Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . cognito-idp ]



Updates the specified user pool with the specified attributes. If you don't provide a value for an attribute, it will be set to the default value. You can get a list of the current user pool settings with .

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--user-pool-id <value>
[--policies <value>]
[--lambda-config <value>]
[--auto-verified-attributes <value>]
[--sms-verification-message <value>]
[--email-verification-message <value>]
[--email-verification-subject <value>]
[--verification-message-template <value>]
[--sms-authentication-message <value>]
[--mfa-configuration <value>]
[--device-configuration <value>]
[--email-configuration <value>]
[--sms-configuration <value>]
[--user-pool-tags <value>]
[--admin-create-user-config <value>]
[--user-pool-add-ons <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--user-pool-id (string)

The user pool ID for the user pool you want to update.

--policies (structure)

A container with the policies you wish to update in a user pool.

Shorthand Syntax:


JSON Syntax:

  "PasswordPolicy": {
    "MinimumLength": integer,
    "RequireUppercase": true|false,
    "RequireLowercase": true|false,
    "RequireNumbers": true|false,
    "RequireSymbols": true|false,
    "TemporaryPasswordValidityDays": integer

--lambda-config (structure)

The AWS Lambda configuration information from the request to update the user pool.

Shorthand Syntax:


JSON Syntax:

  "PreSignUp": "string",
  "CustomMessage": "string",
  "PostConfirmation": "string",
  "PreAuthentication": "string",
  "PostAuthentication": "string",
  "DefineAuthChallenge": "string",
  "CreateAuthChallenge": "string",
  "VerifyAuthChallengeResponse": "string",
  "PreTokenGeneration": "string",
  "UserMigration": "string"

--auto-verified-attributes (list)

The attributes that are automatically verified when the Amazon Cognito service makes a request to update user pools.


"string" "string" ...

Where valid values are:

--sms-verification-message (string)

A container with information about the SMS verification message.

--email-verification-message (string)

The contents of the email verification message.

--email-verification-subject (string)

The subject of the email verification message.

--verification-message-template (structure)

The template for verification messages.

Shorthand Syntax:


JSON Syntax:

  "SmsMessage": "string",
  "EmailMessage": "string",
  "EmailSubject": "string",
  "EmailMessageByLink": "string",
  "EmailSubjectByLink": "string",

--sms-authentication-message (string)

The contents of the SMS authentication message.

--mfa-configuration (string)

Can be one of the following values:

  • OFF - MFA tokens are not required and cannot be specified during user registration.
  • ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
  • OPTIONAL - Users have the option when registering to create an MFA token.

Possible values:

  • OFF
  • ON

--device-configuration (structure)

Device configuration.

Shorthand Syntax:


JSON Syntax:

  "ChallengeRequiredOnNewDevice": true|false,
  "DeviceOnlyRememberedOnUserPrompt": true|false

--email-configuration (structure)

Email configuration.

Shorthand Syntax:


JSON Syntax:

  "SourceArn": "string",
  "ReplyToEmailAddress": "string",
  "EmailSendingAccount": "COGNITO_DEFAULT"|"DEVELOPER"

--sms-configuration (structure)

SMS configuration.

Shorthand Syntax:


JSON Syntax:

  "SnsCallerArn": "string",
  "ExternalId": "string"

--user-pool-tags (map)

The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.

Shorthand Syntax:


JSON Syntax:

{"string": "string"

--admin-create-user-config (structure)

The configuration for AdminCreateUser requests.

Shorthand Syntax:


JSON Syntax:

  "AllowAdminCreateUserOnly": true|false,
  "UnusedAccountValidityDays": integer,
  "InviteMessageTemplate": {
    "SMSMessage": "string",
    "EmailMessage": "string",
    "EmailSubject": "string"

--user-pool-add-ons (structure)

Used to enable advanced security risk detection. Set the key AdvancedSecurityMode to the value "AUDIT".

Shorthand Syntax:


JSON Syntax:

  "AdvancedSecurityMode": "OFF"|"AUDIT"|"ENFORCED"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


To update a user pool

This example adds tags to a user pool.


aws cognito-idp update-user-pool --user-pool-id us-west-2_aaaaaaaaa --user-pool-tags Team=Blue,Area=West