UserPoolProps

class aws_cdk.aws_cognito.UserPoolProps(*, account_recovery=None, auto_verify=None, custom_attributes=None, email_settings=None, enable_sms_role=None, lambda_triggers=None, mfa=None, mfa_second_factor=None, password_policy=None, self_sign_up_enabled=None, sign_in_aliases=None, sign_in_case_sensitive=None, sms_role=None, sms_role_external_id=None, standard_attributes=None, user_invitation=None, user_pool_name=None, user_verification=None)

Bases: object

Props for the UserPool construct.

Parameters
  • account_recovery (Optional[AccountRecovery]) – How will a user be able to recover their account? Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

  • auto_verify (Optional[AutoVerifiedAttrs]) – Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

  • custom_attributes (Optional[Mapping[str, ICustomAttribute]]) – Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.

  • email_settings (Optional[EmailSettings]) – Email settings for a user pool. Default: - see defaults on each property of EmailSettings.

  • enable_sms_role (Optional[bool]) – Setting this would explicitly enable or disable SMS role creation. When left unspecified, CDK will determine based on other properties if a role is needed or not. Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

  • lambda_triggers (Optional[UserPoolTriggers]) – Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.

  • mfa (Optional[Mfa]) – Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFF

  • mfa_second_factor (Optional[MfaSecondFactor]) – Configure the MFA types that users can use in this user pool. Ignored if mfa is set to OFF. Default: - { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, oneTimePassword: false }, otherwise

  • password_policy (Optional[PasswordPolicy]) – Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.

  • self_sign_up_enabled (Optional[bool]) – Whether self sign up should be enabled. This can be further configured via the selfSignUp property. Default: false

  • sign_in_aliases (Optional[SignInAliases]) – Methods in which a user registers or signs in to a user pool. Allows either username with aliases OR sign in with email, phone, or both. Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }. Default: { username: true }

  • sign_in_case_sensitive (Optional[bool]) – Whether sign-in aliases should be evaluated with case sensitivity. For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername. Default: true

  • sms_role (Optional[IRole]) – The IAM role that Cognito will assume while sending SMS messages. Default: - a new IAM role is created

  • sms_role_external_id (Optional[str]) – The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts:ExternalId’ conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored if smsRole is not specified. Default: - No external id will be configured

  • standard_attributes (Optional[StandardAttributes]) – The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - All standard attributes are optional and mutable.

  • user_invitation (Optional[UserInvitationConfig]) – Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfig

  • user_pool_name (Optional[str]) – Name of the user pool. Default: - automatically generated name by CloudFormation at deploy time

  • user_verification (Optional[UserVerificationConfig]) – Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via the selfSignUpEnabled property. Default: - see defaults in UserVerificationConfig

Attributes

account_recovery

How will a user be able to recover their account?

Default

AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

Return type

Optional[AccountRecovery]

auto_verify

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.

Default

  • If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default.

If absent, no attributes will be auto-verified.

Return type

Optional[AutoVerifiedAttrs]

custom_attributes

Define a set of custom attributes that can be configured for each user in the user pool.

Default
  • No custom attributes.

Return type

Optional[Mapping[str, ICustomAttribute]]

email_settings

Email settings for a user pool.

Default
  • see defaults on each property of EmailSettings.

Return type

Optional[EmailSettings]

enable_sms_role

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.

Default
  • CDK will determine based on other properties of the user pool if an SMS role should be created or not.

Return type

Optional[bool]

lambda_triggers

Lambda functions to use for supported Cognito triggers.

Default
  • No Lambda triggers.

See

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

Return type

Optional[UserPoolTriggers]

mfa

Configure whether users of this user pool can or are required use MFA to sign in.

Default

Mfa.OFF

Return type

Optional[Mfa]

mfa_second_factor

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.

Default

  • { sms: true, oneTimePassword: false }, if mfa is set to OPTIONAL or REQUIRED.

{ sms: false, oneTimePassword: false }, otherwise

Return type

Optional[MfaSecondFactor]

password_policy

Password policy for this user pool.

Default
  • see defaults on each property of PasswordPolicy.

Return type

Optional[PasswordPolicy]

self_sign_up_enabled

Whether self sign up should be enabled.

This can be further configured via the selfSignUp property.

Default

false

Return type

Optional[bool]

sign_in_aliases

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with ‘Option 1’ in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

Default

{ username: true }

Return type

Optional[SignInAliases]

sign_in_case_sensitive

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

Default

true

Return type

Optional[bool]

sms_role

The IAM role that Cognito will assume while sending SMS messages.

Default
  • a new IAM role is created

Return type

Optional[IRole]

sms_role_external_id

ExternalId’ conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.

Default
  • No external id will be configured

Type

The ‘ExternalId’ that Cognito service must using when assuming the smsRole, if the role is restricted with an ‘sts

Return type

Optional[str]

standard_attributes

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

Default
  • All standard attributes are optional and mutable.

Return type

Optional[StandardAttributes]

user_invitation

Configuration around admins signing up users into a user pool.

Default
  • see defaults in UserInvitationConfig

Return type

Optional[UserInvitationConfig]

user_pool_name

Name of the user pool.

Default
  • automatically generated name by CloudFormation at deploy time

Return type

Optional[str]

user_verification

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.

Default
  • see defaults in UserVerificationConfig

Return type

Optional[UserVerificationConfig]