software.amazon.awscdk.services.cognito

Class UserPool.Builder

java.lang.Object

software.amazon.awscdk.services.cognito.UserPool.Builder

Enclosing class:

UserPool

public static final class UserPool.Builder
extends java.lang.Object

A fluent builder for UserPool.

Method Summary

Modifier and Type	Method and Description
UserPool.Builder	accountRecovery(AccountRecovery accountRecovery) How will a user be able to recover their account?
UserPool.Builder	autoVerify(AutoVerifiedAttrs autoVerify) Attributes which Cognito will look to verify automatically upon user sign up.
UserPool	build()
static UserPool.Builder	create(software.constructs.Construct scope, java.lang.String id)
UserPool.Builder	customAttributes(java.util.Map<java.lang.String,? extends ICustomAttribute> customAttributes) Define a set of custom attributes that can be configured for each user in the user pool.
UserPool.Builder	customSenderKmsKey(IKey customSenderKmsKey) This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
UserPool.Builder	deviceTracking(DeviceTracking deviceTracking) Device tracking settings.
UserPool.Builder	email(UserPoolEmail email) Email settings for a user pool.
UserPool.Builder	emailSettings(EmailSettings emailSettings) Deprecated. Use 'email' instead.
UserPool.Builder	enableSmsRole(java.lang.Boolean enableSmsRole) Setting this would explicitly enable or disable SMS role creation.
UserPool.Builder	lambdaTriggers(UserPoolTriggers lambdaTriggers) Lambda functions to use for supported Cognito triggers.
UserPool.Builder	mfa(Mfa mfa) Configure whether users of this user pool can or are required use MFA to sign in.
UserPool.Builder	mfaMessage(java.lang.String mfaMessage) The SMS message template sent during MFA verification.
UserPool.Builder	mfaSecondFactor(MfaSecondFactor mfaSecondFactor) Configure the MFA types that users can use in this user pool.
UserPool.Builder	passwordPolicy(PasswordPolicy passwordPolicy) Password policy for this user pool.
UserPool.Builder	removalPolicy(RemovalPolicy removalPolicy) Policy to apply when the user pool is removed from the stack.
UserPool.Builder	selfSignUpEnabled(java.lang.Boolean selfSignUpEnabled) Whether self sign up should be enabled.
UserPool.Builder	signInAliases(SignInAliases signInAliases) Methods in which a user registers or signs in to a user pool.
UserPool.Builder	signInCaseSensitive(java.lang.Boolean signInCaseSensitive) Whether sign-in aliases should be evaluated with case sensitivity.
UserPool.Builder	smsRole(IRole smsRole) The IAM role that Cognito will assume while sending SMS messages.
UserPool.Builder	smsRoleExternalId(java.lang.String smsRoleExternalId) The 'ExternalId' that Cognito service must using when assuming the `smsRole`, if the role is restricted with an 'sts:ExternalId' conditional.
UserPool.Builder	snsRegion(java.lang.String snsRegion) The region to integrate with SNS to send SMS messages.
UserPool.Builder	standardAttributes(StandardAttributes standardAttributes) The set of attributes that are required for every user in the user pool.
UserPool.Builder	userInvitation(UserInvitationConfig userInvitation) Configuration around admins signing up users into a user pool.
UserPool.Builder	userPoolName(java.lang.String userPoolName) Name of the user pool.
UserPool.Builder	userVerification(UserVerificationConfig userVerification) Configuration around users signing themselves up to the user pool.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

create

public static UserPool.Builder create(software.constructs.Construct scope,
                                      java.lang.String id)

Parameters:

scope - This parameter is required.

id - This parameter is required.

Returns:

a new instance of UserPool.Builder.

accountRecovery

public UserPool.Builder accountRecovery(AccountRecovery accountRecovery)

How will a user be able to recover their account?

Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

Parameters:

accountRecovery - How will a user be able to recover their account?. This parameter is required.

Returns:

this

autoVerify

public UserPool.Builder autoVerify(AutoVerifiedAttrs autoVerify)

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.

Default: - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default. If absent, no attributes will be auto-verified.

Parameters:

autoVerify - Attributes which Cognito will look to verify automatically upon user sign up. This parameter is required.

Returns:

this

customAttributes

public UserPool.Builder customAttributes(java.util.Map<java.lang.String,? extends ICustomAttribute> customAttributes)

Define a set of custom attributes that can be configured for each user in the user pool.

Default: - No custom attributes.

Parameters:

customAttributes - Define a set of custom attributes that can be configured for each user in the user pool. This parameter is required.

Returns:

this

customSenderKmsKey

public UserPool.Builder customSenderKmsKey(IKey customSenderKmsKey)

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

Default: - no key ID configured

Parameters:

customSenderKmsKey - This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. This parameter is required.

Returns:

this

See Also:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html

deviceTracking

public UserPool.Builder deviceTracking(DeviceTracking deviceTracking)

Device tracking settings.

Default: - see defaults on each property of DeviceTracking.

Parameters:

deviceTracking - Device tracking settings. This parameter is required.

Returns:

this

email

public UserPool.Builder email(UserPoolEmail email)

Email settings for a user pool.

Default: - cognito will use the default email configuration

Parameters:

email - Email settings for a user pool. This parameter is required.

Returns:

this

emailSettings

@Deprecated
public UserPool.Builder emailSettings(EmailSettings emailSettings)

Deprecated. Use 'email' instead.

(deprecated) Email settings for a user pool.

Default: - see defaults on each property of EmailSettings.

Parameters:

emailSettings - Email settings for a user pool. This parameter is required.

Returns:

this

enableSmsRole

public UserPool.Builder enableSmsRole(java.lang.Boolean enableSmsRole)

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.

Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

Parameters:

enableSmsRole - Setting this would explicitly enable or disable SMS role creation. This parameter is required.

Returns:

this

lambdaTriggers

public UserPool.Builder lambdaTriggers(UserPoolTriggers lambdaTriggers)

Lambda functions to use for supported Cognito triggers.

Default: - No Lambda triggers.

Parameters:

lambdaTriggers - Lambda functions to use for supported Cognito triggers. This parameter is required.

Returns:

this

See Also:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

mfa

public UserPool.Builder mfa(Mfa mfa)

Configure whether users of this user pool can or are required use MFA to sign in.

Default: Mfa.OFF

Parameters:

mfa - Configure whether users of this user pool can or are required use MFA to sign in. This parameter is required.

Returns:

this

mfaMessage

public UserPool.Builder mfaMessage(java.lang.String mfaMessage)

The SMS message template sent during MFA verification.

Use '{####}' in the template where Cognito should insert the verification code.

Default: 'Your authentication code is {####}.'

Parameters:

mfaMessage - The SMS message template sent during MFA verification. This parameter is required.

Returns:

this

mfaSecondFactor

public UserPool.Builder mfaSecondFactor(MfaSecondFactor mfaSecondFactor)

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.

Default: - { sms: true, otp: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`. { sms: false, otp: false }, otherwise

Parameters:

mfaSecondFactor - Configure the MFA types that users can use in this user pool. This parameter is required.

Returns:

this

passwordPolicy

public UserPool.Builder passwordPolicy(PasswordPolicy passwordPolicy)

Password policy for this user pool.

Default: - see defaults on each property of PasswordPolicy.

Parameters:

passwordPolicy - Password policy for this user pool. This parameter is required.

Returns:

this

removalPolicy

public UserPool.Builder removalPolicy(RemovalPolicy removalPolicy)

Policy to apply when the user pool is removed from the stack.

Default: RemovalPolicy.RETAIN

Parameters:

removalPolicy - Policy to apply when the user pool is removed from the stack. This parameter is required.

Returns:

this

selfSignUpEnabled

public UserPool.Builder selfSignUpEnabled(java.lang.Boolean selfSignUpEnabled)

Whether self sign up should be enabled.

This can be further configured via the selfSignUp property.

Default: false

Parameters:

selfSignUpEnabled - Whether self sign up should be enabled. This parameter is required.

Returns:

this

signInAliases

public UserPool.Builder signInAliases(SignInAliases signInAliases)

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

Default: { username: true }

Parameters:

signInAliases - Methods in which a user registers or signs in to a user pool. This parameter is required.

Returns:

this

signInCaseSensitive

public UserPool.Builder signInCaseSensitive(java.lang.Boolean signInCaseSensitive)

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

Default: true

Parameters:

signInCaseSensitive - Whether sign-in aliases should be evaluated with case sensitivity. This parameter is required.

Returns:

this

smsRole

public UserPool.Builder smsRole(IRole smsRole)

The IAM role that Cognito will assume while sending SMS messages.

Default: - a new IAM role is created

Parameters:

smsRole - The IAM role that Cognito will assume while sending SMS messages. This parameter is required.

Returns:

this

smsRoleExternalId

public UserPool.Builder smsRoleExternalId(java.lang.String smsRoleExternalId)

The 'ExternalId' that Cognito service must using when assuming the `smsRole`, if the role is restricted with an 'sts:ExternalId' conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.

Default: - No external id will be configured

Parameters:

smsRoleExternalId - The 'ExternalId' that Cognito service must using when assuming the `smsRole`, if the role is restricted with an 'sts:ExternalId' conditional. This parameter is required.

Returns:

this

snsRegion

public UserPool.Builder snsRegion(java.lang.String snsRegion)

The region to integrate with SNS to send SMS messages.

This property will do nothing if SMS configuration is not configured

Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time

Parameters:

snsRegion - The region to integrate with SNS to send SMS messages. This parameter is required.

Returns:

this

standardAttributes

public UserPool.Builder standardAttributes(StandardAttributes standardAttributes)

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

Default: - All standard attributes are optional and mutable.

Parameters:

standardAttributes - The set of attributes that are required for every user in the user pool. This parameter is required.

Returns:

this

userInvitation

public UserPool.Builder userInvitation(UserInvitationConfig userInvitation)

Configuration around admins signing up users into a user pool.

Default: - see defaults in UserInvitationConfig

Parameters:

userInvitation - Configuration around admins signing up users into a user pool. This parameter is required.

Returns:

this

userPoolName

public UserPool.Builder userPoolName(java.lang.String userPoolName)

Name of the user pool.

Default: - automatically generated name by CloudFormation at deploy time

Parameters:

userPoolName - Name of the user pool. This parameter is required.

Returns:

this

userVerification

public UserPool.Builder userVerification(UserVerificationConfig userVerification)

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.

Default: - see defaults in UserVerificationConfig

Parameters:

userVerification - Configuration around users signing themselves up to the user pool. This parameter is required.

Returns:

this

build

public UserPool build()