CfnUserPool
- class aws_cdk.aws_cognito.CfnUserPool(scope, id, *, account_recovery_setting=None, admin_create_user_config=None, alias_attributes=None, auto_verified_attributes=None, deletion_protection=None, device_configuration=None, email_authentication_message=None, email_authentication_subject=None, email_configuration=None, email_verification_message=None, email_verification_subject=None, enabled_mfas=None, lambda_config=None, mfa_configuration=None, policies=None, schema=None, sms_authentication_message=None, sms_configuration=None, sms_verification_message=None, user_attribute_update_settings=None, username_attributes=None, username_configuration=None, user_pool_add_ons=None, user_pool_name=None, user_pool_tags=None, verification_message_template=None)
Bases:
CfnResourceThe
AWS::Cognito::UserPoolresource creates an Amazon Cognito user pool.For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool . .. epigraph:
If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
- CloudformationResource:
AWS::Cognito::UserPool
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito # user_pool_tags: Any cfn_user_pool = cognito.CfnUserPool(self, "MyCfnUserPool", account_recovery_setting=cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] ), admin_create_user_config=cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 ), alias_attributes=["aliasAttributes"], auto_verified_attributes=["autoVerifiedAttributes"], deletion_protection="deletionProtection", device_configuration=cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False ), email_authentication_message="emailAuthenticationMessage", email_authentication_subject="emailAuthenticationSubject", email_configuration=cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" ), email_verification_message="emailVerificationMessage", email_verification_subject="emailVerificationSubject", enabled_mfas=["enabledMfas"], lambda_config=cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", pre_token_generation_config=cognito.CfnUserPool.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" ), mfa_configuration="mfaConfiguration", policies=cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) ), schema=[cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )], sms_authentication_message="smsAuthenticationMessage", sms_configuration=cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" ), sms_verification_message="smsVerificationMessage", user_attribute_update_settings=cognito.CfnUserPool.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] ), username_attributes=["usernameAttributes"], username_configuration=cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False ), user_pool_add_ons=cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_additional_flows=cognito.CfnUserPool.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" ), advanced_security_mode="advancedSecurityMode" ), user_pool_name="userPoolName", user_pool_tags=user_pool_tags, verification_message_template=cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" ) )
- Parameters:
scope (
Construct) – Scope in which this resource is defined.id (
str) – Construct identifier for this resource (unique in its scope).account_recovery_setting (
Union[IResolvable,AccountRecoverySettingProperty,Dict[str,Any],None]) – The available verified method a user can use to recover their password when they callForgotPassword. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.admin_create_user_config (
Union[IResolvable,AdminCreateUserConfigProperty,Dict[str,Any],None]) –The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
alias_attributes (
Optional[Sequence[str]]) – Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username .auto_verified_attributes (
Optional[Sequence[str]]) – The attributes to be auto-verified. Possible values: email , phone_number .deletion_protection (
Optional[str]) – When active,DeletionProtectionprevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. When you try to delete a protected user pool in aDeleteUserPoolAPI request, Amazon Cognito returns anInvalidParameterExceptionerror. To delete a protected user pool, send a newDeleteUserPoolrequest after you deactivate deletion protection in anUpdateUserPoolAPI request.device_configuration (
Union[IResolvable,DeviceConfigurationProperty,Dict[str,Any],None]) – The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool. .. epigraph:: When you provide a value for anyDeviceConfigurationfield, you activate the Amazon Cognito device-remembering feature.email_authentication_message (
Optional[str]) –email_authentication_subject (
Optional[str]) –email_configuration (
Union[IResolvable,EmailConfigurationProperty,Dict[str,Any],None]) – The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.email_verification_message (
Optional[str]) – This parameter is no longer used. See VerificationMessageTemplateType .email_verification_subject (
Optional[str]) –This parameter is no longer used. See VerificationMessageTemplateType .
enabled_mfas (
Optional[Sequence[str]]) – Set enabled MFA options on a specified user pool. To disable all MFAs after it has been enabled, setMfaConfigurationtoOFFand remove EnabledMfas. MFAs can only be all disabled ifMfaConfigurationisOFF. After you enableSMS_MFA, you can only disable it by settingMfaConfigurationtoOFF. Can be one of the following values: -SMS_MFA- Enables MFA with SMS for the user pool. To select this option, you must also provide values forSmsConfiguration. -SOFTWARE_TOKEN_MFA- Enables software token MFA for the user pool. -EMAIL_OTP- Enables MFA with email for the user pool. To select this option, you must provide values forEmailConfigurationand within those, setEmailSendingAccounttoDEVELOPER. Allowed values:SMS_MFA|SOFTWARE_TOKEN_MFA|EMAIL_OTPlambda_config (
Union[IResolvable,LambdaConfigProperty,Dict[str,Any],None]) – A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them.mfa_configuration (
Optional[str]) – The multi-factor authentication (MFA) configuration. Valid values include:. -OFFMFA won’t be used for any users. -ONMFA is required for all users to sign in. -OPTIONALMFA will be required only for individual users who have an MFA factor activated.policies (
Union[IResolvable,PoliciesProperty,Dict[str,Any],None]) –A list of user pool policies. Contains the policy that sets password-complexity requirements. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
schema (
Union[IResolvable,Sequence[Union[IResolvable,SchemaAttributeProperty,Dict[str,Any]]],None]) – An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.sms_authentication_message (
Optional[str]) – The contents of the SMS authentication message.sms_configuration (
Union[IResolvable,SmsConfigurationProperty,Dict[str,Any],None]) – The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .sms_verification_message (
Optional[str]) –This parameter is no longer used. See VerificationMessageTemplateType .
user_attribute_update_settings (
Union[IResolvable,UserAttributeUpdateSettingsProperty,Dict[str,Any],None]) – The settings for updates to user attributes. These settings include the propertyAttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .username_attributes (
Optional[Sequence[str]]) – Specifies whether a user can use an email address or phone number as a username when they sign up.username_configuration (
Union[IResolvable,UsernameConfigurationProperty,Dict[str,Any],None]) – Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set toFalse(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username,USERNAME, orUserName, or for email,email@example.comorEMaiL@eXamplE.Com. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user. This configuration is immutable after you set it. For more information, see UsernameConfigurationType .user_pool_add_ons (
Union[IResolvable,UserPoolAddOnsProperty,Dict[str,Any],None]) – User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set toAUDIT. To configure automatic security responses to risky traffic to your user pool, set toENFORCED. For more information, see Adding advanced security to a user pool .user_pool_name (
Optional[str]) – A string used to name the user pool.user_pool_tags (
Any) – The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.verification_message_template (
Union[IResolvable,VerificationMessageTemplateProperty,Dict[str,Any],None]) – The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. Set the email message type that corresponds to yourDefaultEmailOptionselection. ForCONFIRM_WITH_LINK, specify anEmailMessageByLinkand leaveEmailMessageblank. ForCONFIRM_WITH_CODE, specify anEmailMessageand leaveEmailMessageByLinkblank. When you supply both parameters with either choice, Amazon Cognito returns an error.
Methods
- add_deletion_override(path)
Syntactic sugar for
addOverride(path, undefined).- Parameters:
path (
str) – The path of the value to delete.- Return type:
None
- add_dependency(target)
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
- Parameters:
target (
CfnResource) –- Return type:
None
- add_depends_on(target)
(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
- Parameters:
target (
CfnResource) –- Deprecated:
use addDependency
- Stability:
deprecated
- Return type:
None
- add_metadata(key, value)
Add a value to the CloudFormation Resource Metadata.
- Parameters:
key (
str) –value (
Any) –
- See:
- Return type:
None
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- add_override(path, value)
Adds an override to the synthesized CloudFormation resource.
To add a property override, either use
addPropertyOverrideor prefixpathwith “Properties.” (i.e.Properties.TopicName).If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal
.in the property name, prefix with a\. In most programming languages you will need to write this as"\\."because the\itself will need to be escaped.For example:
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides Example:
"Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... }
The
valueargument toaddOverridewill not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.- Parameters:
path (
str) –The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.
value (
Any) –The value. Could be primitive or complex.
- Return type:
None
- add_property_deletion_override(property_path)
Adds an override that deletes the value of a property from the resource definition.
- Parameters:
property_path (
str) – The path to the property.- Return type:
None
- add_property_override(property_path, value)
Adds an override to a resource property.
Syntactic sugar for
addOverride("Properties.<...>", value).- Parameters:
property_path (
str) – The path of the property.value (
Any) – The value.
- Return type:
None
- apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)
Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:- Parameters:
policy (
Optional[RemovalPolicy]) –apply_to_update_replace_policy (
Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: truedefault (
Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.
- See:
- Return type:
None
- get_att(attribute_name, type_hint=None)
Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g.
resource.arn), but this can be used for future compatibility in case there is no generated attribute.- Parameters:
attribute_name (
str) – The name of the attribute.type_hint (
Optional[ResolutionTypeHint]) –
- Return type:
- get_metadata(key)
Retrieve a value value from the CloudFormation Resource Metadata.
- Parameters:
key (
str) –- See:
- Return type:
Any
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- inspect(inspector)
Examines the CloudFormation resource and discloses attributes.
- Parameters:
inspector (
TreeInspector) – tree inspector to collect and process attributes.- Return type:
None
- obtain_dependencies()
Retrieves an array of resources this resource depends on.
This assembles dependencies on resources across stacks (including nested stacks) automatically.
- Return type:
List[Union[Stack,CfnResource]]
- obtain_resource_dependencies()
Get a shallow copy of dependencies between this resource and other resources in the same stack.
- Return type:
List[CfnResource]
- override_logical_id(new_logical_id)
Overrides the auto-generated logical ID with a specific ID.
- Parameters:
new_logical_id (
str) – The new logical ID to use for this stack element.- Return type:
None
- remove_dependency(target)
Indicates that this resource no longer depends on another resource.
This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.
- Parameters:
target (
CfnResource) –- Return type:
None
- replace_dependency(target, new_target)
Replaces one dependency with another.
- Parameters:
target (
CfnResource) – The dependency to replace.new_target (
CfnResource) – The new dependency to add.
- Return type:
None
- to_string()
Returns a string representation of this construct.
- Return type:
str- Returns:
a string representation of this resource
Attributes
- CFN_RESOURCE_TYPE_NAME = 'AWS::Cognito::UserPool'
- account_recovery_setting
The available verified method a user can use to recover their password when they call
ForgotPassword.
- admin_create_user_config
The settings for administrator creation of users in a user pool.
- alias_attributes
Attributes supported as an alias for this user pool.
- attr_arn
The Amazon Resource Name (ARN) of the user pool, such as
arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341.- CloudformationAttribute:
Arn
- attr_provider_name
A friendly name for the IdP.
- CloudformationAttribute:
ProviderName
- attr_provider_url
The URL of the provider of the Amazon Cognito user pool, specified as a
String.- CloudformationAttribute:
ProviderURL
- attr_user_pool_id
The ID of the user pool.
- CloudformationAttribute:
UserPoolId
- auto_verified_attributes
The attributes to be auto-verified.
- cfn_options
Options for this resource, such as condition, update policy etc.
- cfn_resource_type
AWS resource type.
- creation_stack
return:
the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.
- deletion_protection
When active,
DeletionProtectionprevents accidental deletion of your user pool.
- device_configuration
The device-remembering configuration for a user pool.
- email_authentication_message
- email_authentication_subject
- email_configuration
The email configuration of your user pool.
- email_verification_message
This parameter is no longer used.
- email_verification_subject
This parameter is no longer used.
- enabled_mfas
Set enabled MFA options on a specified user pool.
- lambda_config
A collection of user pool Lambda triggers.
- logical_id
The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use
overrideLogicalId(newLogicalId).- Returns:
the logical ID as a stringified token. This value will only get resolved during synthesis.
- mfa_configuration
The multi-factor authentication (MFA) configuration.
Valid values include:.
- node
The tree node.
- policies
A list of user pool policies.
Contains the policy that sets password-complexity requirements.
- ref
Return a string that will be resolved to a CloudFormation
{ Ref }for this element.If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through
Lazy.any({ produce: resource.ref }).
- schema
An array of schema attributes for the new user pool.
- sms_authentication_message
The contents of the SMS authentication message.
- sms_configuration
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
- sms_verification_message
This parameter is no longer used.
- stack
The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
- tags
Tag Manager which manages the tags for this resource.
- user_attribute_update_settings
The settings for updates to user attributes.
- user_pool_add_ons
User pool add-ons.
- user_pool_name
A string used to name the user pool.
- user_pool_tags_raw
The tag keys and values to assign to the user pool.
- username_attributes
Specifies whether a user can use an email address or phone number as a username when they sign up.
- username_configuration
Case sensitivity on the username input for the selected sign-in option.
- verification_message_template
The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
Static Methods
- classmethod is_cfn_element(x)
Returns
trueif a construct is a stack element (i.e. part of the synthesized cloudformation template).Uses duck-typing instead of
instanceofto allow stack elements from different versions of this library to be included in the same stack.- Parameters:
x (
Any) –- Return type:
bool- Returns:
The construct as a stack element or undefined if it is not a stack element.
- classmethod is_cfn_resource(x)
Check whether the given object is a CfnResource.
- Parameters:
x (
Any) –- Return type:
bool
- classmethod is_construct(x)
Checks if
xis a construct.Use this method instead of
instanceofto properly detectConstructinstances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructslibrary on disk are seen as independent, completely different libraries. As a consequence, the classConstructin each copy of theconstructslibrary is seen as a different class, and an instance of one class will not test asinstanceofthe other class.npm installwill not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructslibrary can be accidentally installed, andinstanceofwill behave unpredictably. It is safest to avoid usinginstanceof, and using this type-testing method instead.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsConstruct.
AccountRecoverySettingProperty
- class CfnUserPool.AccountRecoverySettingProperty(*, recovery_mechanisms=None)
Bases:
objectThe available verified method a user can use to recover their password when they call
ForgotPassword.You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
- Parameters:
recovery_mechanisms (
Union[IResolvable,Sequence[Union[IResolvable,RecoveryOptionProperty,Dict[str,Any]]],None]) – The list of options and priorities for user message delivery in forgot-password operations. Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito account_recovery_setting_property = cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] )
Attributes
- recovery_mechanisms
The list of options and priorities for user message delivery in forgot-password operations.
Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators.
AdminCreateUserConfigProperty
- class CfnUserPool.AdminCreateUserConfigProperty(*, allow_admin_create_user_only=None, invite_message_template=None, unused_account_validity_days=None)
Bases:
objectThe settings for administrator creation of users in a user pool.
Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
allow_admin_create_user_only (
Union[bool,IResolvable,None]) – The setting for allowing self-service sign-up. Whentrue, only administrators can create new user profiles. Whenfalse, users can register themselves and create a new user profile with the SignUp operation.invite_message_template (
Union[IResolvable,InviteMessageTemplateProperty,Dict[str,Any],None]) – The template for the welcome message to new users. See also Customizing User Invitation Messages .unused_account_validity_days (
Union[int,float,None]) – This parameter is no longer in use. Configure the duration of temporary passwords with theTemporaryPasswordValidityDaysparameter of PasswordPolicyType . For older user pools that have aUnusedAccountValidityDaysconfiguration, that value is effective until you set a value forTemporaryPasswordValidityDays. The password expiration limit in days for administrator-created users. When this time expires, the user can’t sign in with their temporary password. To reset the account after that time limit, you must callAdminCreateUseragain, specifyingRESENDfor theMessageActionparameter. The default value for this parameter is 7.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito admin_create_user_config_property = cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 )
Attributes
- allow_admin_create_user_only
The setting for allowing self-service sign-up.
When
true, only administrators can create new user profiles. Whenfalse, users can register themselves and create a new user profile with the SignUp operation.
- invite_message_template
The template for the welcome message to new users.
See also Customizing User Invitation Messages .
- unused_account_validity_days
This parameter is no longer in use.
Configure the duration of temporary passwords with the
TemporaryPasswordValidityDaysparameter of PasswordPolicyType . For older user pools that have aUnusedAccountValidityDaysconfiguration, that value is effective until you set a value forTemporaryPasswordValidityDays.The password expiration limit in days for administrator-created users. When this time expires, the user can’t sign in with their temporary password. To reset the account after that time limit, you must call
AdminCreateUseragain, specifyingRESENDfor theMessageActionparameter.The default value for this parameter is 7.
AdvancedSecurityAdditionalFlowsProperty
- class CfnUserPool.AdvancedSecurityAdditionalFlowsProperty(*, custom_auth_mode=None)
Bases:
object- Parameters:
custom_auth_mode (
Optional[str]) –- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito advanced_security_additional_flows_property = cognito.CfnUserPool.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" )
Attributes
CustomEmailSenderProperty
- class CfnUserPool.CustomEmailSenderProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe configuration of a custom email sender Lambda trigger.
This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use aLambdaVersionofV1_0with a custom sender function.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito custom_email_sender_property = cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
You must use a
LambdaVersionofV1_0with a custom sender function.
CustomSMSSenderProperty
- class CfnUserPool.CustomSMSSenderProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe configuration of a custom SMS sender Lambda trigger.
This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use aLambdaVersionofV1_0with a custom sender function.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito custom_sMSSender_property = cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
You must use a
LambdaVersionofV1_0with a custom sender function.
DeviceConfigurationProperty
- class CfnUserPool.DeviceConfigurationProperty(*, challenge_required_on_new_device=None, device_only_remembered_on_user_prompt=None)
Bases:
objectThe device-remembering configuration for a user pool.
A DescribeUserPool request returns a null value for this object when the user pool isn’t configured to remember devices. When device remembering is active, you can remember a user’s device with a ConfirmDevice API request. Additionally. when the property
DeviceOnlyRememberedOnUserPromptistrue, you must followConfirmDevicewith an UpdateDeviceStatus API request that sets the user’s device torememberedornot_remembered.To sign in with a remembered device, include
DEVICE_KEYin the authentication parameters in your user’s InitiateAuth request. If your app doesn’t include aDEVICE_KEYparameter, the response from Amazon Cognito includes newly-generatedDEVICE_KEYandDEVICE_GROUP_KEYvalues underNewDeviceMetadata. Store these values to use in future device-authentication requests. .. epigraph:When you provide a value for any property of ``DeviceConfiguration`` , you activate the device remembering for the user pool. This data type is a request and response parameter of `CreateUserPool <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html>`_ and `UpdateUserPool <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html>`_ , and a response parameter of `DescribeUserPool <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html>`_ .
- Parameters:
challenge_required_on_new_device (
Union[bool,IResolvable,None]) – When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). .. epigraph:: Whether or notChallengeRequiredOnNewDeviceis true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.device_only_remembered_on_user_prompt (
Union[bool,IResolvable,None]) –When true, Amazon Cognito doesn’t automatically remember a user’s device when your app sends a ConfirmDevice API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user’s choice in an UpdateDeviceStatus API request. When
DeviceOnlyRememberedOnUserPromptisfalse, Amazon Cognito immediately remembers devices that you register in aConfirmDeviceAPI request.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito device_configuration_property = cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False )
Attributes
- challenge_required_on_new_device
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Whether or not
ChallengeRequiredOnNewDeviceis true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.
- device_only_remembered_on_user_prompt
//docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html>`_ API request.
When
DeviceOnlyRememberedOnUserPromptisfalse, Amazon Cognito immediately remembers devices that you register in aConfirmDeviceAPI request.- See:
- Type:
When true, Amazon Cognito doesn’t automatically remember a user’s device when your app sends a `ConfirmDevice <https
- Type:
//docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html>`_ API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user’s choice in an `UpdateDeviceStatus <https
EmailConfigurationProperty
- class CfnUserPool.EmailConfigurationProperty(*, configuration_set=None, email_sending_account=None, from_=None, reply_to_email_address=None, source_arn=None)
Bases:
objectThe email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
- Parameters:
configuration_set (
Optional[str]) – The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails: - Event publishing - Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as and Amazon CloudWatch - IP pool management - When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.email_sending_account (
Optional[str]) – Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values: - COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration. To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide . The default FROM address isno-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter. - DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account . If you use this option, provide the ARN of an Amazon SES verified email address for theSourceArnparameter. Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role in your AWS account . This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .from – Either the sender’s email address or the sender’s name with their email address. For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.reply_to_email_address (
Optional[str]) – The destination to which the receiver of the email should reply.source_arn (
Optional[str]) – The ARN of a verified email address or an address from a verified domain in Amazon SES. You can set aSourceArnemail from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for theEmailSendingAccountparameter: - If you specifyCOGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specifyDEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf. The Region value of theSourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito email_configuration_property = cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" )
Attributes
- configuration_set
The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service.
A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
Event publishing - Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as and Amazon CloudWatch
IP pool management - When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
- email_sending_account
Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration.
Specify one of the following values:
COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.
To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide .
The default FROM address is
no-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter.DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArnparameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role in your AWS account . This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .
- from_
Either the sender’s email address or the sender’s name with their email address.
For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.
- reply_to_email_address
The destination to which the receiver of the email should reply.
- source_arn
The ARN of a verified email address or an address from a verified domain in Amazon SES.
You can set a
SourceArnemail from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for theEmailSendingAccountparameter:If you specify
COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.If you specify
DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the
SourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
InviteMessageTemplateProperty
- class CfnUserPool.InviteMessageTemplateProperty(*, email_message=None, email_subject=None, sms_message=None)
Bases:
objectThe template for the welcome message to new users.
See also Customizing User Invitation Messages .
- Parameters:
email_message (
Optional[str]) – The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.email_subject (
Optional[str]) –The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
sms_message (
Optional[str]) – The message template for SMS messages.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito invite_message_template_property = cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" )
Attributes
- email_message
The message template for email messages.
EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
- email_subject
The subject line for email messages.
EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
- sms_message
The message template for SMS messages.
LambdaConfigProperty
- class CfnUserPool.LambdaConfigProperty(*, create_auth_challenge=None, custom_email_sender=None, custom_message=None, custom_sms_sender=None, define_auth_challenge=None, kms_key_id=None, post_authentication=None, post_confirmation=None, pre_authentication=None, pre_sign_up=None, pre_token_generation=None, pre_token_generation_config=None, user_migration=None, verify_auth_challenge_response=None)
Bases:
objectA collection of user pool Lambda triggers.
Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
create_auth_challenge (
Optional[str]) – The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .custom_email_sender (
Union[IResolvable,CustomEmailSenderProperty,Dict[str,Any],None]) – The configuration of a custom email sender Lambda trigger. This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.custom_message (
Optional[str]) – A custom message Lambda trigger. This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user.custom_sms_sender (
Union[IResolvable,CustomSMSSenderProperty,Dict[str,Any],None]) – The configuration of a custom SMS sender Lambda trigger. This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.define_auth_challenge (
Optional[str]) –The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
kms_key_id (
Optional[str]) – The ARN of an KMS key . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.post_authentication (
Optional[str]) – The configuration of a post authentication Lambda trigger in a user pool. This trigger can take custom actions after a user signs in.post_confirmation (
Optional[str]) – The configuration of a post confirmation Lambda trigger in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number.pre_authentication (
Optional[str]) – The configuration of a pre authentication trigger in a user pool. This trigger can evaluate and modify user sign-in events.pre_sign_up (
Optional[str]) – The configuration of a pre sign-up Lambda trigger in a user pool. This trigger evaluates new users and can bypass confirmation, link a federated user profile , or block sign-up requests.pre_token_generation (
Optional[str]) – The legacy configuration of a pre token generation Lambda trigger in a user pool. Set this parameter for legacy purposes. If you also set an ARN inPreTokenGenerationConfig, its value must be identical toPreTokenGeneration. For new instances of pre token generation triggers, set theLambdaArnofPreTokenGenerationConfig.pre_token_generation_config (
Union[IResolvable,PreTokenGenerationConfigProperty,Dict[str,Any],None]) –The detailed configuration of a pre token generation Lambda trigger in a user pool. If you also set an ARN in
PreTokenGeneration, its value must be identical toPreTokenGenerationConfig.user_migration (
Optional[str]) – The configuration of a migrate user Lambda trigger in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don’t exist yet.verify_auth_challenge_response (
Optional[str]) –The configuration of a verify auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito lambda_config_property = cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", pre_token_generation_config=cognito.CfnUserPool.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" )
Attributes
- create_auth_challenge
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html>`_ .
- See:
- Type:
The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the `custom authentication challenge triggers <https
- custom_email_sender
The configuration of a custom email sender Lambda trigger.
This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
- custom_message
A custom message Lambda trigger.
This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user.
- custom_sms_sender
The configuration of a custom SMS sender Lambda trigger.
This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
- define_auth_challenge
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html>`_ .
- See:
- Type:
The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the `custom authentication challenge triggers <https
- kms_key_id
//docs.aws.amazon.com//kms/latest/developerguide/concepts.html#master_keys>`_ . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.
- See:
- Type:
The ARN of an `KMS key <https
- post_authentication
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html>`_ in a user pool. This trigger can take custom actions after a user signs in.
- See:
- Type:
The configuration of a `post authentication Lambda trigger <https
- post_confirmation
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html>`_ in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number.
- See:
- Type:
The configuration of a `post confirmation Lambda trigger <https
- pre_authentication
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html>`_ in a user pool. This trigger can evaluate and modify user sign-in events.
- See:
- Type:
The configuration of a `pre authentication trigger <https
- pre_sign_up
//docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html>`_ , or block sign-up requests.
- pre_token_generation
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html>`_ in a user pool.
Set this parameter for legacy purposes. If you also set an ARN in
PreTokenGenerationConfig, its value must be identical toPreTokenGeneration. For new instances of pre token generation triggers, set theLambdaArnofPreTokenGenerationConfig.- See:
- Type:
The legacy configuration of a `pre token generation Lambda trigger <https
- pre_token_generation_config
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html>`_ in a user pool. If you also set an ARN in
PreTokenGeneration, its value must be identical toPreTokenGenerationConfig.- See:
- Type:
The detailed configuration of a `pre token generation Lambda trigger <https
- user_migration
//docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html>`_ in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don’t exist yet.
- See:
- Type:
The configuration of a `migrate user Lambda trigger <https
NumberAttributeConstraintsProperty
- class CfnUserPool.NumberAttributeConstraintsProperty(*, max_value=None, min_value=None)
Bases:
objectThe minimum and maximum values of an attribute that is of the number type, for example
custom:age.This data type is part of SchemaAttributeType . It defines the length constraints on number-type attributes that you configure in CreateUserPool and UpdateUserPool , and displays the length constraints of all number-type attributes in the response to DescribeUserPool
- Parameters:
max_value (
Optional[str]) – The maximum length of a number attribute value. Must be a number less than or equal to2^1023, represented as a string with a length of 131072 characters or fewer.min_value (
Optional[str]) – The minimum value of an attribute that is of the number data type.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito number_attribute_constraints_property = cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" )
Attributes
- max_value
The maximum length of a number attribute value.
Must be a number less than or equal to
2^1023, represented as a string with a length of 131072 characters or fewer.
- min_value
The minimum value of an attribute that is of the number data type.
PasswordPolicyProperty
- class CfnUserPool.PasswordPolicyProperty(*, minimum_length=None, password_history_size=None, require_lowercase=None, require_numbers=None, require_symbols=None, require_uppercase=None, temporary_password_validity_days=None)
Bases:
objectThe password policy settings for a user pool, including complexity, history, and length requirements.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
minimum_length (
Union[int,float,None]) – The minimum length of the password in the policy that you have set. This value can’t be less than 6.password_history_size (
Union[int,float,None]) –The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can’t set a password that matches any of
nprevious passwords, wherenis the value ofPasswordHistorySize. Password history isn’t enforced and isn’t displayed in DescribeUserPool responses when you set this value to0or don’t provide it. To activate this setting, advanced security features must be active in your user pool.require_lowercase (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one lowercase letter in their password.require_numbers (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one number in their password.require_symbols (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one symbol in their password.require_uppercase (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one uppercase letter in their password.temporary_password_validity_days (
Union[int,float,None]) – The number of days a temporary password is valid in the password policy. If the user doesn’t sign in during this time, an administrator must reset their password. Defaults to7. If you submit a value of0, Amazon Cognito treats it as a null value and setsTemporaryPasswordValidityDaysto its default value. .. epigraph:: When you setTemporaryPasswordValidityDaysfor a user pool, you can no longer set a value for the legacyUnusedAccountValidityDaysparameter in that user pool.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito password_policy_property = cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 )
Attributes
- minimum_length
The minimum length of the password in the policy that you have set.
This value can’t be less than 6.
- password_history_size
The number of previous passwords that you want Amazon Cognito to restrict each user from reusing.
Users can’t set a password that matches any of
nprevious passwords, wherenis the value ofPasswordHistorySize.Password history isn’t enforced and isn’t displayed in DescribeUserPool responses when you set this value to
0or don’t provide it. To activate this setting, advanced security features must be active in your user pool.
- require_lowercase
The requirement in a password policy that users must include at least one lowercase letter in their password.
- require_numbers
The requirement in a password policy that users must include at least one number in their password.
- require_symbols
The requirement in a password policy that users must include at least one symbol in their password.
- require_uppercase
The requirement in a password policy that users must include at least one uppercase letter in their password.
- temporary_password_validity_days
The number of days a temporary password is valid in the password policy.
If the user doesn’t sign in during this time, an administrator must reset their password. Defaults to
7. If you submit a value of0, Amazon Cognito treats it as a null value and setsTemporaryPasswordValidityDaysto its default value. .. epigraph:When you set ``TemporaryPasswordValidityDays`` for a user pool, you can no longer set a value for the legacy ``UnusedAccountValidityDays`` parameter in that user pool.
PoliciesProperty
- class CfnUserPool.PoliciesProperty(*, password_policy=None)
Bases:
objectA list of user pool policies. Contains the policy that sets password-complexity requirements.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
password_policy (
Union[IResolvable,PasswordPolicyProperty,Dict[str,Any],None]) – The password policy settings for a user pool, including complexity, history, and length requirements.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito policies_property = cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) )
Attributes
- password_policy
The password policy settings for a user pool, including complexity, history, and length requirements.
PreTokenGenerationConfigProperty
- class CfnUserPool.PreTokenGenerationConfigProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe properties of a pre token generation Lambda trigger.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger. This parameter and thePreTokenGenerationproperty ofLambdaConfighave the same value. For new instances of pre token generation triggers, setLambdaArn.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito pre_token_generation_config_property = cognito.CfnUserPool.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
This parameter and the
PreTokenGenerationproperty ofLambdaConfighave the same value. For new instances of pre token generation triggers, setLambdaArn.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
RecoveryOptionProperty
- class CfnUserPool.RecoveryOptionProperty(*, name=None, priority=None)
Bases:
objectA recovery option for a user.
The
AccountRecoverySettingTypedata type is an array of this object. EachRecoveryOptionTypehas a priority property that determines whether it is a primary or secondary option.For example, if
verified_emailhas a priority of1andverified_phone_numberhas a priority of2, your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. Theadmin_onlyoption prevents self-service account recovery.This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
name (
Optional[str]) – The recovery method that this object sets a recovery option for.priority (
Union[int,float,None]) – Your priority preference for using the specified attribute in account recovery. The highest priority is1.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito recovery_option_property = cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )
Attributes
- name
The recovery method that this object sets a recovery option for.
- priority
Your priority preference for using the specified attribute in account recovery.
The highest priority is
1.
SchemaAttributeProperty
- class CfnUserPool.SchemaAttributeProperty(*, attribute_data_type=None, developer_only_attribute=None, mutable=None, name=None, number_attribute_constraints=None, required=None, string_attribute_constraints=None)
Bases:
objectA list of the user attributes and their properties in your user pool.
The attribute schema contains standard attributes, custom attributes with a
custom:prefix, and developer attributes with adev:prefix. For more information, see User pool attributes .Developer-only
dev:attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
attribute_data_type (
Optional[str]) – The data format of the values for your attribute. When you choose anAttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user’s ID token is always a string, for example"custom:isMember" : "true"or"custom:YearsAsMember" : "12".developer_only_attribute (
Union[bool,IResolvable,None]) –You should use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute. Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won’t be able to modify this attribute using their access token. For example,DeveloperOnlyAttributecan be modified using AdminUpdateUserAttributes but can’t be updated using UpdateUserAttributes.mutable (
Union[bool,IResolvable,None]) – Specifies whether the value of the attribute can be changed. Any user pool attribute whose value you map from an IdP attribute must be mutable, with a parameter value oftrue. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .name (
Optional[str]) – The name of your user pool attribute. When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with aNamevalue ofMyAttribute, Amazon Cognito creates the custom attributecustom:MyAttribute. WhenDeveloperOnlyAttributeistrue, Amazon Cognito creates your attribute asdev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value asvaluefor standard attributes,custom:valuefor custom attributes, anddev:valuefor developer-only attributes..number_attribute_constraints (
Union[IResolvable,NumberAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the number type.required (
Union[bool,IResolvable,None]) – Specifies whether a user pool attribute is required. If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.string_attribute_constraints (
Union[IResolvable,StringAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the string type.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito schema_attribute_property = cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )
Attributes
- attribute_data_type
The data format of the values for your attribute.
When you choose an
AttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user’s ID token is always a string, for example"custom:isMember" : "true"or"custom:YearsAsMember" : "12".
- developer_only_attribute
You should use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute.Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won’t be able to modify this attribute using their access token. For example,
DeveloperOnlyAttributecan be modified using AdminUpdateUserAttributes but can’t be updated using UpdateUserAttributes.
- mutable
Specifies whether the value of the attribute can be changed.
Any user pool attribute whose value you map from an IdP attribute must be mutable, with a parameter value of
true. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .
- name
The name of your user pool attribute.
When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with a
Namevalue ofMyAttribute, Amazon Cognito creates the custom attributecustom:MyAttribute. WhenDeveloperOnlyAttributeistrue, Amazon Cognito creates your attribute asdev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value asvaluefor standard attributes,custom:valuefor custom attributes, anddev:valuefor developer-only attributes..
- number_attribute_constraints
Specifies the constraints for an attribute of the number type.
- required
Specifies whether a user pool attribute is required.
If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.
- string_attribute_constraints
Specifies the constraints for an attribute of the string type.
SmsConfigurationProperty
- class CfnUserPool.SmsConfigurationProperty(*, external_id=None, sns_caller_arn=None, sns_region=None)
Bases:
objectUser pool configuration for delivery of SMS messages with Amazon Simple Notification Service.
To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
This data type is a request parameter of CreateUserPool , UpdateUserPool , and SetUserPoolMfaConfig , and a response parameter of CreateUserPool , UpdateUserPool , and GetUserPoolMfaConfig .
- Parameters:
external_id (
Optional[str]) – The external ID provides additional security for your IAM role. You can use anExternalIdwith the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide theExternalID. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of theExternalId. For more information about theExternalIdof a role, see How to use an external ID when granting access to your AWS resources to a third party .sns_caller_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .sns_region (
Optional[str]) – The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region . Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito sms_configuration_property = cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" )
Attributes
- external_id
The external ID provides additional security for your IAM role.
You can use an
ExternalIdwith the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide theExternalID. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of theExternalId.For more information about the
ExternalIdof a role, see How to use an external ID when granting access to your AWS resources to a third party .
- sns_caller_arn
The Amazon Resource Name (ARN) of the Amazon SNS caller.
This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .
- sns_region
The AWS Region to use with Amazon SNS integration.
You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region .
Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
StringAttributeConstraintsProperty
- class CfnUserPool.StringAttributeConstraintsProperty(*, max_length=None, min_length=None)
Bases:
objectThe minimum and maximum length values of an attribute that is of the string type, for example
custom:department.This data type is part of SchemaAttributeType . It defines the length constraints on string-type attributes that you configure in CreateUserPool and UpdateUserPool , and displays the length constraints of all string-type attributes in the response to DescribeUserPool
- Parameters:
max_length (
Optional[str]) – The maximum length of a string attribute value. Must be a number less than or equal to2^1023, represented as a string with a length of 131072 characters or fewer.min_length (
Optional[str]) – The minimum length of a string attribute value.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito string_attribute_constraints_property = cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" )
Attributes
- max_length
The maximum length of a string attribute value.
Must be a number less than or equal to
2^1023, represented as a string with a length of 131072 characters or fewer.
- min_length
The minimum length of a string attribute value.
UserAttributeUpdateSettingsProperty
- class CfnUserPool.UserAttributeUpdateSettingsProperty(*, attributes_require_verification_before_update)
Bases:
objectThe settings for updates to user attributes.
These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .- Parameters:
attributes_require_verification_before_update (
Sequence[str]) – Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the AdminUpdateUserAttributes API and setemail_verifiedorphone_number_verifiedto true. WhenAttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito user_attribute_update_settings_property = cognito.CfnUserPool.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] )
Attributes
- attributes_require_verification_before_update
Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute.
When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the AdminUpdateUserAttributes API and set
email_verifiedorphone_number_verifiedto true.When
AttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.
UserPoolAddOnsProperty
- class CfnUserPool.UserPoolAddOnsProperty(*, advanced_security_additional_flows=None, advanced_security_mode=None)
Bases:
objectUser pool add-ons.
Contains settings for activation of advanced security features. To log user security information but take no action, set to
AUDIT. To configure automatic security responses to risky traffic to your user pool, set toENFORCED.For more information, see Adding advanced security to a user pool .
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
advanced_security_additional_flows (
Union[IResolvable,AdvancedSecurityAdditionalFlowsProperty,Dict[str,Any],None]) –advanced_security_mode (
Optional[str]) – The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito user_pool_add_ons_property = cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_additional_flows=cognito.CfnUserPool.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" ), advanced_security_mode="advancedSecurityMode" )
Attributes
- advanced_security_additional_flows
-
- Type:
see
- advanced_security_mode
The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.
UsernameConfigurationProperty
- class CfnUserPool.UsernameConfigurationProperty(*, case_sensitive=None)
Bases:
objectCase sensitivity of the username input for the selected sign-in option.
When case sensitivity is set to
False(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username,USERNAME, orUserName, or for email,email@example.comorEMaiL@eXamplE.Com. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.This configuration is immutable after you set it. For more information, see UsernameConfigurationType .
- Parameters:
case_sensitive (
Union[bool,IResolvable,None]) – Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name. Valid values include: - true - Enables case sensitivity for all username input. When this option is set totrue, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - false - Enables case insensitivity for all username input. For example, when this option is set tofalse, users can sign in usingusername,USERNAME, orUserName. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito username_configuration_property = cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False )
Attributes
- case_sensitive
Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
For most use cases, set case sensitivity to
False(case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.Valid values include:
true - Enables case sensitivity for all username input. When this option is set to
true, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.false - Enables case insensitivity for all username input. For example, when this option is set to
false, users can sign in usingusername,USERNAME, orUserName. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.
VerificationMessageTemplateProperty
- class CfnUserPool.VerificationMessageTemplateProperty(*, default_email_option=None, email_message=None, email_message_by_link=None, email_subject=None, email_subject_by_link=None, sms_message=None)
Bases:
objectThe template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- Parameters:
default_email_option (
Optional[str]) – The configuration of verification emails to contain a clickable link or a verification code. For link, your template body must contain link text in the format{##Click here##}. “Click here” in the example is a customizable string. For code, your template body must contain a code placeholder in the format{####}.email_message (
Optional[str]) –The template for email messages that Amazon Cognito sends to your users. You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_message_by_link (
Optional[str]) –The email message template for sending a confirmation link to the user. You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject (
Optional[str]) –The subject line for the email message template. You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject_by_link (
Optional[str]) –The subject line for the email message template for sending a confirmation link to the user. You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.sms_message (
Optional[str]) – The template for SMS messages that Amazon Cognito sends to your users.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito verification_message_template_property = cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" )
Attributes
- default_email_option
The configuration of verification emails to contain a clickable link or a verification code.
For link, your template body must contain link text in the format
{##Click here##}. “Click here” in the example is a customizable string. For code, your template body must contain a code placeholder in the format{####}.
- email_message
The template for email messages that Amazon Cognito sends to your users.
You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_message_by_link
The email message template for sending a confirmation link to the user.
You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_subject
The subject line for the email message template.
You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_subject_by_link
The subject line for the email message template for sending a confirmation link to the user.
You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- sms_message
The template for SMS messages that Amazon Cognito sends to your users.