UserPool

class aws_cdk.aws_cognito.UserPool(scope, id, *, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, required_attributes=None, self_sign_up_enabled=None, sign_in_aliases=None, sms_role=None, sms_role_external_id=None, user_invitation=None, user_pool_name=None, user_verification=None)

Bases: aws_cdk.core.Resource

Define a Cognito User Pool.

stability :stability: experimental

__init__(scope, id, *, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, required_attributes=None, self_sign_up_enabled=None, sign_in_aliases=None, sms_role=None, sms_role_external_id=None, user_invitation=None, user_pool_name=None, user_verification=None)
Parameters

  • scope (Construct) –

  • id (str) –

  • auto_verify (Optional[AutoVerifiedAttrs]) – Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If signIn include email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

  • custom_attributes (Optional[Mapping[str, ICustomAttribute]]) – Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.

  • email_settings (Optional[EmailSettings]) – Email settings for a user pool. Default: - see defaults on each property of EmailSettings.

  • lambda_triggers (Optional[UserPoolTriggers]) – Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.

  • mfa (Optional[Mfa]) – Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF

  • mfa_second_factor (Optional[MfaSecondFactor]) – Configure the MFA types that users can use in this user pool. Ignored if mfa is set to OFF. Default: - { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, oneTimePassword: false }, otherwise

  • password_policy (Optional[PasswordPolicy]) – Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.

  • required_attributes (Optional[RequiredAttributes]) – The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - No attributes are required.

  • self_sign_up_enabled (Optional[bool]) – Whether self sign up should be enabled. This can be further configured via the selfSignUp property. Default: false

  • sign_in_aliases (Optional[SignInAliases]) – Methods in which a user registers or signs in to a user pool. Allows either username with aliases OR sign in with email, phone, or both. Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }. Default: { username: true }

  • sms_role (Optional[IRole]) – The IAM role that Cognito will assume while sending SMS messages. Default: - a new IAM role is created

  • sms_role_external_id (Optional[str]) – The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts:ExternalId’ conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if smsRole is not specified. Default: - No external id will be configured

  • user_invitation (Optional[UserInvitationConfig]) – Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig

  • user_pool_name (Optional[str]) – Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time

  • user_verification (Optional[UserVerificationConfig]) – Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the selfSignUpEnabled property. Default: - see defaults in UserVerificationConfig

stability :stability: experimental

Return type

None

Methods

add_create_auth_challenge_trigger(fn)

Attach ‘Create Auth Challenge’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html stability :stability: experimental

Return type

None

add_custom_message_trigger(fn)

Attach ‘Custom Message’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html stability :stability: experimental

Return type

None

add_define_auth_challenge_trigger(fn)

Attach ‘Define Auth Challenge’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html stability :stability: experimental

Return type

None

add_post_authentication_trigger(fn)

Attach ‘Post Authentication’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html stability :stability: experimental

Return type

None

add_post_confirmation_trigger(fn)

Attach ‘Post Confirmation’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html stability :stability: experimental

Return type

None

add_pre_authentication_trigger(fn)

Attach ‘Pre Authentication’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html stability :stability: experimental

Return type

None

add_pre_sign_up_trigger(fn)

Attach ‘Pre Sign Up’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html stability :stability: experimental

Return type

None

add_pre_token_generation_trigger(fn)

Attach ‘Pre Token Generation’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html stability :stability: experimental

Return type

None

add_user_migration_trigger(fn)

Attach ‘User Migration’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html stability :stability: experimental

Return type

None

add_verify_auth_challenge_response_trigger(fn)

Attach ‘Verify Auth Challenge Response’ trigger Grants access from cognito-idp.amazonaws.com to the lambda.

Parameters

fn (IFunction) – the lambda function to attach.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html stability :stability: experimental

Return type

None

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

node

The construct tree node associated with this construct.

Return type

ConstructNode

stack

The stack in which this resource is defined.

Return type

Stack

user_pool_arn

The ARN of the user pool.

stability :stability: experimental

Return type

str

user_pool_id

The physical ID of this user pool resource.

stability :stability: experimental

Return type

str

user_pool_provider_name

User pool provider name.

stability :stability: experimental attribute: :attribute:: true

Return type

str

user_pool_provider_url

User pool provider URL.

stability :stability: experimental attribute: :attribute:: true

Return type

str

Static Methods

classmethod from_user_pool_arn(scope, id, user_pool_arn)

Import an existing user pool based on its ARN.

Parameters

  • scope (Construct) –

  • id (str) –

  • user_pool_arn (str) –

stability :stability: experimental

Return type

IUserPool

classmethod from_user_pool_id(scope, id, user_pool_id)

Import an existing user pool based on its id.

Parameters

  • scope (Construct) –

  • id (str) –

  • user_pool_id (str) –

stability :stability: experimental

Return type

IUserPool

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool