1. Answers
  2. Configuring an AWS Cognito User Pool

How do I configure an AWS Cognito User Pool?

To configure an AWS Cognito User Pool, you need to define its settings, including user pool attributes, policies, verification mechanisms, and an app client for users to interact with. AWS Cognito helps manage user registration and authentication, making it simpler to handle sign-up and sign-in processes in your application. The configuration below illustrates a basic setup.

Explanation:

  1. aws_cognito_user_pool Resource: Defines the user pool and its settings.
  2. Attributes and Policies: Configures attributes like email, username and enables multi-factor authentication.
  3. aws_cognito_user_pool_client Resource: Sets up the client application that users or devices will use to interact with the user pool.
  4. aws_cognito_user_pool_domain Resource: Configures a custom domain for the user pool.

Configuration:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {
    name: "example-user-pool",
    aliasAttributes: ["email"],
    autoVerifiedAttributes: ["email"],
    passwordPolicy: {
        minimumLength: 8,
        requireLowercase: true,
        requireNumbers: true,
        requireSymbols: true,
        requireUppercase: true,
    },
    mfaConfiguration: "OPTIONAL",
    schemas: [{
        attributeDataType: "String",
        name: "email",
        required: true,
        mutable: false,
    }],
});
const exampleUserPoolClient = new aws.cognito.UserPoolClient("example", {
    name: "example-client",
    userPoolId: example.id,
    generateSecret: true,
});
const exampleUserPoolDomain = new aws.cognito.UserPoolDomain("example", {
    domain: "example-domain",
    userPoolId: example.id,
});
export const userPoolId = example.id;
export const userPoolClientId = exampleUserPoolClient.id;
export const userPoolDomain = exampleUserPoolDomain.domain;

In this setup, we defined a user pool with email as an alias attribute and enabled email verification. We configured a password policy enforcing complexity requirements and included optional multi-factor authentication. Additionally, we created a user pool client and a custom domain for the user pool. Finally, outputs were added for the user pool ID, client ID, and domain to be used as references elsewhere in your configurations.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up