CfnUserPoolProps
- class aws_cdk.aws_cognito.CfnUserPoolProps(*, account_recovery_setting=None, admin_create_user_config=None, alias_attributes=None, auto_verified_attributes=None, deletion_protection=None, device_configuration=None, email_authentication_message=None, email_authentication_subject=None, email_configuration=None, email_verification_message=None, email_verification_subject=None, enabled_mfas=None, lambda_config=None, mfa_configuration=None, policies=None, schema=None, sms_authentication_message=None, sms_configuration=None, sms_verification_message=None, user_attribute_update_settings=None, username_attributes=None, username_configuration=None, user_pool_add_ons=None, user_pool_name=None, user_pool_tags=None, verification_message_template=None)
Bases:
objectProperties for defining a
CfnUserPool.- Parameters:
account_recovery_setting (
Union[IResolvable,AccountRecoverySettingProperty,Dict[str,Any],None]) – The available verified method a user can use to recover their password when they callForgotPassword. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.admin_create_user_config (
Union[IResolvable,AdminCreateUserConfigProperty,Dict[str,Any],None]) – The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .alias_attributes (
Optional[Sequence[str]]) – Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username .auto_verified_attributes (
Optional[Sequence[str]]) – The attributes to be auto-verified. Possible values: email , phone_number .deletion_protection (
Optional[str]) – When active,DeletionProtectionprevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. When you try to delete a protected user pool in aDeleteUserPoolAPI request, Amazon Cognito returns anInvalidParameterExceptionerror. To delete a protected user pool, send a newDeleteUserPoolrequest after you deactivate deletion protection in anUpdateUserPoolAPI request.device_configuration (
Union[IResolvable,DeviceConfigurationProperty,Dict[str,Any],None]) – The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool. .. epigraph:: When you provide a value for anyDeviceConfigurationfield, you activate the Amazon Cognito device-remembering feature.email_authentication_message (
Optional[str]) –email_authentication_subject (
Optional[str]) –email_configuration (
Union[IResolvable,EmailConfigurationProperty,Dict[str,Any],None]) – The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.email_verification_message (
Optional[str]) – This parameter is no longer used. See VerificationMessageTemplateType .email_verification_subject (
Optional[str]) –This parameter is no longer used. See VerificationMessageTemplateType .
enabled_mfas (
Optional[Sequence[str]]) – Set enabled MFA options on a specified user pool. To disable all MFAs after it has been enabled, setMfaConfigurationtoOFFand remove EnabledMfas. MFAs can only be all disabled ifMfaConfigurationisOFF. After you enableSMS_MFA, you can only disable it by settingMfaConfigurationtoOFF. Can be one of the following values: -SMS_MFA- Enables MFA with SMS for the user pool. To select this option, you must also provide values forSmsConfiguration. -SOFTWARE_TOKEN_MFA- Enables software token MFA for the user pool. -EMAIL_OTP- Enables MFA with email for the user pool. To select this option, you must provide values forEmailConfigurationand within those, setEmailSendingAccounttoDEVELOPER. Allowed values:SMS_MFA|SOFTWARE_TOKEN_MFA|EMAIL_OTPlambda_config (
Union[IResolvable,LambdaConfigProperty,Dict[str,Any],None]) – A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them.mfa_configuration (
Optional[str]) – The multi-factor authentication (MFA) configuration. Valid values include:. -OFFMFA won’t be used for any users. -ONMFA is required for all users to sign in. -OPTIONALMFA will be required only for individual users who have an MFA factor activated.policies (
Union[IResolvable,PoliciesProperty,Dict[str,Any],None]) –A list of user pool policies. Contains the policy that sets password-complexity requirements. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
schema (
Union[IResolvable,Sequence[Union[IResolvable,SchemaAttributeProperty,Dict[str,Any]]],None]) – An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.sms_authentication_message (
Optional[str]) – The contents of the SMS authentication message.sms_configuration (
Union[IResolvable,SmsConfigurationProperty,Dict[str,Any],None]) – The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .sms_verification_message (
Optional[str]) –This parameter is no longer used. See VerificationMessageTemplateType .
user_attribute_update_settings (
Union[IResolvable,UserAttributeUpdateSettingsProperty,Dict[str,Any],None]) – The settings for updates to user attributes. These settings include the propertyAttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .username_attributes (
Optional[Sequence[str]]) – Specifies whether a user can use an email address or phone number as a username when they sign up.username_configuration (
Union[IResolvable,UsernameConfigurationProperty,Dict[str,Any],None]) – Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set toFalse(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username,USERNAME, orUserName, or for email,email@example.comorEMaiL@eXamplE.Com. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user. This configuration is immutable after you set it. For more information, see UsernameConfigurationType .user_pool_add_ons (
Union[IResolvable,UserPoolAddOnsProperty,Dict[str,Any],None]) – User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set toAUDIT. To configure automatic security responses to risky traffic to your user pool, set toENFORCED. For more information, see Adding advanced security to a user pool .user_pool_name (
Optional[str]) – A string used to name the user pool.user_pool_tags (
Any) – The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.verification_message_template (
Union[IResolvable,VerificationMessageTemplateProperty,Dict[str,Any],None]) – The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. Set the email message type that corresponds to yourDefaultEmailOptionselection. ForCONFIRM_WITH_LINK, specify anEmailMessageByLinkand leaveEmailMessageblank. ForCONFIRM_WITH_CODE, specify anEmailMessageand leaveEmailMessageByLinkblank. When you supply both parameters with either choice, Amazon Cognito returns an error.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_cognito as cognito # user_pool_tags: Any cfn_user_pool_props = cognito.CfnUserPoolProps( account_recovery_setting=cognito.CfnUserPool.AccountRecoverySettingProperty( recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty( name="name", priority=123 )] ), admin_create_user_config=cognito.CfnUserPool.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito.CfnUserPool.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 ), alias_attributes=["aliasAttributes"], auto_verified_attributes=["autoVerifiedAttributes"], deletion_protection="deletionProtection", device_configuration=cognito.CfnUserPool.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False ), email_authentication_message="emailAuthenticationMessage", email_authentication_subject="emailAuthenticationSubject", email_configuration=cognito.CfnUserPool.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" ), email_verification_message="emailVerificationMessage", email_verification_subject="emailVerificationSubject", enabled_mfas=["enabledMfas"], lambda_config=cognito.CfnUserPool.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito.CfnUserPool.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito.CfnUserPool.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", pre_token_generation_config=cognito.CfnUserPool.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" ), mfa_configuration="mfaConfiguration", policies=cognito.CfnUserPool.PoliciesProperty( password_policy=cognito.CfnUserPool.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ) ), schema=[cognito.CfnUserPool.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito.CfnUserPool.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito.CfnUserPool.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )], sms_authentication_message="smsAuthenticationMessage", sms_configuration=cognito.CfnUserPool.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" ), sms_verification_message="smsVerificationMessage", user_attribute_update_settings=cognito.CfnUserPool.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] ), username_attributes=["usernameAttributes"], username_configuration=cognito.CfnUserPool.UsernameConfigurationProperty( case_sensitive=False ), user_pool_add_ons=cognito.CfnUserPool.UserPoolAddOnsProperty( advanced_security_additional_flows=cognito.CfnUserPool.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" ), advanced_security_mode="advancedSecurityMode" ), user_pool_name="userPoolName", user_pool_tags=user_pool_tags, verification_message_template=cognito.CfnUserPool.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" ) )
Attributes
- account_recovery_setting
The available verified method a user can use to recover their password when they call
ForgotPassword.You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
- admin_create_user_config
The settings for administrator creation of users in a user pool.
Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- alias_attributes
Attributes supported as an alias for this user pool.
Possible values: phone_number , email , or preferred_username .
- auto_verified_attributes
The attributes to be auto-verified.
Possible values: email , phone_number .
- deletion_protection
When active,
DeletionProtectionprevents accidental deletion of your user pool.Before you can delete a user pool that you have protected against deletion, you must deactivate this feature.
When you try to delete a protected user pool in a
DeleteUserPoolAPI request, Amazon Cognito returns anInvalidParameterExceptionerror. To delete a protected user pool, send a newDeleteUserPoolrequest after you deactivate deletion protection in anUpdateUserPoolAPI request.
- device_configuration
The device-remembering configuration for a user pool.
A null value indicates that you have deactivated device remembering in your user pool. .. epigraph:
When you provide a value for any ``DeviceConfiguration`` field, you activate the Amazon Cognito device-remembering feature.
- email_authentication_message
-
- Type:
see
- email_authentication_subject
-
- Type:
see
- email_configuration
The email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
- email_verification_message
This parameter is no longer used.
- email_verification_subject
This parameter is no longer used.
- enabled_mfas
Set enabled MFA options on a specified user pool.
To disable all MFAs after it has been enabled, set
MfaConfigurationtoOFFand remove EnabledMfas. MFAs can only be all disabled ifMfaConfigurationisOFF. After you enableSMS_MFA, you can only disable it by settingMfaConfigurationtoOFF. Can be one of the following values:SMS_MFA- Enables MFA with SMS for the user pool. To select this option, you must also provide values forSmsConfiguration.SOFTWARE_TOKEN_MFA- Enables software token MFA for the user pool.EMAIL_OTP- Enables MFA with email for the user pool. To select this option, you must provide values forEmailConfigurationand within those, setEmailSendingAccounttoDEVELOPER.
Allowed values:
SMS_MFA|SOFTWARE_TOKEN_MFA|EMAIL_OTP
- lambda_config
A collection of user pool Lambda triggers.
Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them.
- mfa_configuration
.
OFFMFA won’t be used for any users.ONMFA is required for all users to sign in.OPTIONALMFA will be required only for individual users who have an MFA factor activated.
- See:
- Type:
The multi-factor authentication (MFA) configuration. Valid values include
- policies
A list of user pool policies. Contains the policy that sets password-complexity requirements.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
- schema
An array of schema attributes for the new user pool.
These attributes can be standard or custom attributes.
- sms_authentication_message
The contents of the SMS authentication message.
- sms_configuration
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
- sms_verification_message
This parameter is no longer used.
- user_attribute_update_settings
The settings for updates to user attributes.
These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .
- user_pool_add_ons
User pool add-ons.
Contains settings for activation of advanced security features. To log user security information but take no action, set to
AUDIT. To configure automatic security responses to risky traffic to your user pool, set toENFORCED.For more information, see Adding advanced security to a user pool .
- user_pool_name
A string used to name the user pool.
- user_pool_tags
The tag keys and values to assign to the user pool.
A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
- username_attributes
Specifies whether a user can use an email address or phone number as a username when they sign up.
- username_configuration
Case sensitivity on the username input for the selected sign-in option.
When case sensitivity is set to
False(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username,USERNAME, orUserName, or for email,email@example.comorEMaiL@eXamplE.Com. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.This configuration is immutable after you set it. For more information, see UsernameConfigurationType .
- verification_message_template
The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
Set the email message type that corresponds to your
DefaultEmailOptionselection. ForCONFIRM_WITH_LINK, specify anEmailMessageByLinkand leaveEmailMessageblank. ForCONFIRM_WITH_CODE, specify anEmailMessageand leaveEmailMessageByLinkblank. When you supply both parameters with either choice, Amazon Cognito returns an error.