UserPool

class aws_cdk.aws_cognito.UserPool(scope, id, *, account_recovery=None, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, self_sign_up_enabled=None, sign_in_aliases=None, sign_in_case_sensitive=None, sms_role=None, sms_role_external_id=None, standard_attributes=None, user_invitation=None, user_pool_name=None, user_verification=None)

Bases: aws_cdk.core.Resource

Define a Cognito User Pool.

stability :stability: experimental

__init__(scope, id, *, account_recovery=None, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, self_sign_up_enabled=None, sign_in_aliases=None, sign_in_case_sensitive=None, sms_role=None, sms_role_external_id=None, standard_attributes=None, user_invitation=None, user_pool_name=None, user_verification=None)
Parameters

  • scope (Construct) –

  • id (str) –

  • account_recovery (Optional[AccountRecovery]) – How will a user be able to recover their account? Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

  • auto_verify (Optional[AutoVerifiedAttrs]) – Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

  • custom_attributes (Optional[Mapping[str, ICustomAttribute]]) – Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.

  • email_settings (Optional[EmailSettings]) – Email settings for a user pool. Default: - see defaults on each property of EmailSettings.

  • lambda_triggers (Optional[UserPoolTriggers]) – Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.

  • mfa (Optional[Mfa]) – Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF

  • mfa_second_factor (Optional[MfaSecondFactor]) – Configure the MFA types that users can use in this user pool. Ignored if mfa is set to OFF. Default: - { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, oneTimePassword: false }, otherwise

  • password_policy (Optional[PasswordPolicy]) – Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.

  • self_sign_up_enabled (Optional[bool]) – Whether self sign up should be enabled. This can be further configured via the selfSignUp property. Default: false

  • sign_in_aliases (Optional[SignInAliases]) – Methods in which a user registers or signs in to a user pool. Allows either username with aliases OR sign in with email, phone, or both. Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }. Default: { username: true }

  • sign_in_case_sensitive (Optional[bool]) – Whether sign-in aliases should be evaluated with case sensitivity. For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername. Default: true

  • sms_role (Optional[IRole]) – The IAM role that Cognito will assume while sending SMS messages. Default: - a new IAM role is created

  • sms_role_external_id (Optional[str]) – The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts:ExternalId’ conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if smsRole is not specified. Default: - No external id will be configured

  • standard_attributes (Optional[StandardAttributes]) – The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - All standard attributes are optional and mutable.

  • user_invitation (Optional[UserInvitationConfig]) – Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig

  • user_pool_name (Optional[str]) – Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time

  • user_verification (Optional[UserVerificationConfig]) – Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the selfSignUpEnabled property. Default: - see defaults in UserVerificationConfig

stability :stability: experimental

Return type

None

Methods

add_client(id, *, auth_flows=None, disable_o_auth=None, generate_secret=None, o_auth=None, prevent_user_existence_errors=None, supported_identity_providers=None, user_pool_client_name=None)

Add a new app client to this user pool.

Parameters

  • id (str) –

  • auth_flows (Optional[AuthFlow]) – The set of OAuth authentication flows to enable on the client. Default: - all auth flows disabled

  • disable_o_auth (Optional[bool]) – Turns off all OAuth interactions for this client. Default: false

  • generate_secret (Optional[bool]) – Whether to generate a client secret. Default: false

  • o_auth (Optional[OAuthSettings]) – OAuth settings for this to client to interact with the app. An error is thrown when this is specified and disableOAuth is set. Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.

  • prevent_user_existence_errors (Optional[bool]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: true for new stacks

  • supported_identity_providers (Optional[List[UserPoolClientIdentityProvider]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.

  • user_pool_client_name (Optional[str]) – Name of the application client. Default: - cloudformation generated name

stability :stability: experimental

Return type

UserPoolClient

add_domain(id, *, cognito_domain=None, custom_domain=None)

Associate a domain to this user pool.

Parameters

  • id (str) –

  • cognito_domain (Optional[CognitoDomainOptions]) – Associate a cognito prefix domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if customDomain is specified, otherwise, throws an error.

  • custom_domain (Optional[CustomDomainOptions]) – Associate a custom domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if cognitoDomain is specified, otherwise, throws an error.

stability :stability: experimental

Return type

UserPoolDomain

add_trigger(operation, fn)

Add a lambda trigger to a user pool operation.

Parameters

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html stability :stability: experimental

Return type

None

register_identity_provider(provider)

Register an identity provider with this user pool.

Parameters

provider (IUserPoolIdentityProvider) –

stability :stability: experimental

Return type

None

to_string()

Returns a string representation of this construct.

Return type

str

Attributes

identity_providers

Get all identity providers registered with this user pool.

stability :stability: experimental

Return type

List[IUserPoolIdentityProvider]

node

The construct tree node associated with this construct.

Return type

ConstructNode

stack

The stack in which this resource is defined.

Return type

Stack

user_pool_arn

The ARN of the user pool.

stability :stability: experimental

Return type

str

user_pool_id

The physical ID of this user pool resource.

stability :stability: experimental

Return type

str

user_pool_provider_name

User pool provider name.

stability :stability: experimental attribute: :attribute:: true

Return type

str

user_pool_provider_url

User pool provider URL.

stability :stability: experimental attribute: :attribute:: true

Return type

str

Static Methods

classmethod from_user_pool_arn(scope, id, user_pool_arn)

Import an existing user pool based on its ARN.

Parameters

  • scope (Construct) –

  • id (str) –

  • user_pool_arn (str) –

stability :stability: experimental

Return type

IUserPool

classmethod from_user_pool_id(scope, id, user_pool_id)

Import an existing user pool based on its id.

Parameters

  • scope (Construct) –

  • id (str) –

  • user_pool_id (str) –

stability :stability: experimental

Return type

IUserPool

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters

x (Any) –

Return type

bool