UpdateUserPoolDomain
A user pool domain hosts managed login, an authorization server and web server for
authentication in your application. This operation updates the branding version for user
pool domains between 1 for hosted UI (classic) and 2 for
managed login. It also updates the SSL certificate for user pool custom domains.
Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.
This operation doesn't change the name of your user pool domain. To change your
domain, delete it with DeleteUserPoolDomain and create a new domain with
CreateUserPoolDomain.
You can pass the ARN of a new AWS Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.
ACM certificates for custom domains must be in the US East (N. Virginia) AWS Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Note
Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Request Syntax
{
"CustomDomainConfig": {
"CertificateArn": "string"
},
"Domain": "string",
"ManagedLoginVersion": number,
"UserPoolId": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CustomDomainConfig
-
The configuration for a custom domain that hosts managed login for your application. In an
UpdateUserPoolDomainrequest, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN inus-east-1.When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.
Update the RP ID in a SetUserPoolMfaConfig request.
Type: CustomDomainConfigType object
Required: Yes
- Domain
-
The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example
auth.example.com. For prefix domains, this is the prefix alone, such asmyprefix.Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern:
^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$Required: Yes
- ManagedLoginVersion
-
A version number that indicates the state of managed login for your domain. Version
1is hosted UI (classic). Version2is the newer managed login with the branding designer. For more information, see Managed login.Type: Integer
Required: No
- UserPoolId
-
The ID of the user pool that is associated with the domain you're updating.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern:
[\w-]+_[0-9a-zA-Z]+Required: Yes
Response Syntax
{
"CloudFrontDomain": "string",
"ManagedLoginVersion": number
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- CloudFrontDomain
-
The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your managed login or classic hosted UI pages. You domain-name authority must have an alias record that points requests for your custom domain to this FQDN. Amazon Cognito returns this value if you set a custom domain with
CustomDomainConfig. If you set an Amazon Cognito prefix domain, this operation returns a blank response.Type: String
Length Constraints: Minimum length of 1. Maximum length of 63.
Pattern:
^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$ - ManagedLoginVersion
-
A version number that indicates the state of managed login for your domain. Version
1is hosted UI (classic). Version2is the newer managed login with the branding designer. For more information, see Managed login.Type: Integer
Errors
For information about the errors that are common to all actions, see Common Errors.
- FeatureUnavailableInTierException
-
This exception is thrown when a feature you attempted to configure isn't available in your current feature plan.
HTTP Status Code: 400
- InternalErrorException
-
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
- InvalidParameterException
-
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
- NotAuthorizedException
-
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400
- ResourceNotFoundException
-
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400
- TooManyRequestsException
-
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
