Package software.amazon.awscdk.services.cognito

Class UserPool.Builder

java.lang.Object
software.amazon.awscdk.services.cognito.UserPool.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<UserPool>
Enclosing class:
UserPool
@Stability(Stable) public static final class UserPool.Builder extends Object implements software.amazon.jsii.Builder<UserPool>
A fluent builder for UserPool.

  • Method Details

    • create

      @Stability(Stable) public static UserPool.Builder create(software.constructs.Construct scope, String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      Returns:
      a new instance of UserPool.Builder.

    • accountRecovery

      @Stability(Stable) public UserPool.Builder accountRecovery(AccountRecovery accountRecovery)
      How will a user be able to recover their account?

      Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

      Parameters:
      accountRecovery - How will a user be able to recover their account?. This parameter is required.
      Returns:
      this

    • advancedSecurityMode

      @Stability(Stable) public UserPool.Builder advancedSecurityMode(AdvancedSecurityMode advancedSecurityMode)
      The user pool's Advanced Security Mode.

      Default: - no value

      Parameters:
      advancedSecurityMode - The user pool's Advanced Security Mode. This parameter is required.
      Returns:
      this

    • autoVerify

      @Stability(Stable) public UserPool.Builder autoVerify(AutoVerifiedAttrs autoVerify)
      Attributes which Cognito will look to verify automatically upon user sign up.

      EMAIL and PHONE are the only available options.

      Default: - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default. If absent, no attributes will be auto-verified.

      Parameters:
      autoVerify - Attributes which Cognito will look to verify automatically upon user sign up. This parameter is required.
      Returns:
      this

    • customAttributes

      @Stability(Stable) public UserPool.Builder customAttributes(Map<String,? extends ICustomAttribute> customAttributes)
      Define a set of custom attributes that can be configured for each user in the user pool.

      Default: - No custom attributes.

      Parameters:
      customAttributes - Define a set of custom attributes that can be configured for each user in the user pool. This parameter is required.
      Returns:
      this

    • customSenderKmsKey

      @Stability(Stable) public UserPool.Builder customSenderKmsKey(IKey customSenderKmsKey)
      This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

      Default: - no key ID configured

      Parameters:
      customSenderKmsKey - This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. This parameter is required.
      Returns:
      this
      See Also:

    • deletionProtection

      @Stability(Stable) public UserPool.Builder deletionProtection(Boolean deletionProtection)
      Indicates whether the user pool should have deletion protection enabled.

      Default: false

      Parameters:
      deletionProtection - Indicates whether the user pool should have deletion protection enabled. This parameter is required.
      Returns:
      this

    • deviceTracking

      @Stability(Stable) public UserPool.Builder deviceTracking(DeviceTracking deviceTracking)
      Device tracking settings.

      Default: - see defaults on each property of DeviceTracking.

      Parameters:
      deviceTracking - Device tracking settings. This parameter is required.
      Returns:
      this

    • email

      @Stability(Stable) public UserPool.Builder email(UserPoolEmail email)
      Email settings for a user pool.

      Default: - cognito will use the default email configuration

      Parameters:
      email - Email settings for a user pool. This parameter is required.
      Returns:
      this

    • enableSmsRole

      @Stability(Stable) public UserPool.Builder enableSmsRole(Boolean enableSmsRole)
      Setting this would explicitly enable or disable SMS role creation.

      When left unspecified, CDK will determine based on other properties if a role is needed or not.

      Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

      Parameters:
      enableSmsRole - Setting this would explicitly enable or disable SMS role creation. This parameter is required.
      Returns:
      this

    • keepOriginal

      @Stability(Stable) public UserPool.Builder keepOriginal(KeepOriginalAttrs keepOriginal)
      Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

      EMAIL and PHONE are the only available options.

      Default: - Nothing is kept.

      Parameters:
      keepOriginal - Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes. This parameter is required.
      Returns:
      this

    • lambdaTriggers

      @Stability(Stable) public UserPool.Builder lambdaTriggers(UserPoolTriggers lambdaTriggers)
      Lambda functions to use for supported Cognito triggers.

      Default: - No Lambda triggers.

      Parameters:
      lambdaTriggers - Lambda functions to use for supported Cognito triggers. This parameter is required.
      Returns:
      this
      See Also:

    • mfa

      @Stability(Stable) public UserPool.Builder mfa(Mfa mfa)
      Configure whether users of this user pool can or are required use MFA to sign in.

      Default: Mfa.OFF

      Parameters:
      mfa - Configure whether users of this user pool can or are required use MFA to sign in. This parameter is required.
      Returns:
      this

    • mfaMessage

      @Stability(Stable) public UserPool.Builder mfaMessage(String mfaMessage)
      The SMS message template sent during MFA verification.

      Use '{####}' in the template where Cognito should insert the verification code.

      Default: 'Your authentication code is {####}.'

      Parameters:
      mfaMessage - The SMS message template sent during MFA verification. This parameter is required.
      Returns:
      this

    • mfaSecondFactor

      @Stability(Stable) public UserPool.Builder mfaSecondFactor(MfaSecondFactor mfaSecondFactor)
      Configure the MFA types that users can use in this user pool.

      Ignored if mfa is set to OFF.

      Default: - { sms: true, otp: false, email: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`. { sms: false, otp: false, email:false }, otherwise

      Parameters:
      mfaSecondFactor - Configure the MFA types that users can use in this user pool. This parameter is required.
      Returns:
      this

    • passwordPolicy

      @Stability(Stable) public UserPool.Builder passwordPolicy(PasswordPolicy passwordPolicy)
      Password policy for this user pool.

      Default: - see defaults on each property of PasswordPolicy.

      Parameters:
      passwordPolicy - Password policy for this user pool. This parameter is required.
      Returns:
      this

    • removalPolicy

      @Stability(Stable) public UserPool.Builder removalPolicy(RemovalPolicy removalPolicy)
      Policy to apply when the user pool is removed from the stack.

      Default: RemovalPolicy.RETAIN

      Parameters:
      removalPolicy - Policy to apply when the user pool is removed from the stack. This parameter is required.
      Returns:
      this

    • selfSignUpEnabled

      @Stability(Stable) public UserPool.Builder selfSignUpEnabled(Boolean selfSignUpEnabled)
      Whether self sign-up should be enabled.

      To configure self sign-up configuration use the userVerification property.

      Default: - false

      Parameters:
      selfSignUpEnabled - Whether self sign-up should be enabled. This parameter is required.
      Returns:
      this

    • signInAliases

      @Stability(Stable) public UserPool.Builder signInAliases(SignInAliases signInAliases)
      Methods in which a user registers or signs in to a user pool.

      Allows either username with aliases OR sign in with email, phone, or both.

      Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

      Default: { username: true }

      Parameters:
      signInAliases - Methods in which a user registers or signs in to a user pool. This parameter is required.
      Returns:
      this

    • signInCaseSensitive

      @Stability(Stable) public UserPool.Builder signInCaseSensitive(Boolean signInCaseSensitive)
      Whether sign-in aliases should be evaluated with case sensitivity.

      For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

      Default: true

      Parameters:
      signInCaseSensitive - Whether sign-in aliases should be evaluated with case sensitivity. This parameter is required.
      Returns:
      this

    • smsRole

      @Stability(Stable) public UserPool.Builder smsRole(IRole smsRole)
      The IAM role that Cognito will assume while sending SMS messages.

      Default: - a new IAM role is created.

      Parameters:
      smsRole - The IAM role that Cognito will assume while sending SMS messages. This parameter is required.
      Returns:
      this

    • smsRoleExternalId

      @Stability(Stable) public UserPool.Builder smsRoleExternalId(String smsRoleExternalId)
      The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

      Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

      This property will be ignored if smsRole is not specified.

      Default: - No external id will be configured.

      Parameters:
      smsRoleExternalId - The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional. This parameter is required.
      Returns:
      this

    • snsRegion

      @Stability(Stable) public UserPool.Builder snsRegion(String snsRegion)
      The region to integrate with SNS to send SMS messages.

      This property will do nothing if SMS configuration is not configured.

      Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time

      Parameters:
      snsRegion - The region to integrate with SNS to send SMS messages. This parameter is required.
      Returns:
      this

    • standardAttributes

      @Stability(Stable) public UserPool.Builder standardAttributes(StandardAttributes standardAttributes)
      The set of attributes that are required for every user in the user pool.

      Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      Default: - All standard attributes are optional and mutable.

      Parameters:
      standardAttributes - The set of attributes that are required for every user in the user pool. This parameter is required.
      Returns:
      this

    • userInvitation

      @Stability(Stable) public UserPool.Builder userInvitation(UserInvitationConfig userInvitation)
      Configuration around admins signing up users into a user pool.

      Default: - see defaults in UserInvitationConfig.

      Parameters:
      userInvitation - Configuration around admins signing up users into a user pool. This parameter is required.
      Returns:
      this

    • userPoolName

      @Stability(Stable) public UserPool.Builder userPoolName(String userPoolName)
      Name of the user pool.

      Default: - automatically generated name by CloudFormation at deploy time.

      Parameters:
      userPoolName - Name of the user pool. This parameter is required.
      Returns:
      this

    • userVerification

      @Stability(Stable) public UserPool.Builder userVerification(UserVerificationConfig userVerification)
      Configuration around users signing themselves up to the user pool.

      Enable or disable self sign-up via the selfSignUpEnabled property.

      Default: - see defaults in UserVerificationConfig.

      Parameters:
      userVerification - Configuration around users signing themselves up to the user pool. This parameter is required.
      Returns:
      this

    • build

      @Stability(Stable) public UserPool build()
      Specified by:
      build in interface software.amazon.jsii.Builder<UserPool>
      Returns:
      a newly built instance of UserPool.