}
resources:
pool:
type: aws:cognito:UserPool
properties:
name: mypool
Enabling SMS and Software Token Multi-Factor Authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cognito.UserPool("example", {
mfaConfiguration: "ON",
smsAuthenticationMessage: "Your code is {####}",
smsConfiguration: {
externalId: "example",
snsCallerArn: exampleAwsIamRole.arn,
snsRegion: "us-east-1",
},
softwareTokenMfaConfiguration: {
enabled: true,
},
});
import pulumi
import pulumi_aws as aws
example = aws.cognito.UserPool("example",
mfa_configuration="ON",
sms_authentication_message="Your code is {####}",
sms_configuration={
"external_id": "example",
"sns_caller_arn": example_aws_iam_role["arn"],
"sns_region": "us-east-1",
},
software_token_mfa_configuration={
"enabled": True,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
MfaConfiguration: pulumi.String("ON"),
SmsAuthenticationMessage: pulumi.String("Your code is {####}"),
SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
ExternalId: pulumi.String("example"),
SnsCallerArn: pulumi.Any(exampleAwsIamRole.Arn),
SnsRegion: pulumi.String("us-east-1"),
},
SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Cognito.UserPool("example", new()
{
MfaConfiguration = "ON",
SmsAuthenticationMessage = "Your code is {####}",
SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
{
ExternalId = "example",
SnsCallerArn = exampleAwsIamRole.Arn,
SnsRegion = "us-east-1",
},
SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
{
Enabled = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new UserPool("example", UserPoolArgs.builder()
.mfaConfiguration("ON")
.smsAuthenticationMessage("Your code is {####}")
.smsConfiguration(UserPoolSmsConfigurationArgs.builder()
.externalId("example")
.snsCallerArn(exampleAwsIamRole.arn())
.snsRegion("us-east-1")
.build())
.softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
.enabled(true)
.build())
.build());
}
}
resources:
example:
type: aws:cognito:UserPool
properties:
mfaConfiguration: ON
smsAuthenticationMessage: Your code is {####}
smsConfiguration:
externalId: example
snsCallerArn: ${exampleAwsIamRole.arn}
snsRegion: us-east-1
softwareTokenMfaConfiguration:
enabled: true
Using Account Recovery Setting
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.cognito.UserPool("test", {
name: "mypool",
accountRecoverySetting: {
recoveryMechanisms: [
{
name: "verified_email",
priority: 1,
},
{
name: "verified_phone_number",
priority: 2,
},
],
},
});
import pulumi
import pulumi_aws as aws
test = aws.cognito.UserPool("test",
name="mypool",
account_recovery_setting={
"recovery_mechanisms": [
{
"name": "verified_email",
"priority": 1,
},
{
"name": "verified_phone_number",
"priority": 2,
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
Name: pulumi.String("mypool"),
AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
Name: pulumi.String("verified_email"),
Priority: pulumi.Int(1),
},
&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
Name: pulumi.String("verified_phone_number"),
Priority: pulumi.Int(2),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.Cognito.UserPool("test", new()
{
Name = "mypool",
AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
{
RecoveryMechanisms = new[]
{
new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
{
Name = "verified_email",
Priority = 1,
},
new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
{
Name = "verified_phone_number",
Priority = 2,
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new UserPool("test", UserPoolArgs.builder()
.name("mypool")
.accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
.recoveryMechanisms(
UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
.name("verified_email")
.priority(1)
.build(),
UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
.name("verified_phone_number")
.priority(2)
.build())
.build())
.build());
}
}
resources:
test:
type: aws:cognito:UserPool
properties:
name: mypool
accountRecoverySetting:
recoveryMechanisms:
- name: verified_email
priority: 1
- name: verified_phone_number
priority: 2
Create UserPool Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserPool(name: string, args?: UserPoolArgs, opts?: CustomResourceOptions);
@overload
def UserPool(resource_name: str,
args: Optional[UserPoolArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def UserPool(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
alias_attributes: Optional[Sequence[str]] = None,
auto_verified_attributes: Optional[Sequence[str]] = None,
deletion_protection: Optional[str] = None,
device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
email_verification_message: Optional[str] = None,
email_verification_subject: Optional[str] = None,
lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
mfa_configuration: Optional[str] = None,
name: Optional[str] = None,
password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
sms_authentication_message: Optional[str] = None,
sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
sms_verification_message: Optional[str] = None,
software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
username_attributes: Optional[Sequence[str]] = None,
username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None)
func NewUserPool(ctx *Context, name string, args *UserPoolArgs, opts ...ResourceOption) (*UserPool, error)
public UserPool(string name, UserPoolArgs? args = null, CustomResourceOptions? opts = null)
public UserPool(String name, UserPoolArgs args)
public UserPool(String name, UserPoolArgs args, CustomResourceOptions options)
type: aws:cognito:UserPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserPoolArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserPoolArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserPoolArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserPoolArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userPoolResource = new Aws.Cognito.UserPool("userPoolResource", new()
{
AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
{
RecoveryMechanisms = new[]
{
new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
{
Name = "string",
Priority = 0,
},
},
},
AdminCreateUserConfig = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigArgs
{
AllowAdminCreateUserOnly = false,
InviteMessageTemplate = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs
{
EmailMessage = "string",
EmailSubject = "string",
SmsMessage = "string",
},
},
AliasAttributes = new[]
{
"string",
},
AutoVerifiedAttributes = new[]
{
"string",
},
DeletionProtection = "string",
DeviceConfiguration = new Aws.Cognito.Inputs.UserPoolDeviceConfigurationArgs
{
ChallengeRequiredOnNewDevice = false,
DeviceOnlyRememberedOnUserPrompt = false,
},
EmailConfiguration = new Aws.Cognito.Inputs.UserPoolEmailConfigurationArgs
{
ConfigurationSet = "string",
EmailSendingAccount = "string",
FromEmailAddress = "string",
ReplyToEmailAddress = "string",
SourceArn = "string",
},
EmailVerificationMessage = "string",
EmailVerificationSubject = "string",
LambdaConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigArgs
{
CreateAuthChallenge = "string",
CustomEmailSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomEmailSenderArgs
{
LambdaArn = "string",
LambdaVersion = "string",
},
CustomMessage = "string",
CustomSmsSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomSmsSenderArgs
{
LambdaArn = "string",
LambdaVersion = "string",
},
DefineAuthChallenge = "string",
KmsKeyId = "string",
PostAuthentication = "string",
PostConfirmation = "string",
PreAuthentication = "string",
PreSignUp = "string",
PreTokenGeneration = "string",
PreTokenGenerationConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigPreTokenGenerationConfigArgs
{
LambdaArn = "string",
LambdaVersion = "string",
},
UserMigration = "string",
VerifyAuthChallengeResponse = "string",
},
MfaConfiguration = "string",
Name = "string",
PasswordPolicy = new Aws.Cognito.Inputs.UserPoolPasswordPolicyArgs
{
MinimumLength = 0,
PasswordHistorySize = 0,
RequireLowercase = false,
RequireNumbers = false,
RequireSymbols = false,
RequireUppercase = false,
TemporaryPasswordValidityDays = 0,
},
Schemas = new[]
{
new Aws.Cognito.Inputs.UserPoolSchemaArgs
{
AttributeDataType = "string",
Name = "string",
DeveloperOnlyAttribute = false,
Mutable = false,
NumberAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaNumberAttributeConstraintsArgs
{
MaxValue = "string",
MinValue = "string",
},
Required = false,
StringAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaStringAttributeConstraintsArgs
{
MaxLength = "string",
MinLength = "string",
},
},
},
SmsAuthenticationMessage = "string",
SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
{
ExternalId = "string",
SnsCallerArn = "string",
SnsRegion = "string",
},
SmsVerificationMessage = "string",
SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
{
Enabled = false,
},
Tags =
{
{ "string", "string" },
},
UserAttributeUpdateSettings = new Aws.Cognito.Inputs.UserPoolUserAttributeUpdateSettingsArgs
{
AttributesRequireVerificationBeforeUpdates = new[]
{
"string",
},
},
UserPoolAddOns = new Aws.Cognito.Inputs.UserPoolUserPoolAddOnsArgs
{
AdvancedSecurityMode = "string",
},
UsernameAttributes = new[]
{
"string",
},
UsernameConfiguration = new Aws.Cognito.Inputs.UserPoolUsernameConfigurationArgs
{
CaseSensitive = false,
},
VerificationMessageTemplate = new Aws.Cognito.Inputs.UserPoolVerificationMessageTemplateArgs
{
DefaultEmailOption = "string",
EmailMessage = "string",
EmailMessageByLink = "string",
EmailSubject = "string",
EmailSubjectByLink = "string",
SmsMessage = "string",
},
});
example, err := cognito.NewUserPool(ctx, "userPoolResource", &cognito.UserPoolArgs{
AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
Name: pulumi.String("string"),
Priority: pulumi.Int(0),
},
},
},
AdminCreateUserConfig: &cognito.UserPoolAdminCreateUserConfigArgs{
AllowAdminCreateUserOnly: pulumi.Bool(false),
InviteMessageTemplate: &cognito.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs{
EmailMessage: pulumi.String("string"),
EmailSubject: pulumi.String("string"),
SmsMessage: pulumi.String("string"),
},
},
AliasAttributes: pulumi.StringArray{
pulumi.String("string"),
},
AutoVerifiedAttributes: pulumi.StringArray{
pulumi.String("string"),
},
DeletionProtection: pulumi.String("string"),
DeviceConfiguration: &cognito.UserPoolDeviceConfigurationArgs{
ChallengeRequiredOnNewDevice: pulumi.Bool(false),
DeviceOnlyRememberedOnUserPrompt: pulumi.Bool(false),
},
EmailConfiguration: &cognito.UserPoolEmailConfigurationArgs{
ConfigurationSet: pulumi.String("string"),
EmailSendingAccount: pulumi.String("string"),
FromEmailAddress: pulumi.String("string"),
ReplyToEmailAddress: pulumi.String("string"),
SourceArn: pulumi.String("string"),
},
EmailVerificationMessage: pulumi.String("string"),
EmailVerificationSubject: pulumi.String("string"),
LambdaConfig: &cognito.UserPoolLambdaConfigArgs{
CreateAuthChallenge: pulumi.String("string"),
CustomEmailSender: &cognito.UserPoolLambdaConfigCustomEmailSenderArgs{
LambdaArn: pulumi.String("string"),
LambdaVersion: pulumi.String("string"),
},
CustomMessage: pulumi.String("string"),
CustomSmsSender: &cognito.UserPoolLambdaConfigCustomSmsSenderArgs{
LambdaArn: pulumi.String("string"),
LambdaVersion: pulumi.String("string"),
},
DefineAuthChallenge: pulumi.String("string"),
KmsKeyId: pulumi.String("string"),
PostAuthentication: pulumi.String("string"),
PostConfirmation: pulumi.String("string"),
PreAuthentication: pulumi.String("string"),
PreSignUp: pulumi.String("string"),
PreTokenGeneration: pulumi.String("string"),
PreTokenGenerationConfig: &cognito.UserPoolLambdaConfigPreTokenGenerationConfigArgs{
LambdaArn: pulumi.String("string"),
LambdaVersion: pulumi.String("string"),
},
UserMigration: pulumi.String("string"),
VerifyAuthChallengeResponse: pulumi.String("string"),
},
MfaConfiguration: pulumi.String("string"),
Name: pulumi.String("string"),
PasswordPolicy: &cognito.UserPoolPasswordPolicyArgs{
MinimumLength: pulumi.Int(0),
PasswordHistorySize: pulumi.Int(0),
RequireLowercase: pulumi.Bool(false),
RequireNumbers: pulumi.Bool(false),
RequireSymbols: pulumi.Bool(false),
RequireUppercase: pulumi.Bool(false),
TemporaryPasswordValidityDays: pulumi.Int(0),
},
Schemas: cognito.UserPoolSchemaArray{
&cognito.UserPoolSchemaArgs{
AttributeDataType: pulumi.String("string"),
Name: pulumi.String("string"),
DeveloperOnlyAttribute: pulumi.Bool(false),
Mutable: pulumi.Bool(false),
NumberAttributeConstraints: &cognito.UserPoolSchemaNumberAttributeConstraintsArgs{
MaxValue: pulumi.String("string"),
MinValue: pulumi.String("string"),
},
Required: pulumi.Bool(false),
StringAttributeConstraints: &cognito.UserPoolSchemaStringAttributeConstraintsArgs{
MaxLength: pulumi.String("string"),
MinLength: pulumi.String("string"),
},
},
},
SmsAuthenticationMessage: pulumi.String("string"),
SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
ExternalId: pulumi.String("string"),
SnsCallerArn: pulumi.String("string"),
SnsRegion: pulumi.String("string"),
},
SmsVerificationMessage: pulumi.String("string"),
SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
Enabled: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
UserAttributeUpdateSettings: &cognito.UserPoolUserAttributeUpdateSettingsArgs{
AttributesRequireVerificationBeforeUpdates: pulumi.StringArray{
pulumi.String("string"),
},
},
UserPoolAddOns: &cognito.UserPoolUserPoolAddOnsArgs{
AdvancedSecurityMode: pulumi.String("string"),
},
UsernameAttributes: pulumi.StringArray{
pulumi.String("string"),
},
UsernameConfiguration: &cognito.UserPoolUsernameConfigurationArgs{
CaseSensitive: pulumi.Bool(false),
},
VerificationMessageTemplate: &cognito.UserPoolVerificationMessageTemplateArgs{
DefaultEmailOption: pulumi.String("string"),
EmailMessage: pulumi.String("string"),
EmailMessageByLink: pulumi.String("string"),
EmailSubject: pulumi.String("string"),
EmailSubjectByLink: pulumi.String("string"),
SmsMessage: pulumi.String("string"),
},
})
var userPoolResource = new UserPool("userPoolResource", UserPoolArgs.builder()
.accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
.recoveryMechanisms(UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
.name("string")
.priority(0)
.build())
.build())
.adminCreateUserConfig(UserPoolAdminCreateUserConfigArgs.builder()
.allowAdminCreateUserOnly(false)
.inviteMessageTemplate(UserPoolAdminCreateUserConfigInviteMessageTemplateArgs.builder()
.emailMessage("string")
.emailSubject("string")
.smsMessage("string")
.build())
.build())
.aliasAttributes("string")
.autoVerifiedAttributes("string")
.deletionProtection("string")
.deviceConfiguration(UserPoolDeviceConfigurationArgs.builder()
.challengeRequiredOnNewDevice(false)
.deviceOnlyRememberedOnUserPrompt(false)
.build())
.emailConfiguration(UserPoolEmailConfigurationArgs.builder()
.configurationSet("string")
.emailSendingAccount("string")
.fromEmailAddress("string")
.replyToEmailAddress("string")
.sourceArn("string")
.build())
.emailVerificationMessage("string")
.emailVerificationSubject("string")
.lambdaConfig(UserPoolLambdaConfigArgs.builder()
.createAuthChallenge("string")
.customEmailSender(UserPoolLambdaConfigCustomEmailSenderArgs.builder()
.lambdaArn("string")
.lambdaVersion("string")
.build())
.customMessage("string")
.customSmsSender(UserPoolLambdaConfigCustomSmsSenderArgs.builder()
.lambdaArn("string")
.lambdaVersion("string")
.build())
.defineAuthChallenge("string")
.kmsKeyId("string")
.postAuthentication("string")
.postConfirmation("string")
.preAuthentication("string")
.preSignUp("string")
.preTokenGeneration("string")
.preTokenGenerationConfig(UserPoolLambdaConfigPreTokenGenerationConfigArgs.builder()
.lambdaArn("string")
.lambdaVersion("string")
.build())
.userMigration("string")
.verifyAuthChallengeResponse("string")
.build())
.mfaConfiguration("string")
.name("string")
.passwordPolicy(UserPoolPasswordPolicyArgs.builder()
.minimumLength(0)
.passwordHistorySize(0)
.requireLowercase(false)
.requireNumbers(false)
.requireSymbols(false)
.requireUppercase(false)
.temporaryPasswordValidityDays(0)
.build())
.schemas(UserPoolSchemaArgs.builder()
.attributeDataType("string")
.name("string")
.developerOnlyAttribute(false)
.mutable(false)
.numberAttributeConstraints(UserPoolSchemaNumberAttributeConstraintsArgs.builder()
.maxValue("string")
.minValue("string")
.build())
.required(false)
.stringAttributeConstraints(UserPoolSchemaStringAttributeConstraintsArgs.builder()
.maxLength("string")
.minLength("string")
.build())
.build())
.smsAuthenticationMessage("string")
.smsConfiguration(UserPoolSmsConfigurationArgs.builder()
.externalId("string")
.snsCallerArn("string")
.snsRegion("string")
.build())
.smsVerificationMessage("string")
.softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
.enabled(false)
.build())
.tags(Map.of("string", "string"))
.userAttributeUpdateSettings(UserPoolUserAttributeUpdateSettingsArgs.builder()
.attributesRequireVerificationBeforeUpdates("string")
.build())
.userPoolAddOns(UserPoolUserPoolAddOnsArgs.builder()
.advancedSecurityMode("string")
.build())
.usernameAttributes("string")
.usernameConfiguration(UserPoolUsernameConfigurationArgs.builder()
.caseSensitive(false)
.build())
.verificationMessageTemplate(UserPoolVerificationMessageTemplateArgs.builder()
.defaultEmailOption("string")
.emailMessage("string")
.emailMessageByLink("string")
.emailSubject("string")
.emailSubjectByLink("string")
.smsMessage("string")
.build())
.build());
user_pool_resource = aws.cognito.UserPool("userPoolResource",
account_recovery_setting={
"recoveryMechanisms": [{
"name": "string",
"priority": 0,
}],
},
admin_create_user_config={
"allowAdminCreateUserOnly": False,
"inviteMessageTemplate": {
"emailMessage": "string",
"emailSubject": "string",
"smsMessage": "string",
},
},
alias_attributes=["string"],
auto_verified_attributes=["string"],
deletion_protection="string",
device_configuration={
"challengeRequiredOnNewDevice": False,
"deviceOnlyRememberedOnUserPrompt": False,
},
email_configuration={
"configurationSet": "string",
"emailSendingAccount": "string",
"fromEmailAddress": "string",
"replyToEmailAddress": "string",
"sourceArn": "string",
},
email_verification_message="string",
email_verification_subject="string",
lambda_config={
"createAuthChallenge": "string",
"customEmailSender": {
"lambdaArn": "string",
"lambdaVersion": "string",
},
"customMessage": "string",
"customSmsSender": {
"lambdaArn": "string",
"lambdaVersion": "string",
},
"defineAuthChallenge": "string",
"kmsKeyId": "string",
"postAuthentication": "string",
"postConfirmation": "string",
"preAuthentication": "string",
"preSignUp": "string",
"preTokenGeneration": "string",
"preTokenGenerationConfig": {
"lambdaArn": "string",
"lambdaVersion": "string",
},
"userMigration": "string",
"verifyAuthChallengeResponse": "string",
},
mfa_configuration="string",
name="string",
password_policy={
"minimumLength": 0,
"passwordHistorySize": 0,
"requireLowercase": False,
"requireNumbers": False,
"requireSymbols": False,
"requireUppercase": False,
"temporaryPasswordValidityDays": 0,
},
schemas=[{
"attributeDataType": "string",
"name": "string",
"developerOnlyAttribute": False,
"mutable": False,
"numberAttributeConstraints": {
"maxValue": "string",
"minValue": "string",
},
"required": False,
"stringAttributeConstraints": {
"maxLength": "string",
"minLength": "string",
},
}],
sms_authentication_message="string",
sms_configuration={
"externalId": "string",
"snsCallerArn": "string",
"snsRegion": "string",
},
sms_verification_message="string",
software_token_mfa_configuration={
"enabled": False,
},
tags={
"string": "string",
},
user_attribute_update_settings={
"attributesRequireVerificationBeforeUpdates": ["string"],
},
user_pool_add_ons={
"advancedSecurityMode": "string",
},
username_attributes=["string"],
username_configuration={
"caseSensitive": False,
},
verification_message_template={
"defaultEmailOption": "string",
"emailMessage": "string",
"emailMessageByLink": "string",
"emailSubject": "string",
"emailSubjectByLink": "string",
"smsMessage": "string",
})
const userPoolResource = new aws.cognito.UserPool("userPoolResource", {
accountRecoverySetting: {
recoveryMechanisms: [{
name: "string",
priority: 0,
}],
},
adminCreateUserConfig: {
allowAdminCreateUserOnly: false,
inviteMessageTemplate: {
emailMessage: "string",
emailSubject: "string",
smsMessage: "string",
},
},
aliasAttributes: ["string"],
autoVerifiedAttributes: ["string"],
deletionProtection: "string",
deviceConfiguration: {
challengeRequiredOnNewDevice: false,
deviceOnlyRememberedOnUserPrompt: false,
},
emailConfiguration: {
configurationSet: "string",
emailSendingAccount: "string",
fromEmailAddress: "string",
replyToEmailAddress: "string",
sourceArn: "string",
},
emailVerificationMessage: "string",
emailVerificationSubject: "string",
lambdaConfig: {
createAuthChallenge: "string",
customEmailSender: {
lambdaArn: "string",
lambdaVersion: "string",
},
customMessage: "string",
customSmsSender: {
lambdaArn: "string",
lambdaVersion: "string",
},
defineAuthChallenge: "string",
kmsKeyId: "string",
postAuthentication: "string",
postConfirmation: "string",
preAuthentication: "string",
preSignUp: "string",
preTokenGeneration: "string",
preTokenGenerationConfig: {
lambdaArn: "string",
lambdaVersion: "string",
},
userMigration: "string",
verifyAuthChallengeResponse: "string",
},
mfaConfiguration: "string",
name: "string",
passwordPolicy: {
minimumLength: 0,
passwordHistorySize: 0,
requireLowercase: false,
requireNumbers: false,
requireSymbols: false,
requireUppercase: false,
temporaryPasswordValidityDays: 0,
},
schemas: [{
attributeDataType: "string",
name: "string",
developerOnlyAttribute: false,
mutable: false,
numberAttributeConstraints: {
maxValue: "string",
minValue: "string",
},
required: false,
stringAttributeConstraints: {
maxLength: "string",
minLength: "string",
},
}],
smsAuthenticationMessage: "string",
smsConfiguration: {
externalId: "string",
snsCallerArn: "string",
snsRegion: "string",
},
smsVerificationMessage: "string",
softwareTokenMfaConfiguration: {
enabled: false,
},
tags: {
string: "string",
},
userAttributeUpdateSettings: {
attributesRequireVerificationBeforeUpdates: ["string"],
},
userPoolAddOns: {
advancedSecurityMode: "string",
},
usernameAttributes: ["string"],
usernameConfiguration: {
caseSensitive: false,
},
verificationMessageTemplate: {
defaultEmailOption: "string",
emailMessage: "string",
emailMessageByLink: "string",
emailSubject: "string",
emailSubjectByLink: "string",
smsMessage: "string",
},
});
type: aws:cognito:UserPool
properties:
accountRecoverySetting:
recoveryMechanisms:
- name: string
priority: 0
adminCreateUserConfig:
allowAdminCreateUserOnly: false
inviteMessageTemplate:
emailMessage: string
emailSubject: string
smsMessage: string
aliasAttributes:
- string
autoVerifiedAttributes:
- string
deletionProtection: string
deviceConfiguration:
challengeRequiredOnNewDevice: false
deviceOnlyRememberedOnUserPrompt: false
emailConfiguration:
configurationSet: string
emailSendingAccount: string
fromEmailAddress: string
replyToEmailAddress: string
sourceArn: string
emailVerificationMessage: string
emailVerificationSubject: string
lambdaConfig:
createAuthChallenge: string
customEmailSender:
lambdaArn: string
lambdaVersion: string
customMessage: string
customSmsSender:
lambdaArn: string
lambdaVersion: string
defineAuthChallenge: string
kmsKeyId: string
postAuthentication: string
postConfirmation: string
preAuthentication: string
preSignUp: string
preTokenGeneration: string
preTokenGenerationConfig:
lambdaArn: string
lambdaVersion: string
userMigration: string
verifyAuthChallengeResponse: string
mfaConfiguration: string
name: string
passwordPolicy:
minimumLength: 0
passwordHistorySize: 0
requireLowercase: false
requireNumbers: false
requireSymbols: false
requireUppercase: false
temporaryPasswordValidityDays: 0
schemas:
- attributeDataType: string
developerOnlyAttribute: false
mutable: false
name: string
numberAttributeConstraints:
maxValue: string
minValue: string
required: false
stringAttributeConstraints:
maxLength: string
minLength: string
smsAuthenticationMessage: string
smsConfiguration:
externalId: string
snsCallerArn: string
snsRegion: string
smsVerificationMessage: string
softwareTokenMfaConfiguration:
enabled: false
tags:
string: string
userAttributeUpdateSettings:
attributesRequireVerificationBeforeUpdates:
- string
userPoolAddOns:
advancedSecurityMode: string
usernameAttributes:
- string
usernameConfiguration:
caseSensitive: false
verificationMessageTemplate:
defaultEmailOption: string
emailMessage: string
emailMessageByLink: string
emailSubject: string
emailSubjectByLink: string
smsMessage: string
UserPool Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The UserPool resource accepts the following input properties:
- Account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- Admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- Alias
Attributes List<string> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - Auto
Verified List<string>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - Deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - Device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- Email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- Email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - Email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - Lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- Mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - Name string
Name of the user pool.
The following arguments are optional:
- Password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- Schemas
List<User
Pool Schema> - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- Sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - Sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - Sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - Software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Dictionary<string, string>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - User
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- User
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- Username
Attributes List<string> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - Username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- Verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- Account
Recovery UserSetting Pool Account Recovery Setting Args - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- Admin
Create UserUser Config Pool Admin Create User Config Args - Configuration block for creating a new user profile. Detailed below.
- Alias
Attributes []string - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - Auto
Verified []stringAttributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - Deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - Device
Configuration UserPool Device Configuration Args - Configuration block for the user pool's device tracking. Detailed below.
- Email
Configuration UserPool Email Configuration Args - Configuration block for configuring email. Detailed below.
- Email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - Email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - Lambda
Config UserPool Lambda Config Args - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- Mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - Name string
Name of the user pool.
The following arguments are optional:
- Password
Policy UserPool Password Policy Args - Configuration block for information about the user pool password policy. Detailed below.
- Schemas
[]User
Pool Schema Args - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- Sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - Sms
Configuration UserPool Sms Configuration Args - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - Sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - Software
Token UserMfa Configuration Pool Software Token Mfa Configuration Args - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- map[string]string
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - User
Attribute UserUpdate Settings Pool User Attribute Update Settings Args - Configuration block for user attribute update settings. Detailed below.
- User
Pool UserAdd Ons Pool User Pool Add Ons Args - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- Username
Attributes []string - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - Username
Configuration UserPool Username Configuration Args - Configuration block for username configuration. Detailed below.
- Verification
Message UserTemplate Pool Verification Message Template Args - Configuration block for verification message templates. Detailed below.
- account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes List<String> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - auto
Verified List<String>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - deletion
Protection String - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- email
Verification StringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification StringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- mfa
Configuration String - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name String
Name of the user pool.
The following arguments are optional:
- password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- schemas
List<User
Pool Schema> - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication StringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification StringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Map<String,String>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - user
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes List<String> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes string[] - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - auto
Verified string[]Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name string
Name of the user pool.
The following arguments are optional:
- password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- schemas
User
Pool Schema[] - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- {[key: string]: string}
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - user
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes string[] - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- account_
recovery_ Usersetting Pool Account Recovery Setting Args - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin_
create_ Useruser_ config Pool Admin Create User Config Args - Configuration block for creating a new user profile. Detailed below.
- alias_
attributes Sequence[str] - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - auto_
verified_ Sequence[str]attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - deletion_
protection str - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device_
configuration UserPool Device Configuration Args - Configuration block for the user pool's device tracking. Detailed below.
- email_
configuration UserPool Email Configuration Args - Configuration block for configuring email. Detailed below.
- email_
verification_ strmessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email_
verification_ strsubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - lambda_
config UserPool Lambda Config Args - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- mfa_
configuration str - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name str
Name of the user pool.
The following arguments are optional:
- password_
policy UserPool Password Policy Args - Configuration block for information about the user pool password policy. Detailed below.
- schemas
Sequence[User
Pool Schema Args] - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms_
authentication_ strmessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms_
configuration UserPool Sms Configuration Args - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms_
verification_ strmessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software_
token_ Usermfa_ configuration Pool Software Token Mfa Configuration Args - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Mapping[str, str]
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - user_
attribute_ Userupdate_ settings Pool User Attribute Update Settings Args - Configuration block for user attribute update settings. Detailed below.
- user_
pool_ Useradd_ ons Pool User Pool Add Ons Args - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username_
attributes Sequence[str] - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username_
configuration UserPool Username Configuration Args - Configuration block for username configuration. Detailed below.
- verification_
message_ Usertemplate Pool Verification Message Template Args - Configuration block for verification message templates. Detailed below.
- account
Recovery Property MapSetting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create Property MapUser Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes List<String> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - auto
Verified List<String>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - deletion
Protection String - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration Property Map - Configuration block for the user pool's device tracking. Detailed below.
- email
Configuration Property Map - Configuration block for configuring email. Detailed below.
- email
Verification StringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification StringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - lambda
Config Property Map - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- mfa
Configuration String - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name String
Name of the user pool.
The following arguments are optional:
- password
Policy Property Map - Configuration block for information about the user pool password policy. Detailed below.
- schemas List<Property Map>
- Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication StringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration Property Map - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification StringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token Property MapMfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Map<String>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - user
Attribute Property MapUpdate Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool Property MapAdd Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes List<String> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration Property Map - Configuration block for username configuration. Detailed below.
- verification
Message Property MapTemplate - Configuration block for verification message templates. Detailed below.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserPool resource produces the following output properties:
- Arn string
- ARN of the user pool.
- Creation
Date string - Date the user pool was created.
- Custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - Domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- Endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- Estimated
Number intOf Users - A number estimating the size of the user pool.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringDate - Date the user pool was last modified.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- ARN of the user pool.
- Creation
Date string - Date the user pool was created.
- Custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - Domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- Endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- Estimated
Number intOf Users - A number estimating the size of the user pool.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringDate - Date the user pool was last modified.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the user pool.
- creation
Date String - Date the user pool was created.
- custom
Domain String - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - domain String
- Holds the domain prefix if the user pool has a domain associated with it.
- endpoint String
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number IntegerOf Users - A number estimating the size of the user pool.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringDate - Date the user pool was last modified.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- ARN of the user pool.
- creation
Date string - Date the user pool was created.
- custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number numberOf Users - A number estimating the size of the user pool.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified stringDate - Date the user pool was last modified.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- ARN of the user pool.
- creation_
date str - Date the user pool was created.
- custom_
domain str - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - domain str
- Holds the domain prefix if the user pool has a domain associated with it.
- endpoint str
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated_
number_ intof_ users - A number estimating the size of the user pool.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ strdate - Date the user pool was last modified.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of the user pool.
- creation
Date String - Date the user pool was created.
- custom
Domain String - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - domain String
- Holds the domain prefix if the user pool has a domain associated with it.
- endpoint String
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number NumberOf Users - A number estimating the size of the user pool.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringDate - Date the user pool was last modified.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing UserPool Resource
Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserPoolState, opts?: CustomResourceOptions): UserPool
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
alias_attributes: Optional[Sequence[str]] = None,
arn: Optional[str] = None,
auto_verified_attributes: Optional[Sequence[str]] = None,
creation_date: Optional[str] = None,
custom_domain: Optional[str] = None,
deletion_protection: Optional[str] = None,
device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
domain: Optional[str] = None,
email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
email_verification_message: Optional[str] = None,
email_verification_subject: Optional[str] = None,
endpoint: Optional[str] = None,
estimated_number_of_users: Optional[int] = None,
lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
last_modified_date: Optional[str] = None,
mfa_configuration: Optional[str] = None,
name: Optional[str] = None,
password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
sms_authentication_message: Optional[str] = None,
sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
sms_verification_message: Optional[str] = None,
software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
username_attributes: Optional[Sequence[str]] = None,
username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None) -> UserPool
func GetUserPool(ctx *Context, name string, id IDInput, state *UserPoolState, opts ...ResourceOption) (*UserPool, error)
public static UserPool Get(string name, Input<string> id, UserPoolState? state, CustomResourceOptions? opts = null)
public static UserPool get(String name, Output<String> id, UserPoolState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- Admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- Alias
Attributes List<string> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - Arn string
- ARN of the user pool.
- Auto
Verified List<string>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - Creation
Date string - Date the user pool was created.
- Custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - Deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - Device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- Domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- Email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- Email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - Email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - Endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- Estimated
Number intOf Users - A number estimating the size of the user pool.
- Lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- Last
Modified stringDate - Date the user pool was last modified.
- Mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - Name string
Name of the user pool.
The following arguments are optional:
- Password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- Schemas
List<User
Pool Schema> - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- Sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - Sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - Sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - Software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Dictionary<string, string>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - User
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- User
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- Username
Attributes List<string> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - Username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- Verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- Account
Recovery UserSetting Pool Account Recovery Setting Args - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- Admin
Create UserUser Config Pool Admin Create User Config Args - Configuration block for creating a new user profile. Detailed below.
- Alias
Attributes []string - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - Arn string
- ARN of the user pool.
- Auto
Verified []stringAttributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - Creation
Date string - Date the user pool was created.
- Custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - Deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - Device
Configuration UserPool Device Configuration Args - Configuration block for the user pool's device tracking. Detailed below.
- Domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- Email
Configuration UserPool Email Configuration Args - Configuration block for configuring email. Detailed below.
- Email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - Email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - Endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- Estimated
Number intOf Users - A number estimating the size of the user pool.
- Lambda
Config UserPool Lambda Config Args - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- Last
Modified stringDate - Date the user pool was last modified.
- Mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - Name string
Name of the user pool.
The following arguments are optional:
- Password
Policy UserPool Password Policy Args - Configuration block for information about the user pool password policy. Detailed below.
- Schemas
[]User
Pool Schema Args - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- Sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - Sms
Configuration UserPool Sms Configuration Args - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - Sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - Software
Token UserMfa Configuration Pool Software Token Mfa Configuration Args - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- map[string]string
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - User
Attribute UserUpdate Settings Pool User Attribute Update Settings Args - Configuration block for user attribute update settings. Detailed below.
- User
Pool UserAdd Ons Pool User Pool Add Ons Args - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- Username
Attributes []string - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - Username
Configuration UserPool Username Configuration Args - Configuration block for username configuration. Detailed below.
- Verification
Message UserTemplate Pool Verification Message Template Args - Configuration block for verification message templates. Detailed below.
- account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes List<String> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - arn String
- ARN of the user pool.
- auto
Verified List<String>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - creation
Date String - Date the user pool was created.
- custom
Domain String - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - deletion
Protection String - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- domain String
- Holds the domain prefix if the user pool has a domain associated with it.
- email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- email
Verification StringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification StringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - endpoint String
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number IntegerOf Users - A number estimating the size of the user pool.
- lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- last
Modified StringDate - Date the user pool was last modified.
- mfa
Configuration String - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name String
Name of the user pool.
The following arguments are optional:
- password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- schemas
List<User
Pool Schema> - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication StringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification StringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Map<String,String>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - user
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes List<String> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- account
Recovery UserSetting Pool Account Recovery Setting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create UserUser Config Pool Admin Create User Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes string[] - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - arn string
- ARN of the user pool.
- auto
Verified string[]Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - creation
Date string - Date the user pool was created.
- custom
Domain string - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - deletion
Protection string - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration UserPool Device Configuration - Configuration block for the user pool's device tracking. Detailed below.
- domain string
- Holds the domain prefix if the user pool has a domain associated with it.
- email
Configuration UserPool Email Configuration - Configuration block for configuring email. Detailed below.
- email
Verification stringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification stringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - endpoint string
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number numberOf Users - A number estimating the size of the user pool.
- lambda
Config UserPool Lambda Config - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- last
Modified stringDate - Date the user pool was last modified.
- mfa
Configuration string - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name string
Name of the user pool.
The following arguments are optional:
- password
Policy UserPool Password Policy - Configuration block for information about the user pool password policy. Detailed below.
- schemas
User
Pool Schema[] - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication stringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration UserPool Sms Configuration - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification stringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token UserMfa Configuration Pool Software Token Mfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- {[key: string]: string}
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - user
Attribute UserUpdate Settings Pool User Attribute Update Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool UserAdd Ons Pool User Pool Add Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes string[] - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration UserPool Username Configuration - Configuration block for username configuration. Detailed below.
- verification
Message UserTemplate Pool Verification Message Template - Configuration block for verification message templates. Detailed below.
- account_
recovery_ Usersetting Pool Account Recovery Setting Args - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin_
create_ Useruser_ config Pool Admin Create User Config Args - Configuration block for creating a new user profile. Detailed below.
- alias_
attributes Sequence[str] - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - arn str
- ARN of the user pool.
- auto_
verified_ Sequence[str]attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - creation_
date str - Date the user pool was created.
- custom_
domain str - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - deletion_
protection str - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device_
configuration UserPool Device Configuration Args - Configuration block for the user pool's device tracking. Detailed below.
- domain str
- Holds the domain prefix if the user pool has a domain associated with it.
- email_
configuration UserPool Email Configuration Args - Configuration block for configuring email. Detailed below.
- email_
verification_ strmessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email_
verification_ strsubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - endpoint str
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated_
number_ intof_ users - A number estimating the size of the user pool.
- lambda_
config UserPool Lambda Config Args - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- last_
modified_ strdate - Date the user pool was last modified.
- mfa_
configuration str - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name str
Name of the user pool.
The following arguments are optional:
- password_
policy UserPool Password Policy Args - Configuration block for information about the user pool password policy. Detailed below.
- schemas
Sequence[User
Pool Schema Args] - Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms_
authentication_ strmessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms_
configuration UserPool Sms Configuration Args - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms_
verification_ strmessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software_
token_ Usermfa_ configuration Pool Software Token Mfa Configuration Args - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Mapping[str, str]
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - user_
attribute_ Userupdate_ settings Pool User Attribute Update Settings Args - Configuration block for user attribute update settings. Detailed below.
- user_
pool_ Useradd_ ons Pool User Pool Add Ons Args - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username_
attributes Sequence[str] - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username_
configuration UserPool Username Configuration Args - Configuration block for username configuration. Detailed below.
- verification_
message_ Usertemplate Pool Verification Message Template Args - Configuration block for verification message templates. Detailed below.
- account
Recovery Property MapSetting - Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
- admin
Create Property MapUser Config - Configuration block for creating a new user profile. Detailed below.
- alias
Attributes List<String> - Attributes supported as an alias for this user pool. Valid values:
phone_number
,email
, orpreferred_username
. Conflicts withusername_attributes
. - arn String
- ARN of the user pool.
- auto
Verified List<String>Attributes - Attributes to be auto-verified. Valid values:
email
,phone_number
. - creation
Date String - Date the user pool was created.
- custom
Domain String - A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example:
auth.example.com
. - deletion
Protection String - When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are
ACTIVE
andINACTIVE
, Default value isINACTIVE
. - device
Configuration Property Map - Configuration block for the user pool's device tracking. Detailed below.
- domain String
- Holds the domain prefix if the user pool has a domain associated with it.
- email
Configuration Property Map - Configuration block for configuring email. Detailed below.
- email
Verification StringMessage - String representing the email verification message. Conflicts with
verification_message_template
configuration blockemail_message
argument. - email
Verification StringSubject - String representing the email verification subject. Conflicts with
verification_message_template
configuration blockemail_subject
argument. - endpoint String
- Endpoint name of the user pool. Example format:
cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
- estimated
Number NumberOf Users - A number estimating the size of the user pool.
- lambda
Config Property Map - Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
- last
Modified StringDate - Date the user pool was last modified.
- mfa
Configuration String - Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of
OFF
. Valid values areOFF
(MFA Tokens are not required),ON
(MFA is required for all users to sign in; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured), orOPTIONAL
(MFA Will be required only for individual users who have MFA Enabled; requires at least one ofsms_configuration
orsoftware_token_mfa_configuration
to be configured). - name String
Name of the user pool.
The following arguments are optional:
- password
Policy Property Map - Configuration block for information about the user pool password policy. Detailed below.
- schemas List<Property Map>
- Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
- sms
Authentication StringMessage - String representing the SMS authentication message. The Message must contain the
{####}
placeholder, which will be replaced with the code. - sms
Configuration Property Map - Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the
taint
command. - sms
Verification StringMessage - String representing the SMS verification message. Conflicts with
verification_message_template
configuration blocksms_message
argument. - software
Token Property MapMfa Configuration - Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
- Map<String>
- Map of tags to assign to the User Pool. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - user
Attribute Property MapUpdate Settings - Configuration block for user attribute update settings. Detailed below.
- user
Pool Property MapAdd Ons - Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
- username
Attributes List<String> - Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with
alias_attributes
. - username
Configuration Property Map - Configuration block for username configuration. Detailed below.
- verification
Message Property MapTemplate - Configuration block for verification message templates. Detailed below.
Supporting Types
UserPoolAccountRecoverySetting, UserPoolAccountRecoverySettingArgs
- Recovery
Mechanisms List<UserPool Account Recovery Setting Recovery Mechanism> - List of Account Recovery Options of the following structure:
- Recovery
Mechanisms []UserPool Account Recovery Setting Recovery Mechanism - List of Account Recovery Options of the following structure:
- recovery
Mechanisms List<UserPool Account Recovery Setting Recovery Mechanism> - List of Account Recovery Options of the following structure:
- recovery
Mechanisms UserPool Account Recovery Setting Recovery Mechanism[] - List of Account Recovery Options of the following structure:
- recovery_
mechanisms Sequence[UserPool Account Recovery Setting Recovery Mechanism] - List of Account Recovery Options of the following structure:
- recovery
Mechanisms List<Property Map> - List of Account Recovery Options of the following structure:
UserPoolAccountRecoverySettingRecoveryMechanism, UserPoolAccountRecoverySettingRecoveryMechanismArgs
UserPoolAdminCreateUserConfig, UserPoolAdminCreateUserConfigArgs
- Allow
Admin boolCreate User Only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- Invite
Message UserTemplate Pool Admin Create User Config Invite Message Template - Invite message template structure. Detailed below.
- Allow
Admin boolCreate User Only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- Invite
Message UserTemplate Pool Admin Create User Config Invite Message Template - Invite message template structure. Detailed below.
- allow
Admin BooleanCreate User Only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- invite
Message UserTemplate Pool Admin Create User Config Invite Message Template - Invite message template structure. Detailed below.
- allow
Admin booleanCreate User Only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- invite
Message UserTemplate Pool Admin Create User Config Invite Message Template - Invite message template structure. Detailed below.
- allow_
admin_ boolcreate_ user_ only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- invite_
message_ Usertemplate Pool Admin Create User Config Invite Message Template - Invite message template structure. Detailed below.
- allow
Admin BooleanCreate User Only - Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
- invite
Message Property MapTemplate - Invite message template structure. Detailed below.
UserPoolAdminCreateUserConfigInviteMessageTemplate, UserPoolAdminCreateUserConfigInviteMessageTemplateArgs
- Email
Message string - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - Email
Subject string - Subject line for email messages.
- Sms
Message string - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
- Email
Message string - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - Email
Subject string - Subject line for email messages.
- Sms
Message string - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
- email
Message String - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - email
Subject String - Subject line for email messages.
- sms
Message String - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
- email
Message string - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - email
Subject string - Subject line for email messages.
- sms
Message string - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
- email_
message str - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - email_
subject str - Subject line for email messages.
- sms_
message str - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
- email
Message String - Message template for email messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively. - email
Subject String - Subject line for email messages.
- sms
Message String - Message template for SMS messages. Must contain
{username}
and{####}
placeholders, for username and temporary password, respectively.
UserPoolDeviceConfiguration, UserPoolDeviceConfigurationArgs
- Challenge
Required boolOn New Device - Whether a challenge is required on a new device. Only applicable to a new device.
- Device
Only boolRemembered On User Prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
- Challenge
Required boolOn New Device - Whether a challenge is required on a new device. Only applicable to a new device.
- Device
Only boolRemembered On User Prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
- challenge
Required BooleanOn New Device - Whether a challenge is required on a new device. Only applicable to a new device.
- device
Only BooleanRemembered On User Prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
- challenge
Required booleanOn New Device - Whether a challenge is required on a new device. Only applicable to a new device.
- device
Only booleanRemembered On User Prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
- challenge_
required_ boolon_ new_ device - Whether a challenge is required on a new device. Only applicable to a new device.
- device_
only_ boolremembered_ on_ user_ prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
- challenge
Required BooleanOn New Device - Whether a challenge is required on a new device. Only applicable to a new device.
- device
Only BooleanRemembered On User Prompt - Whether a device is only remembered on user prompt.
false
equates to "Always" remember,true
is "User Opt In," and not using adevice_configuration
block is "No."
UserPoolEmailConfiguration, UserPoolEmailConfigurationArgs
- Configuration
Set string - Email configuration set name from SES.
- Email
Sending stringAccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - From
Email stringAddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - Reply
To stringEmail Address - REPLY-TO email address.
- Source
Arn string - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
- Configuration
Set string - Email configuration set name from SES.
- Email
Sending stringAccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - From
Email stringAddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - Reply
To stringEmail Address - REPLY-TO email address.
- Source
Arn string - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
- configuration
Set String - Email configuration set name from SES.
- email
Sending StringAccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - from
Email StringAddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - reply
To StringEmail Address - REPLY-TO email address.
- source
Arn String - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
- configuration
Set string - Email configuration set name from SES.
- email
Sending stringAccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - from
Email stringAddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - reply
To stringEmail Address - REPLY-TO email address.
- source
Arn string - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
- configuration_
set str - Email configuration set name from SES.
- email_
sending_ straccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - from_
email_ straddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - reply_
to_ stremail_ address - REPLY-TO email address.
- source_
arn str - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
- configuration
Set String - Email configuration set name from SES.
- email
Sending StringAccount - Email delivery method to use.
COGNITO_DEFAULT
for the default email functionality built into Cognito orDEVELOPER
to use your Amazon SES configuration. Required to beDEVELOPER
iffrom_email_address
is set. - from
Email StringAddress - Sender’s email address or sender’s display name with their email address (e.g.,
john@example.com
,John Smith <john@example.com>
or\"John Smith Ph.D.\" <john@example.com>
). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322. - reply
To StringEmail Address - REPLY-TO email address.
- source
Arn String - ARN of the SES verified email identity to use. Required if
email_sending_account
is set toDEVELOPER
.
UserPoolLambdaConfig, UserPoolLambdaConfigArgs
- Create
Auth stringChallenge - ARN of the lambda creating an authentication challenge.
- Custom
Email UserSender Pool Lambda Config Custom Email Sender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- Custom
Message string - Custom Message AWS Lambda trigger.
- Custom
Sms UserSender Pool Lambda Config Custom Sms Sender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- Define
Auth stringChallenge - Defines the authentication challenge.
- Kms
Key stringId - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- Post
Authentication string - Post-authentication AWS Lambda trigger.
- Post
Confirmation string - Post-confirmation AWS Lambda trigger.
- Pre
Authentication string - Pre-authentication AWS Lambda trigger.
- Pre
Sign stringUp - Pre-registration AWS Lambda trigger.
- Pre
Token stringGeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - Pre
Token UserGeneration Config Pool Lambda Config Pre Token Generation Config - Allow to customize access tokens. See pre_token_configuration_type
- User
Migration string - User migration Lambda config type.
- Verify
Auth stringChallenge Response - Verifies the authentication challenge response.
- Create
Auth stringChallenge - ARN of the lambda creating an authentication challenge.
- Custom
Email UserSender Pool Lambda Config Custom Email Sender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- Custom
Message string - Custom Message AWS Lambda trigger.
- Custom
Sms UserSender Pool Lambda Config Custom Sms Sender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- Define
Auth stringChallenge - Defines the authentication challenge.
- Kms
Key stringId - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- Post
Authentication string - Post-authentication AWS Lambda trigger.
- Post
Confirmation string - Post-confirmation AWS Lambda trigger.
- Pre
Authentication string - Pre-authentication AWS Lambda trigger.
- Pre
Sign stringUp - Pre-registration AWS Lambda trigger.
- Pre
Token stringGeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - Pre
Token UserGeneration Config Pool Lambda Config Pre Token Generation Config - Allow to customize access tokens. See pre_token_configuration_type
- User
Migration string - User migration Lambda config type.
- Verify
Auth stringChallenge Response - Verifies the authentication challenge response.
- create
Auth StringChallenge - ARN of the lambda creating an authentication challenge.
- custom
Email UserSender Pool Lambda Config Custom Email Sender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- custom
Message String - Custom Message AWS Lambda trigger.
- custom
Sms UserSender Pool Lambda Config Custom Sms Sender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- define
Auth StringChallenge - Defines the authentication challenge.
- kms
Key StringId - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- post
Authentication String - Post-authentication AWS Lambda trigger.
- post
Confirmation String - Post-confirmation AWS Lambda trigger.
- pre
Authentication String - Pre-authentication AWS Lambda trigger.
- pre
Sign StringUp - Pre-registration AWS Lambda trigger.
- pre
Token StringGeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - pre
Token UserGeneration Config Pool Lambda Config Pre Token Generation Config - Allow to customize access tokens. See pre_token_configuration_type
- user
Migration String - User migration Lambda config type.
- verify
Auth StringChallenge Response - Verifies the authentication challenge response.
- create
Auth stringChallenge - ARN of the lambda creating an authentication challenge.
- custom
Email UserSender Pool Lambda Config Custom Email Sender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- custom
Message string - Custom Message AWS Lambda trigger.
- custom
Sms UserSender Pool Lambda Config Custom Sms Sender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- define
Auth stringChallenge - Defines the authentication challenge.
- kms
Key stringId - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- post
Authentication string - Post-authentication AWS Lambda trigger.
- post
Confirmation string - Post-confirmation AWS Lambda trigger.
- pre
Authentication string - Pre-authentication AWS Lambda trigger.
- pre
Sign stringUp - Pre-registration AWS Lambda trigger.
- pre
Token stringGeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - pre
Token UserGeneration Config Pool Lambda Config Pre Token Generation Config - Allow to customize access tokens. See pre_token_configuration_type
- user
Migration string - User migration Lambda config type.
- verify
Auth stringChallenge Response - Verifies the authentication challenge response.
- create_
auth_ strchallenge - ARN of the lambda creating an authentication challenge.
- custom_
email_ Usersender Pool Lambda Config Custom Email Sender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- custom_
message str - Custom Message AWS Lambda trigger.
- custom_
sms_ Usersender Pool Lambda Config Custom Sms Sender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- define_
auth_ strchallenge - Defines the authentication challenge.
- kms_
key_ strid - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- post_
authentication str - Post-authentication AWS Lambda trigger.
- post_
confirmation str - Post-confirmation AWS Lambda trigger.
- pre_
authentication str - Pre-authentication AWS Lambda trigger.
- pre_
sign_ strup - Pre-registration AWS Lambda trigger.
- pre_
token_ strgeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - pre_
token_ Usergeneration_ config Pool Lambda Config Pre Token Generation Config - Allow to customize access tokens. See pre_token_configuration_type
- user_
migration str - User migration Lambda config type.
- verify_
auth_ strchallenge_ response - Verifies the authentication challenge response.
- create
Auth StringChallenge - ARN of the lambda creating an authentication challenge.
- custom
Email Property MapSender - A custom email sender AWS Lambda trigger. See custom_email_sender Below.
- custom
Message String - Custom Message AWS Lambda trigger.
- custom
Sms Property MapSender - A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
- define
Auth StringChallenge - Defines the authentication challenge.
- kms
Key StringId - The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
- post
Authentication String - Post-authentication AWS Lambda trigger.
- post
Confirmation String - Post-confirmation AWS Lambda trigger.
- pre
Authentication String - Pre-authentication AWS Lambda trigger.
- pre
Sign StringUp - Pre-registration AWS Lambda trigger.
- pre
Token StringGeneration - Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of
pre_token_generation_config
. - pre
Token Property MapGeneration Config - Allow to customize access tokens. See pre_token_configuration_type
- user
Migration String - User migration Lambda config type.
- verify
Auth StringChallenge Response - Verifies the authentication challenge response.
UserPoolLambdaConfigCustomEmailSender, UserPoolLambdaConfigCustomEmailSenderArgs
- Lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- Lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
- Lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- Lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
- lambda
Arn String - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- lambda
Version String - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
- lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
- lambda_
arn str - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- lambda_
version str - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
- lambda
Arn String - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
- lambda
Version String - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is
V1_0
.
UserPoolLambdaConfigCustomSmsSender, UserPoolLambdaConfigCustomSmsSenderArgs
- Lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- Lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
- Lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- Lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
- lambda
Arn String - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- lambda
Version String - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
- lambda
Arn string - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- lambda
Version string - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
- lambda_
arn str - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- lambda_
version str - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
- lambda
Arn String - The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
- lambda
Version String - The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is
V1_0
.
UserPoolLambdaConfigPreTokenGenerationConfig, UserPoolLambdaConfigPreTokenGenerationConfigArgs
- Lambda
Arn string - Lambda
Version string
- Lambda
Arn string - Lambda
Version string
- lambda
Arn String - lambda
Version String
- lambda
Arn string - lambda
Version string
- lambda_
arn str - lambda_
version str
- lambda
Arn String - lambda
Version String
UserPoolPasswordPolicy, UserPoolPasswordPolicyArgs
- Minimum
Length int - Minimum length of the password policy that you have set.
- Password
History intSize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- Require
Lowercase bool - Whether you have required users to use at least one lowercase letter in their password.
- Require
Numbers bool - Whether you have required users to use at least one number in their password.
- Require
Symbols bool - Whether you have required users to use at least one symbol in their password.
- Require
Uppercase bool - Whether you have required users to use at least one uppercase letter in their password.
- Temporary
Password intValidity Days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
- Minimum
Length int - Minimum length of the password policy that you have set.
- Password
History intSize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- Require
Lowercase bool - Whether you have required users to use at least one lowercase letter in their password.
- Require
Numbers bool - Whether you have required users to use at least one number in their password.
- Require
Symbols bool - Whether you have required users to use at least one symbol in their password.
- Require
Uppercase bool - Whether you have required users to use at least one uppercase letter in their password.
- Temporary
Password intValidity Days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
- minimum
Length Integer - Minimum length of the password policy that you have set.
- password
History IntegerSize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- require
Lowercase Boolean - Whether you have required users to use at least one lowercase letter in their password.
- require
Numbers Boolean - Whether you have required users to use at least one number in their password.
- require
Symbols Boolean - Whether you have required users to use at least one symbol in their password.
- require
Uppercase Boolean - Whether you have required users to use at least one uppercase letter in their password.
- temporary
Password IntegerValidity Days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
- minimum
Length number - Minimum length of the password policy that you have set.
- password
History numberSize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- require
Lowercase boolean - Whether you have required users to use at least one lowercase letter in their password.
- require
Numbers boolean - Whether you have required users to use at least one number in their password.
- require
Symbols boolean - Whether you have required users to use at least one symbol in their password.
- require
Uppercase boolean - Whether you have required users to use at least one uppercase letter in their password.
- temporary
Password numberValidity Days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
- minimum_
length int - Minimum length of the password policy that you have set.
- password_
history_ intsize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- require_
lowercase bool - Whether you have required users to use at least one lowercase letter in their password.
- require_
numbers bool - Whether you have required users to use at least one number in their password.
- require_
symbols bool - Whether you have required users to use at least one symbol in their password.
- require_
uppercase bool - Whether you have required users to use at least one uppercase letter in their password.
- temporary_
password_ intvalidity_ days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
- minimum
Length Number - Minimum length of the password policy that you have set.
- password
History NumberSize Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.
Note: This argument requires advanced security features to be active in the user pool.
- require
Lowercase Boolean - Whether you have required users to use at least one lowercase letter in their password.
- require
Numbers Boolean - Whether you have required users to use at least one number in their password.
- require
Symbols Boolean - Whether you have required users to use at least one symbol in their password.
- require
Uppercase Boolean - Whether you have required users to use at least one uppercase letter in their password.
- temporary
Password NumberValidity Days - In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
UserPoolSchema, UserPoolSchemaArgs
- Attribute
Data stringType - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - Name string
- Name of the attribute.
- Developer
Only boolAttribute - Whether the attribute type is developer only.
- Mutable bool
- Whether the attribute can be changed once it has been created.
- Number
Attribute UserConstraints Pool Schema Number Attribute Constraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- Required bool
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- String
Attribute UserConstraints Pool Schema String Attribute Constraints - Constraints for an attribute of the string type. Detailed below.
- Attribute
Data stringType - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - Name string
- Name of the attribute.
- Developer
Only boolAttribute - Whether the attribute type is developer only.
- Mutable bool
- Whether the attribute can be changed once it has been created.
- Number
Attribute UserConstraints Pool Schema Number Attribute Constraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- Required bool
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- String
Attribute UserConstraints Pool Schema String Attribute Constraints - Constraints for an attribute of the string type. Detailed below.
- attribute
Data StringType - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - name String
- Name of the attribute.
- developer
Only BooleanAttribute - Whether the attribute type is developer only.
- mutable Boolean
- Whether the attribute can be changed once it has been created.
- number
Attribute UserConstraints Pool Schema Number Attribute Constraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- required Boolean
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- string
Attribute UserConstraints Pool Schema String Attribute Constraints - Constraints for an attribute of the string type. Detailed below.
- attribute
Data stringType - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - name string
- Name of the attribute.
- developer
Only booleanAttribute - Whether the attribute type is developer only.
- mutable boolean
- Whether the attribute can be changed once it has been created.
- number
Attribute UserConstraints Pool Schema Number Attribute Constraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- required boolean
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- string
Attribute UserConstraints Pool Schema String Attribute Constraints - Constraints for an attribute of the string type. Detailed below.
- attribute_
data_ strtype - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - name str
- Name of the attribute.
- developer_
only_ boolattribute - Whether the attribute type is developer only.
- mutable bool
- Whether the attribute can be changed once it has been created.
- number_
attribute_ Userconstraints Pool Schema Number Attribute Constraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- required bool
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- string_
attribute_ Userconstraints Pool Schema String Attribute Constraints - Constraints for an attribute of the string type. Detailed below.
- attribute
Data StringType - Attribute data type. Must be one of
Boolean
,Number
,String
,DateTime
. - name String
- Name of the attribute.
- developer
Only BooleanAttribute - Whether the attribute type is developer only.
- mutable Boolean
- Whether the attribute can be changed once it has been created.
- number
Attribute Property MapConstraints - Configuration block for the constraints for an attribute of the number type. Detailed below.
- required Boolean
- Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
- string
Attribute Property MapConstraints - Constraints for an attribute of the string type. Detailed below.
UserPoolSchemaNumberAttributeConstraints, UserPoolSchemaNumberAttributeConstraintsArgs
UserPoolSchemaStringAttributeConstraints, UserPoolSchemaStringAttributeConstraintsArgs
- max_
length str - Maximum length of an attribute value of the string type.
- min_
length str - Minimum length of an attribute value of the string type.
UserPoolSmsConfiguration, UserPoolSmsConfigurationArgs
- External
Id string - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- Sns
Caller stringArn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- Sns
Region string - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
- External
Id string - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- Sns
Caller stringArn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- Sns
Region string - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
- external
Id String - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- sns
Caller StringArn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- sns
Region String - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
- external
Id string - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- sns
Caller stringArn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- sns
Region string - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
- external_
id str - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- sns_
caller_ strarn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- sns_
region str - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
- external
Id String - External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
- sns
Caller StringArn - ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
- sns
Region String - The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
UserPoolSoftwareTokenMfaConfiguration, UserPoolSoftwareTokenMfaConfigurationArgs
- Enabled bool
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
- Enabled bool
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
- enabled Boolean
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
- enabled boolean
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
- enabled bool
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
- enabled Boolean
- Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When
sms_configuration
is not present, themfa_configuration
argument must be set toOFF
and thesoftware_token_mfa_configuration
configuration block must be fully removed.
UserPoolUserAttributeUpdateSettings, UserPoolUserAttributeUpdateSettingsArgs
- Attributes
Require List<string>Verification Before Updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
- Attributes
Require []stringVerification Before Updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
- attributes
Require List<String>Verification Before Updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
- attributes
Require string[]Verification Before Updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
- attributes_
require_ Sequence[str]verification_ before_ updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
- attributes
Require List<String>Verification Before Updates - A list of attributes requiring verification before update. If set, the provided value(s) must also be set in
auto_verified_attributes
. Valid values:email
,phone_number
.
UserPoolUserPoolAddOns, UserPoolUserPoolAddOnsArgs
- Advanced
Security stringMode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
- Advanced
Security stringMode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
- advanced
Security StringMode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
- advanced
Security stringMode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
- advanced_
security_ strmode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
- advanced
Security StringMode - Mode for advanced security, must be one of
OFF
,AUDIT
orENFORCED
.
UserPoolUsernameConfiguration, UserPoolUsernameConfigurationArgs
- Case
Sensitive bool - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
- Case
Sensitive bool - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
- case
Sensitive Boolean - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
- case
Sensitive boolean - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
- case_
sensitive bool - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
- case
Sensitive Boolean - Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
UserPoolVerificationMessageTemplate, UserPoolVerificationMessageTemplateArgs
- Default
Email stringOption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - Email
Message string - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - Email
Message stringBy Link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - Email
Subject string - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - Email
Subject stringBy Link - Subject line for the email message template for sending a confirmation link to the user.
- Sms
Message string - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
- Default
Email stringOption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - Email
Message string - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - Email
Message stringBy Link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - Email
Subject string - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - Email
Subject stringBy Link - Subject line for the email message template for sending a confirmation link to the user.
- Sms
Message string - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
- default
Email StringOption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - email
Message String - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - email
Message StringBy Link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - email
Subject String - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - email
Subject StringBy Link - Subject line for the email message template for sending a confirmation link to the user.
- sms
Message String - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
- default
Email stringOption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - email
Message string - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - email
Message stringBy Link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - email
Subject string - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - email
Subject stringBy Link - Subject line for the email message template for sending a confirmation link to the user.
- sms
Message string - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
- default_
email_ stroption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - email_
message str - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - email_
message_ strby_ link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - email_
subject str - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - email_
subject_ strby_ link - Subject line for the email message template for sending a confirmation link to the user.
- sms_
message str - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
- default
Email StringOption - Default email option. Must be either
CONFIRM_WITH_CODE
orCONFIRM_WITH_LINK
. Defaults toCONFIRM_WITH_CODE
. - email
Message String - Email message template. Must contain the
{####}
placeholder. Conflicts withemail_verification_message
argument. - email
Message StringBy Link - Email message template for sending a confirmation link to the user, it must contain the
{##Click Here##}
placeholder. - email
Subject String - Subject line for the email message template. Conflicts with
email_verification_subject
argument. - email
Subject StringBy Link - Subject line for the email message template for sending a confirmation link to the user.
- sms
Message String - SMS message template. Must contain the
{####}
placeholder. Conflicts withsms_verification_message
argument.
Import
Using pulumi import
, import Cognito User Pools using the id
. For example:
$ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.