MfaSecondFactor

class aws_cdk.aws_cognito.MfaSecondFactor(*, otp, sms, email=None)

Bases: object

The different ways in which a user pool can obtain their MFA token for sign in.

Parameters:
  • otp (bool) – The MFA token is a time-based one time password that is generated by a hardware or software token. Default: false

  • sms (bool) – The MFA token is sent to the user via SMS to their verified phone numbers. Default: true

  • email (Optional[bool]) – The MFA token is sent to the user via EMAIL. To enable email-based MFA, set email property to the Amazon SES email-sending configuration and set feturePlan to FeaturePlan.ESSENTIALS or FeaturePlan.PLUS Default: false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

ExampleMetadata:

infused

Example:

cognito.UserPool(self, "myuserpool",
    # ...
    mfa=cognito.Mfa.REQUIRED,
    mfa_second_factor=cognito.MfaSecondFactor(
        sms=True,
        otp=True,
        email=False
    )
)

Attributes

email

The MFA token is sent to the user via EMAIL.

To enable email-based MFA, set email property to the Amazon SES email-sending configuration and set feturePlan to FeaturePlan.ESSENTIALS or FeaturePlan.PLUS

Default:

false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html

otp

The MFA token is a time-based one time password that is generated by a hardware or software token.

Default:

false

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html

sms

The MFA token is sent to the user via SMS to their verified phone numbers.

Default:

true

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html