Package software.amazon.awscdk.services.cognito

Interface UserPoolProps

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
UserPoolProps.Jsii$Proxy
@Generated(value="jsii-pacmak/1.104.0 (build e79254c)", date="2024-11-06T23:25:06.445Z") @Stability(Stable) public interface UserPoolProps extends software.amazon.jsii.JsiiSerializable
Props for the UserPool construct.

Example: 

 UserPool.Builder.create(this, "myuserpool")
         // ...
         .selfSignUpEnabled(true)
         .userVerification(UserVerificationConfig.builder()
                 .emailSubject("Verify your email for our awesome app!")
                 .emailBody("Thanks for signing up to our awesome app! Your verification code is {####}")
                 .emailStyle(VerificationEmailStyle.CODE)
                 .smsMessage("Thanks for signing up to our awesome app! Your verification code is {####}")
                 .build())
         .build();

  • Method Details

    • getAccountRecovery

      @Stability(Stable) @Nullable default AccountRecovery getAccountRecovery()
      How will a user be able to recover their account?

      Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

    • getAdvancedSecurityMode

      @Stability(Stable) @Nullable default AdvancedSecurityMode getAdvancedSecurityMode()
      The user pool's Advanced Security Mode.

      Default: - no value

    • getAutoVerify

      @Stability(Stable) @Nullable default AutoVerifiedAttrs getAutoVerify()
      Attributes which Cognito will look to verify automatically upon user sign up.

      EMAIL and PHONE are the only available options.

      Default: - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default. If absent, no attributes will be auto-verified.

    • getCustomAttributes

      @Stability(Stable) @Nullable default Map<String,ICustomAttribute> getCustomAttributes()
      Define a set of custom attributes that can be configured for each user in the user pool.

      Default: - No custom attributes.

    • getCustomSenderKmsKey

      @Stability(Stable) @Nullable default IKey getCustomSenderKmsKey()
      This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

      Default: - no key ID configured

      See Also:

    • getDeletionProtection

      @Stability(Stable) @Nullable default Boolean getDeletionProtection()
      Indicates whether the user pool should have deletion protection enabled.

      Default: false

    • getDeviceTracking

      @Stability(Stable) @Nullable default DeviceTracking getDeviceTracking()
      Device tracking settings.

      Default: - see defaults on each property of DeviceTracking.

    • getEmail

      @Stability(Stable) @Nullable default UserPoolEmail getEmail()
      Email settings for a user pool.

      Default: - cognito will use the default email configuration

    • getEnableSmsRole

      @Stability(Stable) @Nullable default Boolean getEnableSmsRole()
      Setting this would explicitly enable or disable SMS role creation.

      When left unspecified, CDK will determine based on other properties if a role is needed or not.

      Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

    • getKeepOriginal

      @Stability(Stable) @Nullable default KeepOriginalAttrs getKeepOriginal()
      Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

      EMAIL and PHONE are the only available options.

      Default: - Nothing is kept.

    • getLambdaTriggers

      @Stability(Stable) @Nullable default UserPoolTriggers getLambdaTriggers()
      Lambda functions to use for supported Cognito triggers.

      Default: - No Lambda triggers.

      See Also:

    • getMfa

      @Stability(Stable) @Nullable default Mfa getMfa()
      Configure whether users of this user pool can or are required use MFA to sign in.

      Default: Mfa.OFF

    • getMfaMessage

      @Stability(Stable) @Nullable default String getMfaMessage()
      The SMS message template sent during MFA verification.

      Use '{####}' in the template where Cognito should insert the verification code.

      Default: 'Your authentication code is {####}.'

    • getMfaSecondFactor

      @Stability(Stable) @Nullable default MfaSecondFactor getMfaSecondFactor()
      Configure the MFA types that users can use in this user pool.

      Ignored if mfa is set to OFF.

      Default: - { sms: true, otp: false, email: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`. { sms: false, otp: false, email:false }, otherwise

    • getPasswordPolicy

      @Stability(Stable) @Nullable default PasswordPolicy getPasswordPolicy()
      Password policy for this user pool.

      Default: - see defaults on each property of PasswordPolicy.

    • getRemovalPolicy

      @Stability(Stable) @Nullable default RemovalPolicy getRemovalPolicy()
      Policy to apply when the user pool is removed from the stack.

      Default: RemovalPolicy.RETAIN

    • getSelfSignUpEnabled

      @Stability(Stable) @Nullable default Boolean getSelfSignUpEnabled()
      Whether self sign-up should be enabled.

      To configure self sign-up configuration use the userVerification property.

      Default: - false

    • getSignInAliases

      @Stability(Stable) @Nullable default SignInAliases getSignInAliases()
      Methods in which a user registers or signs in to a user pool.

      Allows either username with aliases OR sign in with email, phone, or both.

      Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

      Default: { username: true }

    • getSignInCaseSensitive

      @Stability(Stable) @Nullable default Boolean getSignInCaseSensitive()
      Whether sign-in aliases should be evaluated with case sensitivity.

      For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

      Default: true

    • getSmsRole

      @Stability(Stable) @Nullable default IRole getSmsRole()
      The IAM role that Cognito will assume while sending SMS messages.

      Default: - a new IAM role is created.

    • getSmsRoleExternalId

      @Stability(Stable) @Nullable default String getSmsRoleExternalId()
      The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

      Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

      This property will be ignored if smsRole is not specified.

      Default: - No external id will be configured.

    • getSnsRegion

      @Stability(Stable) @Nullable default String getSnsRegion()
      The region to integrate with SNS to send SMS messages.

      This property will do nothing if SMS configuration is not configured.

      Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time

    • getStandardAttributes

      @Stability(Stable) @Nullable default StandardAttributes getStandardAttributes()
      The set of attributes that are required for every user in the user pool.

      Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      Default: - All standard attributes are optional and mutable.

    • getUserInvitation

      @Stability(Stable) @Nullable default UserInvitationConfig getUserInvitation()
      Configuration around admins signing up users into a user pool.

      Default: - see defaults in UserInvitationConfig.

    • getUserPoolName

      @Stability(Stable) @Nullable default String getUserPoolName()
      Name of the user pool.

      Default: - automatically generated name by CloudFormation at deploy time.

    • getUserVerification

      @Stability(Stable) @Nullable default UserVerificationConfig getUserVerification()
      Configuration around users signing themselves up to the user pool.

      Enable or disable self sign-up via the selfSignUpEnabled property.

      Default: - see defaults in UserVerificationConfig.

    • builder

      @Stability(Stable) static UserPoolProps.Builder builder()
      Returns:
      a UserPoolProps.Builder of UserPoolProps