UpdateUserPoolDomain - Amazon Cognito User Pools
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

UpdateUserPoolDomain

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation updates the branding version for user pool domains between 1 for hosted UI (classic) and 2 for managed login. It also updates the SSL certificate for user pool custom domains.

Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.

This operation doesn't change the name of your user pool domain. To change your domain, delete it with DeleteUserPoolDomain and create a new domain with CreateUserPoolDomain.

You can pass the ARN of a new AWS Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.

ACM certificates for custom domains must be in the US East (N. Virginia) AWS Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Note

Amazon Cognito evaluates AWS Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

Request Syntax

{
   "CustomDomainConfig": { 
      "CertificateArn": "string"
   },
   "Domain": "string",
   "ManagedLoginVersion": number,
   "UserPoolId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CustomDomainConfig

The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a SetUserPoolMfaConfig request.

Type: CustomDomainConfigType object

Required: No

Domain

The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

Required: Yes

ManagedLoginVersion

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

Type: Integer

Required: No

UserPoolId

The ID of the user pool that is associated with the custom domain whose certificate you're updating.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{
   "CloudFrontDomain": "string",
   "ManagedLoginVersion": number
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

CloudFrontDomain

The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 63.

Pattern: ^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

ManagedLoginVersion

A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

Type: Integer

Errors

For information about the errors that are common to all actions, see Common Errors.

FeatureUnavailableInTierException

This exception is thrown when a feature you attempted to configure isn't available in your current feature plan.

HTTP Status Code: 400

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user isn't authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: