Interface IUserPoolProps
Props for the UserPool construct.
Namespace: Amazon.CDK.AWS.Cognito
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IUserPoolProps
Syntax (vb)
Public Interface IUserPoolProps
Remarks
ExampleMetadata: infused
Examples
new UserPool(this, "myuserpool", new UserPoolProps {
// ...
SelfSignUpEnabled = true,
UserVerification = new UserVerificationConfig {
EmailSubject = "Verify your email for our awesome app!",
EmailBody = "Thanks for signing up to our awesome app! Your verification code is {####}",
EmailStyle = VerificationEmailStyle.CODE,
SmsMessage = "Thanks for signing up to our awesome app! Your verification code is {####}"
}
});
Synopsis
Properties
AccountRecovery | How will a user be able to recover their account? |
AdvancedSecurityMode | The user pool's Advanced Security Mode. |
AutoVerify | Attributes which Cognito will look to verify automatically upon user sign up. |
CustomAttributes | Define a set of custom attributes that can be configured for each user in the user pool. |
CustomSenderKmsKey | This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. |
DeletionProtection | Indicates whether the user pool should have deletion protection enabled. |
DeviceTracking | Device tracking settings. |
Email settings for a user pool. |
|
EnableSmsRole | Setting this would explicitly enable or disable SMS role creation. |
KeepOriginal | Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes. |
LambdaTriggers | Lambda functions to use for supported Cognito triggers. |
Mfa | Configure whether users of this user pool can or are required use MFA to sign in. |
MfaMessage | The SMS message template sent during MFA verification. |
MfaSecondFactor | Configure the MFA types that users can use in this user pool. |
PasswordPolicy | Password policy for this user pool. |
RemovalPolicy | Policy to apply when the user pool is removed from the stack. |
SelfSignUpEnabled | Whether self sign-up should be enabled. |
SignInAliases | Methods in which a user registers or signs in to a user pool. |
SignInCaseSensitive | Whether sign-in aliases should be evaluated with case sensitivity. |
SmsRole | The IAM role that Cognito will assume while sending SMS messages. |
SmsRoleExternalId | The 'ExternalId' that Cognito service must be using when assuming the |
SnsRegion | The region to integrate with SNS to send SMS messages. |
StandardAttributes | The set of attributes that are required for every user in the user pool. |
UserInvitation | Configuration around admins signing up users into a user pool. |
UserPoolName | Name of the user pool. |
UserVerification | Configuration around users signing themselves up to the user pool. |
Properties
AccountRecovery
How will a user be able to recover their account?
virtual Nullable<AccountRecovery> AccountRecovery { get; }
Property Value
System.Nullable<AccountRecovery>
Remarks
Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL
AdvancedSecurityMode
The user pool's Advanced Security Mode.
virtual Nullable<AdvancedSecurityMode> AdvancedSecurityMode { get; }
Property Value
System.Nullable<AdvancedSecurityMode>
Remarks
Default: - no value
AutoVerify
Attributes which Cognito will look to verify automatically upon user sign up.
virtual IAutoVerifiedAttrs AutoVerify { get; }
Property Value
Remarks
EMAIL and PHONE are the only available options.
Default: - If signInAlias
includes email and/or phone, they will be included in autoVerifiedAttributes
by default.
If absent, no attributes will be auto-verified.
CustomAttributes
Define a set of custom attributes that can be configured for each user in the user pool.
virtual IDictionary<string, ICustomAttribute> CustomAttributes { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, ICustomAttribute>
Remarks
Default: - No custom attributes.
CustomSenderKmsKey
This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
virtual IKey CustomSenderKmsKey { get; }
Property Value
Remarks
Default: - no key ID configured
DeletionProtection
Indicates whether the user pool should have deletion protection enabled.
virtual Nullable<bool> DeletionProtection { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
DeviceTracking
Device tracking settings.
virtual IDeviceTracking DeviceTracking { get; }
Property Value
Remarks
Default: - see defaults on each property of DeviceTracking.
Email settings for a user pool.
virtual UserPoolEmail Email { get; }
Property Value
Remarks
Default: - cognito will use the default email configuration
EnableSmsRole
Setting this would explicitly enable or disable SMS role creation.
virtual Nullable<bool> EnableSmsRole { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
When left unspecified, CDK will determine based on other properties if a role is needed or not.
Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.
KeepOriginal
Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
virtual IKeepOriginalAttrs KeepOriginal { get; }
Property Value
Remarks
EMAIL and PHONE are the only available options.
Default: - Nothing is kept.
LambdaTriggers
Lambda functions to use for supported Cognito triggers.
virtual IUserPoolTriggers LambdaTriggers { get; }
Property Value
Remarks
Default: - No Lambda triggers.
Mfa
Configure whether users of this user pool can or are required use MFA to sign in.
virtual Nullable<Mfa> Mfa { get; }
Property Value
System.Nullable<Mfa>
Remarks
Default: Mfa.OFF
MfaMessage
The SMS message template sent during MFA verification.
virtual string MfaMessage { get; }
Property Value
System.String
Remarks
Use '{####}' in the template where Cognito should insert the verification code.
Default: 'Your authentication code is {####}.'
MfaSecondFactor
Configure the MFA types that users can use in this user pool.
virtual IMfaSecondFactor MfaSecondFactor { get; }
Property Value
Remarks
Ignored if mfa
is set to OFF
.
Default: - { sms: true, otp: false }, if mfa
is set to OPTIONAL
or REQUIRED
.
{ sms: false, otp: false }, otherwise
PasswordPolicy
Password policy for this user pool.
virtual IPasswordPolicy PasswordPolicy { get; }
Property Value
Remarks
Default: - see defaults on each property of PasswordPolicy.
RemovalPolicy
Policy to apply when the user pool is removed from the stack.
virtual Nullable<RemovalPolicy> RemovalPolicy { get; }
Property Value
System.Nullable<RemovalPolicy>
Remarks
Default: RemovalPolicy.RETAIN
SelfSignUpEnabled
Whether self sign-up should be enabled.
virtual Nullable<bool> SelfSignUpEnabled { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
To configure self sign-up configuration use the userVerification
property.
Default: - false
SignInAliases
Methods in which a user registers or signs in to a user pool.
virtual ISignInAliases SignInAliases { get; }
Property Value
Remarks
Allows either username with aliases OR sign in with email, phone, or both.
Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
To match with 'Option 1' in the above link, with a verified email, this property should be set to
{ username: true, email: true }
. To match with 'Option 2' in the above link with both a verified email and phone
number, this property should be set to { email: true, phone: true }
.
Default: { username: true }
SignInCaseSensitive
Whether sign-in aliases should be evaluated with case sensitivity.
virtual Nullable<bool> SignInCaseSensitive { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
For example, when this option is set to false, users will be able to sign in using either MyUsername
or myusername
.
Default: true
SmsRole
The IAM role that Cognito will assume while sending SMS messages.
virtual IRole SmsRole { get; }
Property Value
Remarks
Default: - a new IAM role is created.
SmsRoleExternalId
The 'ExternalId' that Cognito service must be using when assuming the smsRole
, if the role is restricted with an 'sts:ExternalId' conditional.
virtual string SmsRoleExternalId { get; }
Property Value
System.String
Remarks
Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
This property will be ignored if smsRole
is not specified.
Default: - No external id will be configured.
SnsRegion
The region to integrate with SNS to send SMS messages.
virtual string SnsRegion { get; }
Property Value
System.String
Remarks
This property will do nothing if SMS configuration is not configured.
Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
StandardAttributes
The set of attributes that are required for every user in the user pool.
virtual IStandardAttributes StandardAttributes { get; }
Property Value
Remarks
Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
Default: - All standard attributes are optional and mutable.
UserInvitation
Configuration around admins signing up users into a user pool.
virtual IUserInvitationConfig UserInvitation { get; }
Property Value
Remarks
Default: - see defaults in UserInvitationConfig.
UserPoolName
Name of the user pool.
virtual string UserPoolName { get; }
Property Value
System.String
Remarks
Default: - automatically generated name by CloudFormation at deploy time.
UserVerification
Configuration around users signing themselves up to the user pool.
virtual IUserVerificationConfig UserVerification { get; }
Property Value
Remarks
Enable or disable self sign-up via the selfSignUpEnabled
property.
Default: - see defaults in UserVerificationConfig.