UserPoolProps

class aws_cdk.aws_cognito.UserPoolProps(*, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, required_attributes=None, self_sign_up_enabled=None, sign_in_aliases=None, sms_role=None, sms_role_external_id=None, user_invitation=None, user_pool_name=None, user_verification=None)

Bases: object

__init__(*, auto_verify=None, custom_attributes=None, email_settings=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, required_attributes=None, self_sign_up_enabled=None, sign_in_aliases=None, sms_role=None, sms_role_external_id=None, user_invitation=None, user_pool_name=None, user_verification=None)

Props for the UserPool construct.

Parameters
  • auto_verify (Optional[AutoVerifiedAttrs]) – Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If signIn include email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

  • custom_attributes (Optional[Mapping[str, ICustomAttribute]]) – Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.

  • email_settings (Optional[EmailSettings]) – Email settings for a user pool. Default: - see defaults on each property of EmailSettings.

  • lambda_triggers (Optional[UserPoolTriggers]) – Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.

  • mfa (Optional[Mfa]) – Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF

  • mfa_second_factor (Optional[MfaSecondFactor]) – Configure the MFA types that users can use in this user pool. Ignored if mfa is set to OFF. Default: - { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, oneTimePassword: false }, otherwise

  • password_policy (Optional[PasswordPolicy]) – Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.

  • required_attributes (Optional[RequiredAttributes]) – The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - No attributes are required.

  • self_sign_up_enabled (Optional[bool]) – Whether self sign up should be enabled. This can be further configured via the selfSignUp property. Default: false

  • sign_in_aliases (Optional[SignInAliases]) – Methods in which a user registers or signs in to a user pool. Allows either username with aliases OR sign in with email, phone, or both. Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }. Default: { username: true }

  • sms_role (Optional[IRole]) – The IAM role that Cognito will assume while sending SMS messages. Default: - a new IAM role is created

  • sms_role_external_id (Optional[str]) – The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts:ExternalId’ conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if smsRole is not specified. Default: - No external id will be configured

  • user_invitation (Optional[UserInvitationConfig]) – Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig

  • user_pool_name (Optional[str]) – Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time

  • user_verification (Optional[UserVerificationConfig]) – Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the selfSignUpEnabled property. Default: - see defaults in UserVerificationConfig

stability :stability: experimental

Attributes

auto_verify

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.

default :default:

  • If signIn include email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

stability :stability: experimental

Return type

Optional[AutoVerifiedAttrs]

custom_attributes

Define a set of custom attributes that can be configured for each user in the user pool.

default :default: - No custom attributes.

stability :stability: experimental

Return type

Optional[Mapping[str, ICustomAttribute]]

email_settings

Email settings for a user pool.

default :default: - see defaults on each property of EmailSettings.

stability :stability: experimental

Return type

Optional[EmailSettings]

lambda_triggers

Lambda functions to use for supported Cognito triggers.

default :default: - No Lambda triggers.

see :see: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html stability :stability: experimental

Return type

Optional[UserPoolTriggers]

mfa

Configure whether users of this user pool can or are required use MFA to sign in.

default :default: Mfa.OFF

stability :stability: experimental

Return type

Optional[Mfa]

mfa_second_factor

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.

default :default:

  • { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, oneTimePassword: false }, otherwise

stability :stability: experimental

Return type

Optional[MfaSecondFactor]

password_policy

Password policy for this user pool.

default :default: - see defaults on each property of PasswordPolicy.

stability :stability: experimental

Return type

Optional[PasswordPolicy]

required_attributes

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

default :default: - No attributes are required.

stability :stability: experimental

Return type

Optional[RequiredAttributes]

self_sign_up_enabled

Whether self sign up should be enabled.

This can be further configured via the selfSignUp property.

default :default: false

stability :stability: experimental

Return type

Optional[bool]

sign_in_aliases

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

default :default: { username: true }

stability :stability: experimental

Return type

Optional[SignInAliases]

sms_role

The IAM role that Cognito will assume while sending SMS messages.

default :default: - a new IAM role is created

stability :stability: experimental

Return type

Optional[IRole]

sms_role_external_id

ExternalId’ conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.

default :default: - No external id will be configured

stability :stability: experimental

Type

The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts

Return type

Optional[str]

user_invitation

Configuration around admins signing up users into a user pool.

default :default: - see defaults in UserInvitationConfig

stability :stability: experimental

Return type

Optional[UserInvitationConfig]

user_pool_name

Name of the user pool.

default :default: - automatically generated name by CloudFormation at deploy time

stability :stability: experimental

Return type

Optional[str]

user_verification

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.

default :default: - see defaults in UserVerificationConfig

stability :stability: experimental

Return type

Optional[UserVerificationConfig]