CfnUserPool¶
-
class
aws_cdk.aws_cognito.CfnUserPool(scope, id, *, account_recovery_setting=None, admin_create_user_config=None, alias_attributes=None, auto_verified_attributes=None, device_configuration=None, email_configuration=None, email_verification_message=None, email_verification_subject=None, enabled_mfas=None, lambda_config=None, mfa_configuration=None, policies=None, schema=None, sms_authentication_message=None, sms_configuration=None, sms_verification_message=None, user_attribute_update_settings=None, username_attributes=None, username_configuration=None, user_pool_add_ons=None, user_pool_name=None, user_pool_tags=None, verification_message_template=None)¶ Bases:
aws_cdk.core.CfnResourceA CloudFormation
AWS::Cognito::UserPool.The
AWS::Cognito::UserPoolresource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool . .. epigraph:If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
- CloudformationResource
AWS::Cognito::UserPool
- Link
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito # user_pool_tags: Any cfn_user_pool = cognito.CfnUserPool(self, "MyCfnUserPool", account_recovery_setting=cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] ), admin_create_user_config=cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 ), alias_attributes=["aliasAttributes"], auto_verified_attributes=["autoVerifiedAttributes"], device_configuration=cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False ), email_configuration=cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" ), email_verification_message="emailVerificationMessage", email_verification_subject="emailVerificationSubject", enabled_mfas=["enabledMfas"], lambda_config=cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" ), mfa_configuration="mfaConfiguration", policies=cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) ), schema=[cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )], sms_authentication_message="smsAuthenticationMessage", sms_configuration=cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" ), sms_verification_message="smsVerificationMessage", user_attribute_update_settings=cognito.CfnUserPool.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] ), username_attributes=["usernameAttributes"], username_configuration=cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False ), user_pool_add_ons=cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_mode="advancedSecurityMode" ), user_pool_name="userPoolName", user_pool_tags=user_pool_tags, verification_message_template=cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" ) )
Create a new
AWS::Cognito::UserPool.- Parameters
scope (
Construct) –scope in which this resource is defined.
id (
str) –scoped id of the resource.
account_recovery_setting (
Union[IResolvable,AccountRecoverySettingProperty,Dict[str,Any],None]) – Use this setting to define which verified available method a user can use to recover their password when they callForgotPassword. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.admin_create_user_config (
Union[IResolvable,AdminCreateUserConfigProperty,Dict[str,Any],None]) – The configuration for creating a new user profile.alias_attributes (
Optional[Sequence[str]]) – Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username . .. epigraph:: This user pool property cannot be updated.auto_verified_attributes (
Optional[Sequence[str]]) – The attributes to be auto-verified. Possible values: email , phone_number .device_configuration (
Union[IResolvable,DeviceConfigurationProperty,Dict[str,Any],None]) – The device configuration.email_configuration (
Union[IResolvable,EmailConfigurationProperty,Dict[str,Any],None]) – The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.email_verification_message (
Optional[str]) – A string representing the email verification message. EmailVerificationMessage is allowed only if EmailSendingAccount is DEVELOPER.email_verification_subject (
Optional[str]) –A string representing the email verification subject. EmailVerificationSubject is allowed only if EmailSendingAccount is DEVELOPER.
enabled_mfas (
Optional[Sequence[str]]) – Enables MFA on a specified user pool. To disable all MFAs after it has been enabled, set MfaConfiguration to “OFF” and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to “OFF”. Can be one of the following values: -SMS_MFA- Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided. -SOFTWARE_TOKEN_MFA- Enables software token MFA for the user pool. Allowed values:SMS_MFA|SOFTWARE_TOKEN_MFAlambda_config (
Union[IResolvable,LambdaConfigProperty,Dict[str,Any],None]) – The Lambda trigger configuration information for the new user pool. .. epigraph:: In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function. For more information on using the Lambda API to add permission, see AddPermission . For adding permission using the AWS CLI , see add-permission .mfa_configuration (
Optional[str]) – The multi-factor (MFA) configuration. Valid values include:. -OFFMFA won’t be used for any users. -ONMFA is required for all users to sign in. -OPTIONALMFA will be required only for individual users who have an MFA factor activated.policies (
Union[IResolvable,PoliciesProperty,Dict[str,Any],None]) – The policy associated with a user pool.schema (
Union[IResolvable,Sequence[Union[IResolvable,SchemaAttributeProperty,Dict[str,Any]]],None]) – The schema attributes for the new user pool. These attributes can be standard or custom attributes. .. epigraph:: During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute.sms_authentication_message (
Optional[str]) – A string representing the SMS authentication message.sms_configuration (
Union[IResolvable,SmsConfigurationProperty,Dict[str,Any],None]) – The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .sms_verification_message (
Optional[str]) – A string representing the SMS verification message.user_attribute_update_settings (
Union[IResolvable,UserAttributeUpdateSettingsProperty,Dict[str,Any],None]) – The settings for updates to user attributes. These settings include the propertyAttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to to email addresses and phone numbers .username_attributes (
Optional[Sequence[str]]) – Determines whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values:phone_numberoremail. This user pool property cannot be updated.username_configuration (
Union[IResolvable,UsernameConfigurationProperty,Dict[str,Any],None]) – You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set toFalse, users will be able to sign in using either “username” or “Username”. This configuration is immutable once it has been set.user_pool_add_ons (
Union[IResolvable,UserPoolAddOnsProperty,Dict[str,Any],None]) – Enables advanced security risk detection. Set the keyAdvancedSecurityModeto the value “AUDIT”.user_pool_name (
Optional[str]) – A string used to name the user pool.user_pool_tags (
Optional[Any]) – The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.verification_message_template (
Union[IResolvable,VerificationMessageTemplateProperty,Dict[str,Any],None]) – The template for the verification message that the user sees when the app requests permission to access the user’s information.
Methods
-
add_deletion_override(path)¶ Syntactic sugar for
addOverride(path, undefined).- Parameters
path (
str) – The path of the value to delete.- Return type
None
-
add_depends_on(target)¶ Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
- Parameters
target (
CfnResource) –- Return type
None
-
add_metadata(key, value)¶ Add a value to the CloudFormation Resource Metadata.
- Parameters
key (
str) –value (
Any) –
- See
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- Return type
None
-
add_override(path, value)¶ Adds an override to the synthesized CloudFormation resource.
To add a property override, either use
addPropertyOverrideor prefixpathwith “Properties.” (i.e.Properties.TopicName).If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal
.in the property name, prefix with a\. In most programming languages you will need to write this as"\\."because the\itself will need to be escaped.For example:
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides Example:
"Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... }
The
valueargument toaddOverridewill not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.- Parameters
path (
str) –The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed.
value (
Any) –The value. Could be primitive or complex.
- Return type
None
-
add_property_deletion_override(property_path)¶ Adds an override that deletes the value of a property from the resource definition.
- Parameters
property_path (
str) – The path to the property.- Return type
None
-
add_property_override(property_path, value)¶ Adds an override to a resource property.
Syntactic sugar for
addOverride("Properties.<...>", value).- Parameters
property_path (
str) – The path of the property.value (
Any) – The value.
- Return type
None
-
apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)¶ Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).- Parameters
policy (
Optional[RemovalPolicy]) –apply_to_update_replace_policy (
Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: truedefault (
Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resoure, please consult that specific resource’s documentation.
- Return type
None
-
get_att(attribute_name)¶ Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g.
resource.arn), but this can be used for future compatibility in case there is no generated attribute.- Parameters
attribute_name (
str) – The name of the attribute.- Return type
-
get_metadata(key)¶ Retrieve a value value from the CloudFormation Resource Metadata.
- Parameters
key (
str) –- See
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- Return type
Any
-
inspect(inspector)¶ Examines the CloudFormation resource and discloses attributes.
- Parameters
inspector (
TreeInspector) –tree inspector to collect and process attributes.
- Return type
None
-
override_logical_id(new_logical_id)¶ Overrides the auto-generated logical ID with a specific ID.
- Parameters
new_logical_id (
str) – The new logical ID to use for this stack element.- Return type
None
-
to_string()¶ Returns a string representation of this construct.
- Return type
str- Returns
a string representation of this resource
Attributes
-
CFN_RESOURCE_TYPE_NAME= 'AWS::Cognito::UserPool'¶
-
account_recovery_setting¶ Use this setting to define which verified available method a user can use to recover their password when they call
ForgotPassword.It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
-
admin_create_user_config¶ The configuration for creating a new user profile.
-
alias_attributes¶ phone_number , email , or preferred_username .
This user pool property cannot be updated.
- Link
- Type
Attributes supported as an alias for this user pool. Possible values
- Return type
Optional[List[str]]
-
attr_arn¶ The Amazon Resource Name (ARN) of the user pool, such as
arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341.- CloudformationAttribute
Arn
- Return type
str
-
attr_provider_name¶ The provider name of the Amazon Cognito user pool, specified as a
String.- CloudformationAttribute
ProviderName
- Return type
str
-
attr_provider_url¶ The URL of the provider of the Amazon Cognito user pool, specified as a
String.- CloudformationAttribute
ProviderURL
- Return type
str
-
auto_verified_attributes¶ The attributes to be auto-verified.
Possible values: email , phone_number .
- Link
- Return type
Optional[List[str]]
-
cfn_options¶ Options for this resource, such as condition, update policy etc.
- Return type
-
cfn_resource_type¶ AWS resource type.
- Return type
str
-
creation_stack¶ return:
the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.
- Return type
List[str]
-
device_configuration¶ The device configuration.
-
email_configuration¶ The email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
-
email_verification_message¶ A string representing the email verification message.
EmailVerificationMessage is allowed only if EmailSendingAccount is DEVELOPER.
-
email_verification_subject¶ A string representing the email verification subject.
EmailVerificationSubject is allowed only if EmailSendingAccount is DEVELOPER.
-
enabled_mfas¶ Enables MFA on a specified user pool.
To disable all MFAs after it has been enabled, set MfaConfiguration to “OFF” and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to “OFF”. Can be one of the following values:
SMS_MFA- Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided.SOFTWARE_TOKEN_MFA- Enables software token MFA for the user pool.
Allowed values:
SMS_MFA|SOFTWARE_TOKEN_MFA- Link
- Return type
Optional[List[str]]
-
lambda_config¶ The Lambda trigger configuration information for the new user pool.
In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
For more information on using the Lambda API to add permission, see AddPermission .
For adding permission using the AWS CLI , see add-permission .
-
logical_id¶ The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use
overrideLogicalId(newLogicalId).- Return type
str- Returns
the logical ID as a stringified token. This value will only get resolved during synthesis.
-
mfa_configuration¶ .
OFFMFA won’t be used for any users.ONMFA is required for all users to sign in.OPTIONALMFA will be required only for individual users who have an MFA factor activated.
- Link
- Type
The multi-factor (MFA) configuration. Valid values include
- Return type
Optional[str]
-
node¶ The construct tree node associated with this construct.
- Return type
-
policies¶ The policy associated with a user pool.
-
ref¶ Return a string that will be resolved to a CloudFormation
{ Ref }for this element.If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through
Lazy.any({ produce: resource.ref }).- Return type
str
-
schema¶ The schema attributes for the new user pool. These attributes can be standard or custom attributes.
During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute.
- Link
- Return type
Union[IResolvable,List[Union[IResolvable,SchemaAttributeProperty]],None]
-
sms_authentication_message¶ A string representing the SMS authentication message.
-
sms_configuration¶ The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
-
sms_verification_message¶ A string representing the SMS verification message.
-
stack¶ The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
- Return type
The tag keys and values to assign to the user pool.
A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
-
user_attribute_update_settings¶ The settings for updates to user attributes.
These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to to email addresses and phone numbers .
-
user_pool_add_ons¶ Enables advanced security risk detection.
Set the key
AdvancedSecurityModeto the value “AUDIT”.
-
user_pool_name¶ A string used to name the user pool.
-
username_attributes¶ Determines whether email addresses or phone numbers can be specified as user names when a user signs up.
Possible values:
phone_numberoremail.This user pool property cannot be updated.
- Link
- Return type
Optional[List[str]]
-
username_configuration¶ You can choose to set case sensitivity on the username input for the selected sign-in option.
For example, when this is set to
False, users will be able to sign in using either “username” or “Username”. This configuration is immutable once it has been set.
-
verification_message_template¶ The template for the verification message that the user sees when the app requests permission to access the user’s information.
Static Methods
-
classmethod
is_cfn_element(x)¶ Returns
trueif a construct is a stack element (i.e. part of the synthesized cloudformation template).Uses duck-typing instead of
instanceofto allow stack elements from different versions of this library to be included in the same stack.- Parameters
x (
Any) –- Return type
bool- Returns
The construct as a stack element or undefined if it is not a stack element.
-
classmethod
is_cfn_resource(construct)¶ Check whether the given construct is a CfnResource.
- Parameters
construct (
IConstruct) –- Return type
bool
-
classmethod
is_construct(x)¶ Return whether the given object is a Construct.
- Parameters
x (
Any) –- Return type
bool
AccountRecoverySettingProperty¶
-
class
CfnUserPool.AccountRecoverySettingProperty(*, recovery_mechanisms=None)¶ Bases:
objectUse this setting to define which verified available method a user can use to recover their password when they call
ForgotPassword.It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
- Parameters
recovery_mechanisms (
Union[IResolvable,Sequence[Union[IResolvable,RecoveryOptionProperty,Dict[str,Any]]],None]) – The list ofRecoveryOptionTypes.- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito account_recovery_setting_property = cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] )
Attributes
-
recovery_mechanisms¶ The list of
RecoveryOptionTypes.
AdminCreateUserConfigProperty¶
-
class
CfnUserPool.AdminCreateUserConfigProperty(*, allow_admin_create_user_only=None, invite_message_template=None, unused_account_validity_days=None)¶ Bases:
objectThe configuration for
AdminCreateUserrequests.- Parameters
allow_admin_create_user_only (
Union[bool,IResolvable,None]) – Set toTrueif only the administrator is allowed to create user profiles. Set toFalseif users can sign themselves up via an app.invite_message_template (
Union[IResolvable,InviteMessageTemplateProperty,Dict[str,Any],None]) – The message template to be used for the welcome message to new users. See also Customizing User Invitation Messages .unused_account_validity_days (
Union[int,float,None]) – The user account expiration limit, in days, after which a new account that hasn’t signed in is no longer usable. To reset the account after that time limit, you must callAdminCreateUseragain, specifying"RESEND"for theMessageActionparameter. The default value for this parameter is 7. .. epigraph:: If you set a value forTemporaryPasswordValidityDaysinPasswordPolicy, that value will be used, andUnusedAccountValidityDayswill be no longer be an available parameter for that user pool.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito admin_create_user_config_property = cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 )
Attributes
-
allow_admin_create_user_only¶ Set to
Trueif only the administrator is allowed to create user profiles.Set to
Falseif users can sign themselves up via an app.
-
invite_message_template¶ The message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages .
-
unused_account_validity_days¶ The user account expiration limit, in days, after which a new account that hasn’t signed in is no longer usable.
To reset the account after that time limit, you must call
AdminCreateUseragain, specifying"RESEND"for theMessageActionparameter. The default value for this parameter is 7. .. epigraph:If you set a value for ``TemporaryPasswordValidityDays`` in ``PasswordPolicy`` , that value will be used, and ``UnusedAccountValidityDays`` will be no longer be an available parameter for that user pool.
CustomEmailSenderProperty¶
-
class
CfnUserPool.CustomEmailSenderProperty(*, lambda_arn=None, lambda_version=None)¶ Bases:
objectA custom email sender AWS Lambda trigger.
- Parameters
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send email notifications to users.lambda_version (
Optional[str]) – The Lambda version represents the signature of the “request” attribute in the “event” information that Amazon Cognito passes to your custom email sender AWS Lambda function. The only supported value isV1_0.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito custom_email_sender_property = cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
-
lambda_arn¶ The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send email notifications to users.
-
lambda_version¶ The Lambda version represents the signature of the “request” attribute in the “event” information that Amazon Cognito passes to your custom email sender AWS Lambda function.
The only supported value is
V1_0.
CustomSMSSenderProperty¶
-
class
CfnUserPool.CustomSMSSenderProperty(*, lambda_arn=None, lambda_version=None)¶ Bases:
objectA custom SMS sender AWS Lambda trigger.
- Parameters
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send SMS notifications to users.lambda_version (
Optional[str]) – The Lambda version represents the signature of the “request” attribute in the “event” information Amazon Cognito passes to your custom SMS sender Lambda function. The only supported value isV1_0.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito custom_sMSSender_property = cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
-
lambda_arn¶ The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send SMS notifications to users.
-
lambda_version¶ The Lambda version represents the signature of the “request” attribute in the “event” information Amazon Cognito passes to your custom SMS sender Lambda function.
The only supported value is
V1_0.
DeviceConfigurationProperty¶
-
class
CfnUserPool.DeviceConfigurationProperty(*, challenge_required_on_new_device=None, device_only_remembered_on_user_prompt=None)¶ Bases:
objectThe device tracking configuration for a user pool. A user pool with device tracking deactivated returns a null value.
When you provide values for any DeviceConfiguration field, you activate device tracking.
- Parameters
challenge_required_on_new_device (
Union[bool,IResolvable,None]) – When true, device authentication can replace SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). .. epigraph:: Users that sign in with devices that have not been confirmed or remembered will still have to provide a second factor, whether or not ChallengeRequiredOnNewDevice is true, when your user pool requires MFA.device_only_remembered_on_user_prompt (
Union[bool,IResolvable,None]) – When true, users can opt in to remembering their device. Your app code must use callback functions to return the user’s choice.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito device_configuration_property = cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False )
Attributes
-
challenge_required_on_new_device¶ When true, device authentication can replace SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Users that sign in with devices that have not been confirmed or remembered will still have to provide a second factor, whether or not ChallengeRequiredOnNewDevice is true, when your user pool requires MFA.
-
device_only_remembered_on_user_prompt¶ When true, users can opt in to remembering their device.
Your app code must use callback functions to return the user’s choice.
EmailConfigurationProperty¶
-
class
CfnUserPool.EmailConfigurationProperty(*, configuration_set=None, email_sending_account=None, from_=None, reply_to_email_address=None, source_arn=None)¶ Bases:
objectThe email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
- Parameters
configuration_set (
Optional[str]) – The set of configuration rules that can be applied to emails sent using Amazon SES. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails: - Event publishing – Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as SNS and CloudWatch. - IP pool management – When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.email_sending_account (
Optional[str]) – Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values: - COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration. To look up the email delivery limit for the default option, see Limits in in the Developer Guide . The default FROM address isno-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter. - DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account . If you use this option, provide the ARN of an Amazon SES verified email address for theSourceArnparameter. Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role, in your AWS account . This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .from – Identifies either the sender’s email address or the sender’s name with their email address. For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.reply_to_email_address (
Optional[str]) – The destination to which the receiver of the email should reply.source_arn (
Optional[str]) – The ARN of a verified email address in Amazon SES. Amazon Cognito uses this email address in one of the following ways, depending on the value that you specify for theEmailSendingAccountparameter: - If you specifyCOGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specifyDEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf. The Region value of theSourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito email_configuration_property = cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" )
Attributes
-
configuration_set¶ The set of configuration rules that can be applied to emails sent using Amazon SES.
A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
Event publishing – Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as SNS and CloudWatch.
IP pool management – When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
-
email_sending_account¶ Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration.
Specify one of the following values:
COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.
To look up the email delivery limit for the default option, see Limits in in the Developer Guide .
The default FROM address is
no-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter.DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArnparameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role, in your AWS account . This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .
-
from_¶ Identifies either the sender’s email address or the sender’s name with their email address.
For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.
-
reply_to_email_address¶ The destination to which the receiver of the email should reply.
-
source_arn¶ The ARN of a verified email address in Amazon SES.
Amazon Cognito uses this email address in one of the following ways, depending on the value that you specify for the
EmailSendingAccountparameter:If you specify
COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.If you specify
DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the
SourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
InviteMessageTemplateProperty¶
-
class
CfnUserPool.InviteMessageTemplateProperty(*, email_message=None, email_subject=None, sms_message=None)¶ Bases:
objectThe message template to be used for the welcome message to new users.
See also Customizing User Invitation Messages .
- Parameters
email_message (
Optional[str]) –The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
email_subject (
Optional[str]) –The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
sms_message (
Optional[str]) – The message template for SMS messages.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito invite_message_template_property = cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" )
Attributes
-
email_message¶ The message template for email messages.
EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
-
email_subject¶ The subject line for email messages.
EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
-
sms_message¶ The message template for SMS messages.
LambdaConfigProperty¶
-
class
CfnUserPool.LambdaConfigProperty(*, create_auth_challenge=None, custom_email_sender=None, custom_message=None, custom_sms_sender=None, define_auth_challenge=None, kms_key_id=None, post_authentication=None, post_confirmation=None, pre_authentication=None, pre_sign_up=None, pre_token_generation=None, user_migration=None, verify_auth_challenge_response=None)¶ Bases:
objectSpecifies the configuration for AWS Lambda triggers.
- Parameters
create_auth_challenge (
Optional[str]) – Creates an authentication challenge.custom_email_sender (
Union[IResolvable,CustomEmailSenderProperty,Dict[str,Any],None]) – A custom email sender AWS Lambda trigger.custom_message (
Optional[str]) – A custom Message AWS Lambda trigger.custom_sms_sender (
Union[IResolvable,CustomSMSSenderProperty,Dict[str,Any],None]) – A custom SMS sender AWS Lambda trigger.define_auth_challenge (
Optional[str]) – Defines the authentication challenge.kms_key_id (
Optional[str]) – The Amazon Resource Name of a AWS Key Management Service ( AWS KMS ) key. Amazon Cognito uses the key to encrypt codes and temporary passwords sent toCustomEmailSenderandCustomSMSSender.post_authentication (
Optional[str]) – A post-authentication AWS Lambda trigger.post_confirmation (
Optional[str]) – A post-confirmation AWS Lambda trigger.pre_authentication (
Optional[str]) – A pre-authentication AWS Lambda trigger.pre_sign_up (
Optional[str]) – A pre-registration AWS Lambda trigger.pre_token_generation (
Optional[str]) – A Lambda trigger that is invoked before token generation.user_migration (
Optional[str]) – The user migration Lambda config type.verify_auth_challenge_response (
Optional[str]) – Verifies the authentication challenge response.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito lambda_config_property = cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" )
Attributes
-
create_auth_challenge¶ Creates an authentication challenge.
-
custom_email_sender¶ A custom email sender AWS Lambda trigger.
-
custom_message¶ A custom Message AWS Lambda trigger.
-
custom_sms_sender¶ A custom SMS sender AWS Lambda trigger.
-
define_auth_challenge¶ Defines the authentication challenge.
-
kms_key_id¶ The Amazon Resource Name of a AWS Key Management Service ( AWS KMS ) key.
Amazon Cognito uses the key to encrypt codes and temporary passwords sent to
CustomEmailSenderandCustomSMSSender.
-
post_authentication¶ A post-authentication AWS Lambda trigger.
-
post_confirmation¶ A post-confirmation AWS Lambda trigger.
-
pre_authentication¶ A pre-authentication AWS Lambda trigger.
-
pre_sign_up¶ A pre-registration AWS Lambda trigger.
-
pre_token_generation¶ A Lambda trigger that is invoked before token generation.
-
user_migration¶ The user migration Lambda config type.
-
verify_auth_challenge_response¶ Verifies the authentication challenge response.
NumberAttributeConstraintsProperty¶
-
class
CfnUserPool.NumberAttributeConstraintsProperty(*, max_value=None, min_value=None)¶ Bases:
objectThe minimum and maximum values of an attribute that is of the number data type.
- Parameters
max_value (
Optional[str]) – The maximum value of an attribute that is of the number data type.min_value (
Optional[str]) – The minimum value of an attribute that is of the number data type.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito number_attribute_constraints_property = cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" )
Attributes
-
max_value¶ The maximum value of an attribute that is of the number data type.
-
min_value¶ The minimum value of an attribute that is of the number data type.
PasswordPolicyProperty¶
-
class
CfnUserPool.PasswordPolicyProperty(*, minimum_length=None, require_lowercase=None, require_numbers=None, require_symbols=None, require_uppercase=None, temporary_password_validity_days=None)¶ Bases:
objectThe password policy type.
- Parameters
minimum_length (
Union[int,float,None]) – The minimum length of the password in the policy that you have set. This value can’t be less than 6.require_lowercase (
Union[bool,IResolvable,None]) – In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.require_numbers (
Union[bool,IResolvable,None]) – In the password policy that you have set, refers to whether you have required users to use at least one number in their password.require_symbols (
Union[bool,IResolvable,None]) – In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.require_uppercase (
Union[bool,IResolvable,None]) – In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.temporary_password_validity_days (
Union[int,float,None]) – The number of days a temporary password is valid in the password policy. If the user doesn’t sign in during this time, an administrator must reset their password. .. epigraph:: When you setTemporaryPasswordValidityDaysfor a user pool, you can no longer set a value for the legacyUnusedAccountValidityDaysparameter in that user pool.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito password_policy_property = cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 )
Attributes
-
minimum_length¶ The minimum length of the password in the policy that you have set.
This value can’t be less than 6.
- Link
- Return type
Union[int,float,None]
-
require_lowercase¶ In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
-
require_numbers¶ In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
-
require_symbols¶ In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
-
require_uppercase¶ In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
-
temporary_password_validity_days¶ The number of days a temporary password is valid in the password policy.
If the user doesn’t sign in during this time, an administrator must reset their password. .. epigraph:
When you set ``TemporaryPasswordValidityDays`` for a user pool, you can no longer set a value for the legacy ``UnusedAccountValidityDays`` parameter in that user pool.
PoliciesProperty¶
-
class
CfnUserPool.PoliciesProperty(*, password_policy=None)¶ Bases:
objectThe policy associated with a user pool.
- Parameters
password_policy (
Union[IResolvable,PasswordPolicyProperty,Dict[str,Any],None]) – The password policy.- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito policies_property = cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) )
Attributes
-
password_policy¶ The password policy.
RecoveryOptionProperty¶
-
class
CfnUserPool.RecoveryOptionProperty(*, name=None, priority=None)¶ Bases:
objectA map containing a priority as a key, and recovery method name as a value.
- Parameters
name (
Optional[str]) – Specifies the recovery method for a user.priority (
Union[int,float,None]) – A positive integer specifying priority of a method with 1 being the highest priority.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito recovery_option_property = cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )
Attributes
-
name¶ Specifies the recovery method for a user.
-
priority¶ A positive integer specifying priority of a method with 1 being the highest priority.
- Link
- Return type
Union[int,float,None]
SchemaAttributeProperty¶
-
class
CfnUserPool.SchemaAttributeProperty(*, attribute_data_type=None, developer_only_attribute=None, mutable=None, name=None, number_attribute_constraints=None, required=None, string_attribute_constraints=None)¶ Bases:
objectContains information about the schema attribute.
- Parameters
attribute_data_type (
Optional[str]) – The attribute data type.developer_only_attribute (
Union[bool,IResolvable,None]) –We recommend that you use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute. Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token.mutable (
Union[bool,IResolvable,None]) – Specifies whether the value of the attribute can be changed. For any user pool attribute that is mapped to an IdP attribute, you must set this parameter totrue. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .name (
Optional[str]) – A schema attribute of the name type.number_attribute_constraints (
Union[IResolvable,NumberAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the number type.required (
Union[bool,IResolvable,None]) – Specifies whether a user pool attribute is required. If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.string_attribute_constraints (
Union[IResolvable,StringAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the string type.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito schema_attribute_property = cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )
Attributes
-
attribute_data_type¶ The attribute data type.
-
developer_only_attribute¶ We recommend that you use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute.Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token.
- Return type
Union[bool,IResolvable,None]
-
mutable¶ Specifies whether the value of the attribute can be changed.
For any user pool attribute that is mapped to an IdP attribute, you must set this parameter to
true. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .
-
name¶ A schema attribute of the name type.
-
number_attribute_constraints¶ Specifies the constraints for an attribute of the number type.
-
required¶ Specifies whether a user pool attribute is required.
If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.
-
string_attribute_constraints¶ Specifies the constraints for an attribute of the string type.
SmsConfigurationProperty¶
-
class
CfnUserPool.SmsConfigurationProperty(*, external_id=None, sns_caller_arn=None, sns_region=None)¶ Bases:
objectThe SMS configuration type that includes the settings the Cognito User Pool needs to call for the Amazon SNS service to send an SMS message from your AWS account .
The Cognito User Pool makes the request to the Amazon SNS Service by using an IAM role that you provide for your AWS account .
- Parameters
external_id (
Optional[str]) – The external ID is a value. We recommend you useExternalIdto add security to your IAM role, which is used to call Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, the Cognito User Pool uses it when attempting to assume your IAM role. You can also set your roles trust policy to require theExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito creates a role with the required permissions and a trust policy that usesExternalId.sns_caller_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .sns_region (
Optional[str]) – The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region . Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito sms_configuration_property = cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" )
Attributes
-
external_id¶ The external ID is a value.
We recommend you use
ExternalIdto add security to your IAM role, which is used to call Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, the Cognito User Pool uses it when attempting to assume your IAM role. You can also set your roles trust policy to require theExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito creates a role with the required permissions and a trust policy that usesExternalId.
-
sns_caller_arn¶ The Amazon Resource Name (ARN) of the Amazon SNS caller.
This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .
-
sns_region¶ The AWS Region to use with Amazon SNS integration.
You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region .
Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
StringAttributeConstraintsProperty¶
-
class
CfnUserPool.StringAttributeConstraintsProperty(*, max_length=None, min_length=None)¶ Bases:
objectThe
StringAttributeConstraintsproperty type defines the string attribute constraints of an Amazon Cognito user pool.StringAttributeConstraintsis a subproperty of the SchemaAttribute property type.- Parameters
max_length (
Optional[str]) – The maximum length.min_length (
Optional[str]) – The minimum length.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito string_attribute_constraints_property = cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" )
Attributes
-
max_length¶ The maximum length.
-
min_length¶ The minimum length.
UserAttributeUpdateSettingsProperty¶
-
class
CfnUserPool.UserAttributeUpdateSettingsProperty(*, attributes_require_verification_before_update)¶ Bases:
objectThe settings for updates to user attributes.
These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to to email addresses and phone numbers .- Parameters
attributes_require_verification_before_update (
Sequence[str]) – Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the UpdateUserAttributes or AdminUpdateUserAttributes API and setemail_verifiedorphone_number_verifiedto true. WhenAttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito user_attribute_update_settings_property = cognito.CfnUserPool.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] )
Attributes
-
attributes_require_verification_before_update¶ Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute.
When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the UpdateUserAttributes or AdminUpdateUserAttributes API and set
email_verifiedorphone_number_verifiedto true.When
AttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.
UserPoolAddOnsProperty¶
-
class
CfnUserPool.UserPoolAddOnsProperty(*, advanced_security_mode=None)¶ Bases:
objectThe user pool add-ons type.
- Parameters
advanced_security_mode (
Optional[str]) – The advanced security mode.- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito user_pool_add_ons_property = cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_mode="advancedSecurityMode" )
Attributes
-
advanced_security_mode¶ The advanced security mode.
UsernameConfigurationProperty¶
-
class
CfnUserPool.UsernameConfigurationProperty(*, case_sensitive=None)¶ Bases:
objectThe
UsernameConfigurationproperty type specifies case sensitivity on the username input for the selected sign-in option.- Parameters
case_sensitive (
Union[bool,IResolvable,None]) – Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. Valid values include: - True - Enables case sensitivity for all username input. When this option is set toTrue, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - False - Enables case insensitivity for all username input. For example, when this option is set toFalse, users can sign in using either “username” or “Username”. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito username_configuration_property = cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False )
Attributes
-
case_sensitive¶ Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
Valid values include:
True - Enables case sensitivity for all username input. When this option is set to
True, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.False - Enables case insensitivity for all username input. For example, when this option is set to
False, users can sign in using either “username” or “Username”. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.
VerificationMessageTemplateProperty¶
-
class
CfnUserPool.VerificationMessageTemplateProperty(*, default_email_option=None, email_message=None, email_message_by_link=None, email_subject=None, email_subject_by_link=None, sms_message=None)¶ Bases:
objectThe template for verification messages.
- Parameters
default_email_option (
Optional[str]) – The default email option.email_message (
Optional[str]) –The template for email messages that Amazon Cognito sends to your users. You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_message_by_link (
Optional[str]) –The email message template for sending a confirmation link to the user. You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject (
Optional[str]) –The subject line for the email message template. You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject_by_link (
Optional[str]) –The subject line for the email message template for sending a confirmation link to the user. You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.sms_message (
Optional[str]) – The template for SMS messages that Amazon Cognito sends to your users.
- Link
- ExampleMetadata
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_cognito as cognito verification_message_template_property = cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" )
Attributes
-
default_email_option¶ The default email option.
-
email_message¶ The template for email messages that Amazon Cognito sends to your users.
You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
-
email_message_by_link¶ The email message template for sending a confirmation link to the user.
You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
-
email_subject¶ The subject line for the email message template.
You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
-
email_subject_by_link¶ The subject line for the email message template for sending a confirmation link to the user.
You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
-
sms_message¶ The template for SMS messages that Amazon Cognito sends to your users.