CreateUserPoolDomain - Amazon Cognito User Pools

CreateUserPoolDomain

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) AWS Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Note

Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Request Syntax

{ "CustomDomainConfig": { "CertificateArn": "string" }, "Domain": "string", "ManagedLoginVersion": number, "UserPoolId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CustomDomainConfig

The configuration for a custom domain. Configures your domain with an AWS Certificate Manager certificate in the us-east-1 Region.

Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can omit this parameter and use a prefix domain instead.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.

Update the RP ID in a SetUserPoolMfaConfig request.

Type: CustomDomainConfigType object

Required: No

Domain

The domain string. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For prefix domains, this is the prefix alone, such as myprefix. A prefix value of myprefix for a user pool in the us-east-1 Region results in a domain of myprefix.auth.us-east-1.amazoncognito.com.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: Yes

ManagedLoginVersion

The version of managed login branding that you want to apply to your domain. A value of 1 indicates hosted UI (classic) and a version of 2 indicates managed login.

Managed login requires that your user pool be configured for any feature plan other than Lite.

Type: Integer

Required: No

UserPoolId

The ID of the user pool where you want to add a domain.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{ "CloudFrontDomain": "string", "ManagedLoginVersion": number }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CloudFrontDomain

The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your managed login or classic hosted UI pages. Your domain-name authority must have an alias record that points requests for your custom domain to this FQDN. Amazon Cognito returns this value if you set a custom domain with CustomDomainConfig. If you set an Amazon Cognito prefix domain, this parameter returns null.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

ManagedLoginVersion

The version of managed login branding applied your domain. A value of 1 indicates hosted UI (classic) and a version of 2 indicates managed login.

Type: Integer

Errors

For information about the errors that are common to all actions, see Common Errors.

FeatureUnavailableInTierException

This exception is thrown when a feature you attempted to configure isn't available in your current feature plan.

HTTP Status Code: 400

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

HTTP Status Code: 400

Examples

Example

The following example creates a user pool custom domain. Amazon Cognito creates resources for the resulting domain auth.example.com at the CloudFront distribution example.cloudfront.net.

Sample Request

POST HTTP/1.1 Host: cognito-idp.ca-central-1.amazonaws.com X-Amz-Date: 20230613T200059Z Accept-Encoding: gzip, deflate, br X-Amz-Target: AWSCognitoIdentityProviderService.CreateUserPoolDomain User-Agent: <UserAgentString> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature> Content-Length: <PayloadSizeBytes> { "CustomDomainConfig": { "CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Domain": "auth.example.com", "ManagedLoginVersion": 2, "UserPoolId": "ca-central-1_EXAMPLE" }

Sample Response

HTTP/1.1 200 OK Date: Tue, 13 Jun 2023 20:00:59 GMT Content-Type: application/x-amz-json-1.0 Content-Length: <PayloadSizeBytes> x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111 Connection: keep-alive { "CloudFrontDomain": "example.cloudfront.net", "ManagedLoginVersion": 2 }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: