AWS::Cognito::UserPool LambdaConfig
A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.
This data type is a request and response parameter of CreateUserPool and UpdateUserPool, and a response parameter of DescribeUserPool.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "CreateAuthChallenge" :String, "CustomEmailSender" :CustomEmailSender, "CustomMessage" :String, "CustomSMSSender" :CustomSMSSender, "DefineAuthChallenge" :String, "KMSKeyID" :String, "PostAuthentication" :String, "PostConfirmation" :String, "PreAuthentication" :String, "PreSignUp" :String, "PreTokenGeneration" :String, "PreTokenGenerationConfig" :PreTokenGenerationConfig, "UserMigration" :String, "VerifyAuthChallengeResponse" :String}
YAML
CreateAuthChallenge:StringCustomEmailSender:CustomEmailSenderCustomMessage:StringCustomSMSSender:CustomSMSSenderDefineAuthChallenge:StringKMSKeyID:StringPostAuthentication:StringPostConfirmation:StringPreAuthentication:StringPreSignUp:StringPreTokenGeneration:StringPreTokenGenerationConfig:PreTokenGenerationConfigUserMigration:StringVerifyAuthChallengeResponse:String
Properties
CreateAuthChallenge-
The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
CustomEmailSender-
The configuration of a custom email sender Lambda trigger. This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
Required: No
Type: CustomEmailSender
Update requires: No interruption
CustomMessage-
A custom message Lambda trigger. This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
CustomSMSSender-
The configuration of a custom SMS sender Lambda trigger. This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
Required: No
Type: CustomSMSSender
Update requires: No interruption
DefineAuthChallenge-
The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
KMSKeyID-
The ARN of an KMS key. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PostAuthentication-
The configuration of a post authentication Lambda trigger in a user pool. This trigger can take custom actions after a user signs in.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PostConfirmation-
The configuration of a post confirmation Lambda trigger in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PreAuthentication-
The configuration of a pre authentication trigger in a user pool. This trigger can evaluate and modify user sign-in events.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PreSignUp-
The configuration of a pre sign-up Lambda trigger in a user pool. This trigger evaluates new users and can bypass confirmation, link a federated user profile, or block sign-up requests.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PreTokenGeneration-
The legacy configuration of a pre token generation Lambda trigger in a user pool.
Set this parameter for legacy purposes. If you also set an ARN in
PreTokenGenerationConfig, its value must be identical toPreTokenGeneration. For new instances of pre token generation triggers, set theLambdaArnofPreTokenGenerationConfig.Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
PreTokenGenerationConfig-
The detailed configuration of a pre token generation Lambda trigger in a user pool. If you also set an ARN in
PreTokenGeneration, its value must be identical toPreTokenGenerationConfig.Required: No
Type: PreTokenGenerationConfig
Update requires: No interruption
UserMigration-
The configuration of a migrate user Lambda trigger in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don't exist yet.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
VerifyAuthChallengeResponse-
The configuration of a verify auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers.
Required: No
Type: String
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?Minimum:
20Maximum:
2048Update requires: No interruption
