Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and, when threat protection is active, user-activity logs. For more information, see Exporting user pool logs.
Request Syntax
"LogConfigurations": [
"CloudWatchLogsConfiguration": {
"LogGroupArn": "string
"EventSource": "string
"FirehoseConfiguration": {
"StreamArn": "string
"LogLevel": "string
"S3Configuration": {
"BucketArn": "string
"UserPoolId": "string
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- LogConfigurations
A collection of the logging configurations for a user pool.
Type: Array of LogConfigurationType objects
Array Members: Minimum number of 0 items. Maximum number of 2 items.
Required: Yes
- UserPoolId
The ID of the user pool where you want to configure logging.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Required: Yes
Response Syntax
"LogDeliveryConfiguration": {
"LogConfigurations": [
"CloudWatchLogsConfiguration": {
"LogGroupArn": "string"
"EventSource": "string",
"FirehoseConfiguration": {
"StreamArn": "string"
"LogLevel": "string",
"S3Configuration": {
"BucketArn": "string"
"UserPoolId": "string"
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- LogDeliveryConfiguration
The logging configuration that you applied to the requested user pool.
Type: LogDeliveryConfigurationType object
For information about the errors that are common to all actions, see Common Errors.
- InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500
- InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
- NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400
- ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400
- TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400
A SetLogDeliveryConfiguration
request that exports
logs to a log group and
logs to an Amazon S3 bucket.
Sample Request
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
"LogConfigurations": [
"CloudWatchLogsConfiguration": {
"LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
"EventSource": "userNotification",
"LogLevel": "ERROR"
"EventSource": "userAuthEvents",
"LogLevel": "INFO",
"S3Configuration": {
"BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
"UserPoolId": "us-west-2_EXAMPLE"
Sample Response
HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
"LogDeliveryConfiguration": {
"LogConfigurations": [
"CloudWatchLogsConfiguration": {
"LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:cognito-exported"
"EventSource": "userNotification",
"LogLevel": "ERROR"
"EventSource": "userAuthEvents",
"LogLevel": "INFO",
"S3Configuration": {
"BucketArn": "arn:aws:s3:::amzn-s3-demo-bucket1"
"UserPoolId": "us-west-2_EXAMPLE"
A SetLogDeliveryConfiguration
request that exports
events to a Firehose stream and
events to a CloudWatch log group.
Sample Request
X-Amz-Date: 20230613T200059Z
Accept-Encoding: gzip, deflate, br
X-Amz-Target: AWSCognitoIdentityProviderService.SetLogDeliveryConfiguration
User-Agent: <UserAgentString>
Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=<Headers>, Signature=<Signature>
Content-Length: <PayloadSizeBytes>
"LogConfigurations": [
"EventSource": "userAuthEvents",
"FirehoseConfiguration": {
"StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
"LogLevel": "INFO"
"CloudWatchLogsConfiguration": {
"LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
"EventSource": "userNotification",
"LogLevel": "ERROR"
"UserPoolId": "us-west-2_EXAMPLE"
Sample Response
HTTP/1.1 200 OK
Date: Tue, 13 Jun 2023 20:00:59 GMT
Content-Type: application/x-amz-json-1.0
Content-Length: <PayloadSizeBytes>
x-amzn-requestid: a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111
Connection: keep-alive
"LogDeliveryConfiguration": {
"LogConfigurations": [
"CloudWatchLogsConfiguration": {
"LogGroupArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/example-user-pool-activity-exported"
"EventSource": "userNotification",
"LogLevel": "ERROR"
"EventSource": "userAuthEvents",
"FirehoseConfiguration": {
"StreamArn": "arn:aws:logs:us-west-2:123456789012:log-group:example-user-pool-error-exported"
"LogLevel": "INFO"
"UserPoolId": "us-west-2_EXAMPLE"
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: