UserPoolProps
- class aws_cdk.aws_cognito.UserPoolProps(*, account_recovery=None, auto_verify=None, custom_attributes=None, custom_sender_kms_key=None, device_tracking=None, email=None, email_settings=None, enable_sms_role=None, lambda_triggers=None, mfa=None, mfa_message=None, mfa_second_factor=None, password_policy=None, removal_policy=None, self_sign_up_enabled=None, sign_in_aliases=None, sign_in_case_sensitive=None, sms_role=None, sms_role_external_id=None, sns_region=None, standard_attributes=None, user_invitation=None, user_pool_name=None, user_verification=None)
Bases:
object
Props for the UserPool construct.
- Parameters:
account_recovery (
Optional
[AccountRecovery
]) – How will a user be able to recover their account? Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAILauto_verify (
Union
[AutoVerifiedAttrs
,Dict
[str
,Any
],None
]) – Attributes which Cognito will look to verify automatically upon user sign up. EMAIL and PHONE are the only available options. Default: - IfsignInAlias
includes email and/or phone, they will be included inautoVerifiedAttributes
by default. If absent, no attributes will be auto-verified.custom_attributes (
Optional
[Mapping
[str
,ICustomAttribute
]]) – Define a set of custom attributes that can be configured for each user in the user pool. Default: - No custom attributes.custom_sender_kms_key (
Optional
[IKey
]) – This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. Default: - no key ID configureddevice_tracking (
Union
[DeviceTracking
,Dict
[str
,Any
],None
]) – Device tracking settings. Default: - see defaults on each property of DeviceTracking.email (
Optional
[UserPoolEmail
]) – Email settings for a user pool. Default: - cognito will use the default email configurationemail_settings (
Union
[EmailSettings
,Dict
[str
,Any
],None
]) – (deprecated) Email settings for a user pool. Default: - see defaults on each property of EmailSettings.enable_sms_role (
Optional
[bool
]) – Setting this would explicitly enable or disable SMS role creation. When left unspecified, CDK will determine based on other properties if a role is needed or not. Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.lambda_triggers (
Union
[UserPoolTriggers
,Dict
[str
,Any
],None
]) – Lambda functions to use for supported Cognito triggers. Default: - No Lambda triggers.mfa (
Optional
[Mfa
]) – Configure whether users of this user pool can or are required use MFA to sign in. Default: Mfa.OFFmfa_message (
Optional
[str
]) – The SMS message template sent during MFA verification. Use ‘{####}’ in the template where Cognito should insert the verification code. Default: ‘Your authentication code is {####}.’mfa_second_factor (
Union
[MfaSecondFactor
,Dict
[str
,Any
],None
]) – Configure the MFA types that users can use in this user pool. Ignored ifmfa
is set toOFF
. Default: - { sms: true, otp: false }, ifmfa
is set toOPTIONAL
orREQUIRED
. { sms: false, otp: false }, otherwisepassword_policy (
Union
[PasswordPolicy
,Dict
[str
,Any
],None
]) – Password policy for this user pool. Default: - see defaults on each property of PasswordPolicy.removal_policy (
Optional
[RemovalPolicy
]) – Policy to apply when the user pool is removed from the stack. Default: RemovalPolicy.RETAINself_sign_up_enabled (
Optional
[bool
]) – Whether self sign up should be enabled. This can be further configured via theselfSignUp
property. Default: falsesign_in_aliases (
Union
[SignInAliases
,Dict
[str
,Any
],None
]) – Methods in which a user registers or signs in to a user pool. Allows either username with aliases OR sign in with email, phone, or both. Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html To match with ‘Option 1’ in the above link, with a verified email, this property should be set to{ username: true, email: true }
. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to{ email: true, phone: true }
. Default: { username: true }sign_in_case_sensitive (
Optional
[bool
]) – Whether sign-in aliases should be evaluated with case sensitivity. For example, when this option is set to false, users will be able to sign in using eitherMyUsername
ormyusername
. Default: truesms_role (
Optional
[IRole
]) – The IAM role that Cognito will assume while sending SMS messages. Default: - a new IAM role is createdsms_role_external_id (
Optional
[str
]) – The ‘ExternalId’ that Cognito service must using when assuming thesmsRole
, if the role is restricted with an ‘sts:ExternalId’ conditional. Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html This property will be ignored ifsmsRole
is not specified. Default: - No external id will be configuredsns_region (
Optional
[str
]) – The region to integrate with SNS to send SMS messages. This property will do nothing if SMS configuration is not configured Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-timestandard_attributes (
Union
[StandardAttributes
,Dict
[str
,Any
],None
]) – The set of attributes that are required for every user in the user pool. Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html Default: - All standard attributes are optional and mutable.user_invitation (
Union
[UserInvitationConfig
,Dict
[str
,Any
],None
]) – Configuration around admins signing up users into a user pool. Default: - see defaults in UserInvitationConfiguser_pool_name (
Optional
[str
]) – Name of the user pool. Default: - automatically generated name by CloudFormation at deploy timeuser_verification (
Union
[UserVerificationConfig
,Dict
[str
,Any
],None
]) – Configuration around users signing themselves up to the user pool. Enable or disable self sign-up via theselfSignUpEnabled
property. Default: - see defaults in UserVerificationConfig
- ExampleMetadata:
infused
Example:
cognito.UserPool(self, "myuserpool", # ... self_sign_up_enabled=True, user_verification=cognito.UserVerificationConfig( email_subject="Verify your email for our awesome app!", email_body="Thanks for signing up to our awesome app! Your verification code is {####}", email_style=cognito.VerificationEmailStyle.CODE, sms_message="Thanks for signing up to our awesome app! Your verification code is {####}" ) )
Attributes
- account_recovery
How will a user be able to recover their account?
- Default:
AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL
- auto_verify
Attributes which Cognito will look to verify automatically upon user sign up.
EMAIL and PHONE are the only available options.
- Default:
If
signInAlias
includes email and/or phone, they will be included inautoVerifiedAttributes
by default.
If absent, no attributes will be auto-verified.
- custom_attributes
Define a set of custom attributes that can be configured for each user in the user pool.
- Default:
No custom attributes.
- custom_sender_kms_key
This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
- Default:
no key ID configured
- See:
- device_tracking
Device tracking settings.
- Default:
see defaults on each property of DeviceTracking.
- email
Email settings for a user pool.
- Default:
cognito will use the default email configuration
- email_settings
(deprecated) Email settings for a user pool.
- Default:
see defaults on each property of EmailSettings.
- Deprecated:
Use ‘email’ instead.
- Stability:
deprecated
- enable_sms_role
Setting this would explicitly enable or disable SMS role creation.
When left unspecified, CDK will determine based on other properties if a role is needed or not.
- Default:
CDK will determine based on other properties of the user pool if an SMS role should be created or not.
- lambda_triggers
Lambda functions to use for supported Cognito triggers.
- Default:
No Lambda triggers.
- See:
- mfa
Configure whether users of this user pool can or are required use MFA to sign in.
- Default:
Mfa.OFF
- mfa_message
The SMS message template sent during MFA verification.
Use ‘{####}’ in the template where Cognito should insert the verification code.
- Default:
‘Your authentication code is {####}.’
- mfa_second_factor
Configure the MFA types that users can use in this user pool.
Ignored if
mfa
is set toOFF
.- Default:
{ sms: true, otp: false }, if
mfa
is set toOPTIONAL
orREQUIRED
.
{ sms: false, otp: false }, otherwise
- password_policy
Password policy for this user pool.
- Default:
see defaults on each property of PasswordPolicy.
- removal_policy
Policy to apply when the user pool is removed from the stack.
- Default:
RemovalPolicy.RETAIN
- self_sign_up_enabled
Whether self sign up should be enabled.
This can be further configured via the
selfSignUp
property.- Default:
false
- sign_in_aliases
Methods in which a user registers or signs in to a user pool.
Allows either username with aliases OR sign in with email, phone, or both.
Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
To match with ‘Option 1’ in the above link, with a verified email, this property should be set to
{ username: true, email: true }
. To match with ‘Option 2’ in the above link with both a verified email and phone number, this property should be set to{ email: true, phone: true }
.- Default:
{ username: true }
- sign_in_case_sensitive
Whether sign-in aliases should be evaluated with case sensitivity.
For example, when this option is set to false, users will be able to sign in using either
MyUsername
ormyusername
.- Default:
true
- sms_role
The IAM role that Cognito will assume while sending SMS messages.
- Default:
a new IAM role is created
- sms_role_external_id
ExternalId’ conditional.
Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
This property will be ignored if
smsRole
is not specified.- Default:
No external id will be configured
- Type:
The ‘ExternalId’ that Cognito service must using when assuming the
smsRole
, if the role is restricted with an ‘sts
- sns_region
The region to integrate with SNS to send SMS messages.
This property will do nothing if SMS configuration is not configured
- Default:
The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
- standard_attributes
The set of attributes that are required for every user in the user pool.
Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
- Default:
All standard attributes are optional and mutable.
- user_invitation
Configuration around admins signing up users into a user pool.
- Default:
see defaults in UserInvitationConfig
- user_pool_name
Name of the user pool.
- Default:
automatically generated name by CloudFormation at deploy time
- user_verification
Configuration around users signing themselves up to the user pool.
Enable or disable self sign-up via the
selfSignUpEnabled
property.- Default:
see defaults in UserVerificationConfig