AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Update-CGIPUserPool-UserPoolId <String>-UserPoolAddOns_AdvancedSecurityMode <AdvancedSecurityModeType>-AdminCreateUserConfig_AllowAdminCreateUserOnly <Boolean>-UserAttributeUpdateSettings_AttributesRequireVerificationBeforeUpdate <String[]>-AutoVerifiedAttribute <String[]>-DeviceConfiguration_ChallengeRequiredOnNewDevice <Boolean>-EmailConfiguration_ConfigurationSet <String>-LambdaConfig_CreateAuthChallenge <String>-LambdaConfig_CustomMessage <String>-VerificationMessageTemplate_DefaultEmailOption <DefaultEmailOptionType>-LambdaConfig_DefineAuthChallenge <String>-DeletionProtection <DeletionProtectionType>-DeviceConfiguration_DeviceOnlyRememberedOnUserPrompt <Boolean>-InviteMessageTemplate_EmailMessage <String>-VerificationMessageTemplate_EmailMessage <String>-VerificationMessageTemplate_EmailMessageByLink <String>-EmailConfiguration_EmailSendingAccount <EmailSendingAccountType>-InviteMessageTemplate_EmailSubject <String>-VerificationMessageTemplate_EmailSubject <String>-VerificationMessageTemplate_EmailSubjectByLink <String>-EmailVerificationMessage <String>-EmailVerificationSubject <String>-SmsConfiguration_ExternalId <String>-EmailConfiguration_From <String>-LambdaConfig_KMSKeyID <String>-CustomEmailSender_LambdaArn <String>-CustomSMSSender_LambdaArn <String>-CustomEmailSender_LambdaVersion <CustomEmailSenderLambdaVersionType>-CustomSMSSender_LambdaVersion <CustomSMSSenderLambdaVersionType>-MfaConfiguration <UserPoolMfaType>-PasswordPolicy_MinimumLength <Int32>-LambdaConfig_PostAuthentication <String>-LambdaConfig_PostConfirmation <String>-LambdaConfig_PreAuthentication <String>-LambdaConfig_PreSignUp <String>-LambdaConfig_PreTokenGeneration <String>-AccountRecoverySetting_RecoveryMechanism <RecoveryOptionType[]>-EmailConfiguration_ReplyToEmailAddress <String>-PasswordPolicy_RequireLowercase <Boolean>-PasswordPolicy_RequireNumber <Boolean>-PasswordPolicy_RequireSymbol <Boolean>-PasswordPolicy_RequireUppercase <Boolean>-SmsAuthenticationMessage <String>-VerificationMessageTemplate_SmsMessage <String>-InviteMessageTemplate_SMSMessage <String>-SmsVerificationMessage <String>-SmsConfiguration_SnsCallerArn <String>-SmsConfiguration_SnsRegion <String>-EmailConfiguration_SourceArn <String>-PasswordPolicy_TemporaryPasswordValidityDay <Int32>-AdminCreateUserConfig_UnusedAccountValidityDay <Int32>-LambdaConfig_UserMigration <String>-UserPoolTag <Hashtable>-LambdaConfig_VerifyAuthChallengeResponse <String>-Select <String>-PassThru <SwitchParameter>-Force <SwitchParameter>-ClientConfig <AmazonCognitoIdentityProviderConfig>
RecoveryOptionTypes
. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AccountRecoverySetting_RecoveryMechanisms |
True
if only the administrator is allowed to create user profiles. Set to False
if users can sign themselves up via an app. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
AdminCreateUser
again, specifying "RESEND"
for the MessageAction
parameter. The default value for this parameter is 7. If you set a value for TemporaryPasswordValidityDays
in PasswordPolicy
, that value will be used, and UnusedAccountValidityDays
will be no longer be an available parameter for that user pool. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AdminCreateUserConfig_UnusedAccountValidityDays |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AutoVerifiedAttributes |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | LambdaConfig_CustomEmailSender_LambdaArn |
V1_0
. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | LambdaConfig_CustomEmailSender_LambdaVersion |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | LambdaConfig_CustomSMSSender_LambdaArn |
V1_0
. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | LambdaConfig_CustomSMSSender_LambdaVersion |
DeletionProtection
prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature.When you try to delete a protected user pool in a DeleteUserPool
API request, Amazon Cognito returns an InvalidParameterException
error. To delete a protected user pool, send a new DeleteUserPool
request after you deactivate deletion protection in an UpdateUserPool
API request. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
ChallengeRequiredOnNewDevice
is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice
API request. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
no-reply@verificationemail.com
. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the SourceArn
parameter.SourceArn
parameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of role in your Amazon Web Services account. This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
testuser@example.com
or Test User <testuser@example.com>
. This address appears before the body of the email. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
EmailSendingAccount
parameter:COGNITO_DEFAULT
, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.DEVELOPER
, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.SourceArn
parameter must indicate a supported Amazon Web Services Region of your user pool. Typically, the Region in the SourceArn
and the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AdminCreateUserConfig_InviteMessageTemplate_EmailMessage |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AdminCreateUserConfig_InviteMessageTemplate_EmailSubject |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AdminCreateUserConfig_InviteMessageTemplate_SMSMessage |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
CustomEmailSender
and CustomSMSSender
. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
OFF
- MFA tokens aren't required and can't be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify ON when you're initially creating a user pool. You can use the SetUserPoolMfaConfig API operation to turn MFA "ON" for existing user pools. OPTIONAL
- Users have the option when registering to create an MFA token.Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_MinimumLength |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_RequireLowercase |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_RequireNumbers |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_RequireSymbols |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_RequireUppercase |
TemporaryPasswordValidityDays
for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays
parameter in that user pool. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | Policies_PasswordPolicy_TemporaryPasswordValidityDays |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
ExternalId
with the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId
, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide the ExternalID
. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of the ExternalId
.For more information about the ExternalId
of a role, see How to use an external ID when granting access to your Amazon Web Services resources to a third party Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
email_verified
or phone_number_verified
to true.When AttributesRequireVerificationBeforeUpdate
is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where AttributesRequireVerificationBeforeUpdate
is false, API operations that change attribute values can immediately update a user’s email
or phone_number
attribute. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | True |
Position? | 1 |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | UserPoolTags |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
EmailMessage
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
EmailMessageByLink
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
EmailSubject
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
EmailSubjectByLink
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration. Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AK |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByValue, ByPropertyName) |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | AWSProfilesLocation, ProfilesLocation |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | StoredCredentials, AWSProfileName |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | RegionToCall |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | SK, SecretAccessKey |
Required? | False |
Position? | Named |
Accept pipeline input? | True (ByPropertyName) |
Aliases | ST |
AWS Tools for PowerShell: 2.x.y.z