Amazon Cognito Identity Provider
API Reference (API Version 2016-04-18)

SetRiskConfiguration

Configures actions on detected risks. To delete the risk configuration for UserPoolId or ClientId, pass null values for all four configuration types.

To enable Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns keyAdvancedSecurityMode.

See UpdateUserPool.

Request Syntax

{ "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AccountTakeoverRiskConfiguration

The account takeover risk configuration.

Type: AccountTakeoverRiskConfigurationType object

Required: No

ClientId

The app client ID. If ClientId is null, then the risk configuration is mapped to userPoolId. When the client ID is null, the same risk configuration is applied to all the clients in the userPool.

Otherwise, ClientId is mapped to the client. When the client ID is not null, the user pool configuration is overridden and the risk configuration for the client is used instead.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: No

CompromisedCredentialsRiskConfiguration

The compromised credentials risk configuration.

Type: CompromisedCredentialsRiskConfigurationType object

Required: No

RiskExceptionConfiguration

The configuration to override the risk decision.

Type: RiskExceptionConfigurationType object

Required: No

UserPoolId

The user pool ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{ "RiskConfiguration": { "AccountTakeoverRiskConfiguration": { "Actions": { "HighAction": { "EventAction": "string", "Notify": boolean }, "LowAction": { "EventAction": "string", "Notify": boolean }, "MediumAction": { "EventAction": "string", "Notify": boolean } }, "NotifyConfiguration": { "BlockEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "From": "string", "MfaEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "NoActionEmail": { "HtmlBody": "string", "Subject": "string", "TextBody": "string" }, "ReplyTo": "string", "SourceArn": "string" } }, "ClientId": "string", "CompromisedCredentialsRiskConfiguration": { "Actions": { "EventAction": "string" }, "EventFilter": [ "string" ] }, "LastModifiedDate": number, "RiskExceptionConfiguration": { "BlockedIPRangeList": [ "string" ], "SkippedIPRangeList": [ "string" ] }, "UserPoolId": "string" } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

RiskConfiguration

The risk configuration.

Type: RiskConfigurationType object

Errors

For information about the errors that are common to all actions, see Common Errors.

CodeDeliveryFailureException

This exception is thrown when a verification code fails to deliver successfully.

HTTP Status Code: 400

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidEmailRoleAccessPolicyException

This exception is thrown when Amazon Cognito is not allowed to use your email identity. HTTP status code: 400.

HTTP Status Code: 400

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

UserPoolAddOnNotEnabledException

This exception is thrown when user pool add-ons are not enabled.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: