Sign In to the Console
AWS CloudFormation
User Guide (Version )

AWS Documentation » AWS CloudFormation » User Guide » Amazon Cognito Resource Type Reference » AWS::Cognito::UserPool

AWS::Cognito::UserPool

The AWS::Cognito::UserPool resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Cognito::UserPool",
  "Properties" : {
      "AdminCreateUserConfig" : AdminCreateUserConfig,
      "AliasAttributes" : [ String, ... ],
      "AutoVerifiedAttributes" : [ String, ... ],
      "DeviceConfiguration" : DeviceConfiguration,
      "EmailConfiguration" : EmailConfiguration,
      "EmailVerificationMessage" : String,
      "EmailVerificationSubject" : String,
      "LambdaConfig" : LambdaConfig,
      "MfaConfiguration" : String,
      "Policies" : Policies,
      "Schema" : [ SchemaAttribute, ... ],
      "SmsAuthenticationMessage" : String,
      "SmsConfiguration" : SmsConfiguration,
      "SmsVerificationMessage" : String,
      "UsernameAttributes" : [ String, ... ],
      "UserPoolName" : String,
      "UserPoolTags" : Json
    }
}

Properties

AdminCreateUserConfig

The type of configuration for creating a new user profile.

Required: No

Type: AdminCreateUserConfig

Update requires: No interruption

AliasAttributes

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username.

Required: No

Type: List of String

Update requires: Replacement

AutoVerifiedAttributes

The attributes to be auto-verified. Possible values: email, phone_number.

Required: No

Type: List of String

Update requires: No interruption

DeviceConfiguration

The type of configuration for the user pool's device tracking.

Required: No

Type: DeviceConfiguration

Update requires: No interruption

EmailConfiguration

The email configuration.

Required: No

Type: EmailConfiguration

Update requires: No interruption

EmailVerificationMessage

A string representing the email verification message.

Required: No

Type: String

Minimum: 6

Maximum: 20000

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*\{####\}[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]*

Update requires: No interruption

EmailVerificationSubject

A string representing the email verification subject.

Required: No

Type: String

Minimum: 1

Maximum: 140

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}\s]+

Update requires: No interruption

LambdaConfig

The Lambda trigger configuration information for the new user pool.

Note

In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you will need to make an extra call to add permission for these event sources to invoke your Lambda function.

For more information on using the Lambda API to add permission, see AddPermission .

For adding permission using the AWS CLI, see add-permission .

Required: No

Type: LambdaConfig

Update requires: No interruption

MfaConfiguration

Specifies multi-factor authentication (MFA) configuration details. Can be one of the following values:

OFF - MFA tokens are not required and cannot be specified during user registration.

ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.

OPTIONAL - Users have the option when registering to create an MFA token.

Required: No

Type: String

Update requires: No interruption

Policies

The policy associated with a user pool.

Required: No

Type: Policies

Update requires: No interruption

Schema

An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.

Required: No

Type: List of SchemaAttribute

Maximum: 50

Update requires: Replacement

SmsAuthenticationMessage

A string representing the SMS authentication message.

Required: No

Type: String

Minimum: 6

Maximum: 140

Pattern: .*\{####\}.*

Update requires: No interruption

SmsConfiguration

The SMS configuration.

Required: No

Type: SmsConfiguration

Update requires: No interruption

SmsVerificationMessage

A string representing the SMS verification message.

Required: No

Type: String

Minimum: 6

Maximum: 140

Pattern: .*\{####\}.*

Update requires: No interruption

UsernameAttributes

Specifies whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values: phone_number or email.

Required: No

Type: List of String

Update requires: Replacement

UserPoolName

A string used to name the user pool.

Required: No

Type: String

Minimum: 1

Maximum: 128

Pattern: [\w\s+=,.@-]+

Update requires: Replacement

UserPoolTags

The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Required: No

Type: Json

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a generated ID, such as us-east-2_zgaEXAMPLE.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the user pool, such as arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341.

ProviderName

The provider name of the Amazon Cognito user pool, specified as a String.

ProviderURL

The URL of the provider of the Amazon Cognito user pool, specified as a String.