1. Packages
  2. AWS Classic
  3. API Docs
  4. cognito
  5. User

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.27.0 published on Monday, Mar 18, 2024 by Pulumi

aws.cognito.User

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.27.0 published on Monday, Mar 18, 2024 by Pulumi

    Provides a Cognito User Resource.

    Example Usage

    Basic configuration

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.cognito.UserPool("example", {name: "MyExamplePool"});
    const exampleUser = new aws.cognito.User("example", {
        userPoolId: example.id,
        username: "example",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.cognito.UserPool("example", name="MyExamplePool")
    example_user = aws.cognito.User("example",
        user_pool_id=example.id,
        username="example")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
    			Name: pulumi.String("MyExamplePool"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = cognito.NewUser(ctx, "example", &cognito.UserArgs{
    			UserPoolId: example.ID(),
    			Username:   pulumi.String("example"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Cognito.UserPool("example", new()
        {
            Name = "MyExamplePool",
        });
    
        var exampleUser = new Aws.Cognito.User("example", new()
        {
            UserPoolId = example.Id,
            Username = "example",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.User;
    import com.pulumi.aws.cognito.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new UserPool("example", UserPoolArgs.builder()        
                .name("MyExamplePool")
                .build());
    
            var exampleUser = new User("exampleUser", UserArgs.builder()        
                .userPoolId(example.id())
                .username("example")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:cognito:UserPool
        properties:
          name: MyExamplePool
      exampleUser:
        type: aws:cognito:User
        name: example
        properties:
          userPoolId: ${example.id}
          username: example
    

    Setting user attributes

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.cognito.UserPool("example", {
        name: "mypool",
        schemas: [
            {
                name: "example",
                attributeDataType: "Boolean",
                mutable: false,
                required: false,
                developerOnlyAttribute: false,
            },
            {
                name: "foo",
                attributeDataType: "String",
                mutable: false,
                required: false,
                developerOnlyAttribute: false,
                stringAttributeConstraints: {},
            },
        ],
    });
    const exampleUser = new aws.cognito.User("example", {
        userPoolId: example.id,
        username: "example",
        attributes: {
            example: "true",
            foo: "bar",
            email: "no-reply@example.com",
            email_verified: "true",
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.cognito.UserPool("example",
        name="mypool",
        schemas=[
            aws.cognito.UserPoolSchemaArgs(
                name="example",
                attribute_data_type="Boolean",
                mutable=False,
                required=False,
                developer_only_attribute=False,
            ),
            aws.cognito.UserPoolSchemaArgs(
                name="foo",
                attribute_data_type="String",
                mutable=False,
                required=False,
                developer_only_attribute=False,
                string_attribute_constraints=aws.cognito.UserPoolSchemaStringAttributeConstraintsArgs(),
            ),
        ])
    example_user = aws.cognito.User("example",
        user_pool_id=example.id,
        username="example",
        attributes={
            "example": "true",
            "foo": "bar",
            "email": "no-reply@example.com",
            "email_verified": "true",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
    			Name: pulumi.String("mypool"),
    			Schemas: cognito.UserPoolSchemaArray{
    				&cognito.UserPoolSchemaArgs{
    					Name:                   pulumi.String("example"),
    					AttributeDataType:      pulumi.String("Boolean"),
    					Mutable:                pulumi.Bool(false),
    					Required:               pulumi.Bool(false),
    					DeveloperOnlyAttribute: pulumi.Bool(false),
    				},
    				&cognito.UserPoolSchemaArgs{
    					Name:                       pulumi.String("foo"),
    					AttributeDataType:          pulumi.String("String"),
    					Mutable:                    pulumi.Bool(false),
    					Required:                   pulumi.Bool(false),
    					DeveloperOnlyAttribute:     pulumi.Bool(false),
    					StringAttributeConstraints: nil,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = cognito.NewUser(ctx, "example", &cognito.UserArgs{
    			UserPoolId: example.ID(),
    			Username:   pulumi.String("example"),
    			Attributes: pulumi.StringMap{
    				"example":        pulumi.String("true"),
    				"foo":            pulumi.String("bar"),
    				"email":          pulumi.String("no-reply@example.com"),
    				"email_verified": pulumi.String("true"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Cognito.UserPool("example", new()
        {
            Name = "mypool",
            Schemas = new[]
            {
                new Aws.Cognito.Inputs.UserPoolSchemaArgs
                {
                    Name = "example",
                    AttributeDataType = "Boolean",
                    Mutable = false,
                    Required = false,
                    DeveloperOnlyAttribute = false,
                },
                new Aws.Cognito.Inputs.UserPoolSchemaArgs
                {
                    Name = "foo",
                    AttributeDataType = "String",
                    Mutable = false,
                    Required = false,
                    DeveloperOnlyAttribute = false,
                    StringAttributeConstraints = null,
                },
            },
        });
    
        var exampleUser = new Aws.Cognito.User("example", new()
        {
            UserPoolId = example.Id,
            Username = "example",
            Attributes = 
            {
                { "example", "true" },
                { "foo", "bar" },
                { "email", "no-reply@example.com" },
                { "email_verified", "true" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSchemaArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSchemaStringAttributeConstraintsArgs;
    import com.pulumi.aws.cognito.User;
    import com.pulumi.aws.cognito.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new UserPool("example", UserPoolArgs.builder()        
                .name("mypool")
                .schemas(            
                    UserPoolSchemaArgs.builder()
                        .name("example")
                        .attributeDataType("Boolean")
                        .mutable(false)
                        .required(false)
                        .developerOnlyAttribute(false)
                        .build(),
                    UserPoolSchemaArgs.builder()
                        .name("foo")
                        .attributeDataType("String")
                        .mutable(false)
                        .required(false)
                        .developerOnlyAttribute(false)
                        .stringAttributeConstraints()
                        .build())
                .build());
    
            var exampleUser = new User("exampleUser", UserArgs.builder()        
                .userPoolId(example.id())
                .username("example")
                .attributes(Map.ofEntries(
                    Map.entry("example", true),
                    Map.entry("foo", "bar"),
                    Map.entry("email", "no-reply@example.com"),
                    Map.entry("email_verified", true)
                ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:cognito:UserPool
        properties:
          name: mypool
          schemas:
            - name: example
              attributeDataType: Boolean
              mutable: false
              required: false
              developerOnlyAttribute: false
            - name: foo
              attributeDataType: String
              mutable: false
              required: false
              developerOnlyAttribute: false
              stringAttributeConstraints: {}
      exampleUser:
        type: aws:cognito:User
        name: example
        properties:
          userPoolId: ${example.id}
          username: example
          attributes:
            example: true
            foo: bar
            email: no-reply@example.com
            email_verified: true
    

    Create User Resource

    new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
    @overload
    def User(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             attributes: Optional[Mapping[str, str]] = None,
             client_metadata: Optional[Mapping[str, str]] = None,
             desired_delivery_mediums: Optional[Sequence[str]] = None,
             enabled: Optional[bool] = None,
             force_alias_creation: Optional[bool] = None,
             message_action: Optional[str] = None,
             password: Optional[str] = None,
             temporary_password: Optional[str] = None,
             user_pool_id: Optional[str] = None,
             username: Optional[str] = None,
             validation_data: Optional[Mapping[str, str]] = None)
    @overload
    def User(resource_name: str,
             args: UserArgs,
             opts: Optional[ResourceOptions] = None)
    func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
    public User(string name, UserArgs args, CustomResourceOptions? opts = null)
    public User(String name, UserArgs args)
    public User(String name, UserArgs args, CustomResourceOptions options)
    
    type: aws:cognito:User
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    User Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The User resource accepts the following input properties:

    UserPoolId string
    The user pool ID for the user pool where the user will be created.
    Username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    Attributes Dictionary<string, string>
    A map that contains user attributes and attribute values to be set for the user.
    ClientMetadata Dictionary<string, string>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    DesiredDeliveryMediums List<string>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    Enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    ForceAliasCreation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    MessageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    Password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    TemporaryPassword string
    The user's temporary password. Conflicts with password.
    ValidationData Dictionary<string, string>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    UserPoolId string
    The user pool ID for the user pool where the user will be created.
    Username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    Attributes map[string]string
    A map that contains user attributes and attribute values to be set for the user.
    ClientMetadata map[string]string
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    DesiredDeliveryMediums []string
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    Enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    ForceAliasCreation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    MessageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    Password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    TemporaryPassword string
    The user's temporary password. Conflicts with password.
    ValidationData map[string]string

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    userPoolId String
    The user pool ID for the user pool where the user will be created.
    username String

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    attributes Map<String,String>
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata Map<String,String>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    desiredDeliveryMediums List<String>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled Boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation Boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    messageAction String
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    password String
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    temporaryPassword String
    The user's temporary password. Conflicts with password.
    validationData Map<String,String>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    userPoolId string
    The user pool ID for the user pool where the user will be created.
    username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    attributes {[key: string]: string}
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata {[key: string]: string}
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    desiredDeliveryMediums string[]
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    messageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    temporaryPassword string
    The user's temporary password. Conflicts with password.
    validationData {[key: string]: string}

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    user_pool_id str
    The user pool ID for the user pool where the user will be created.
    username str

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    attributes Mapping[str, str]
    A map that contains user attributes and attribute values to be set for the user.
    client_metadata Mapping[str, str]
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    desired_delivery_mediums Sequence[str]
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    force_alias_creation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    message_action str
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    password str
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    temporary_password str
    The user's temporary password. Conflicts with password.
    validation_data Mapping[str, str]

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    userPoolId String
    The user pool ID for the user pool where the user will be created.
    username String

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    attributes Map<String>
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata Map<String>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    desiredDeliveryMediums List<String>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled Boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation Boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    messageAction String
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    password String
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    temporaryPassword String
    The user's temporary password. Conflicts with password.
    validationData Map<String>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

    CreationDate string
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedDate string
    MfaSettingLists List<string>
    PreferredMfaSetting string
    Status string
    current user status.
    Sub string
    unique user id that is never reassignable to another user.
    CreationDate string
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedDate string
    MfaSettingLists []string
    PreferredMfaSetting string
    Status string
    current user status.
    Sub string
    unique user id that is never reassignable to another user.
    creationDate String
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate String
    mfaSettingLists List<String>
    preferredMfaSetting String
    status String
    current user status.
    sub String
    unique user id that is never reassignable to another user.
    creationDate string
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate string
    mfaSettingLists string[]
    preferredMfaSetting string
    status string
    current user status.
    sub string
    unique user id that is never reassignable to another user.
    creation_date str
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_date str
    mfa_setting_lists Sequence[str]
    preferred_mfa_setting str
    status str
    current user status.
    sub str
    unique user id that is never reassignable to another user.
    creationDate String
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate String
    mfaSettingLists List<String>
    preferredMfaSetting String
    status String
    current user status.
    sub String
    unique user id that is never reassignable to another user.

    Look up Existing User Resource

    Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            attributes: Optional[Mapping[str, str]] = None,
            client_metadata: Optional[Mapping[str, str]] = None,
            creation_date: Optional[str] = None,
            desired_delivery_mediums: Optional[Sequence[str]] = None,
            enabled: Optional[bool] = None,
            force_alias_creation: Optional[bool] = None,
            last_modified_date: Optional[str] = None,
            message_action: Optional[str] = None,
            mfa_setting_lists: Optional[Sequence[str]] = None,
            password: Optional[str] = None,
            preferred_mfa_setting: Optional[str] = None,
            status: Optional[str] = None,
            sub: Optional[str] = None,
            temporary_password: Optional[str] = None,
            user_pool_id: Optional[str] = None,
            username: Optional[str] = None,
            validation_data: Optional[Mapping[str, str]] = None) -> User
    func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
    public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
    public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Attributes Dictionary<string, string>
    A map that contains user attributes and attribute values to be set for the user.
    ClientMetadata Dictionary<string, string>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    CreationDate string
    DesiredDeliveryMediums List<string>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    Enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    ForceAliasCreation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    LastModifiedDate string
    MessageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    MfaSettingLists List<string>
    Password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    PreferredMfaSetting string
    Status string
    current user status.
    Sub string
    unique user id that is never reassignable to another user.
    TemporaryPassword string
    The user's temporary password. Conflicts with password.
    UserPoolId string
    The user pool ID for the user pool where the user will be created.
    Username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    ValidationData Dictionary<string, string>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    Attributes map[string]string
    A map that contains user attributes and attribute values to be set for the user.
    ClientMetadata map[string]string
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    CreationDate string
    DesiredDeliveryMediums []string
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    Enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    ForceAliasCreation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    LastModifiedDate string
    MessageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    MfaSettingLists []string
    Password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    PreferredMfaSetting string
    Status string
    current user status.
    Sub string
    unique user id that is never reassignable to another user.
    TemporaryPassword string
    The user's temporary password. Conflicts with password.
    UserPoolId string
    The user pool ID for the user pool where the user will be created.
    Username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    ValidationData map[string]string

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    attributes Map<String,String>
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata Map<String,String>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    creationDate String
    desiredDeliveryMediums List<String>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled Boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation Boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    lastModifiedDate String
    messageAction String
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    mfaSettingLists List<String>
    password String
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    preferredMfaSetting String
    status String
    current user status.
    sub String
    unique user id that is never reassignable to another user.
    temporaryPassword String
    The user's temporary password. Conflicts with password.
    userPoolId String
    The user pool ID for the user pool where the user will be created.
    username String

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    validationData Map<String,String>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    attributes {[key: string]: string}
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata {[key: string]: string}
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    creationDate string
    desiredDeliveryMediums string[]
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    lastModifiedDate string
    messageAction string
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    mfaSettingLists string[]
    password string
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    preferredMfaSetting string
    status string
    current user status.
    sub string
    unique user id that is never reassignable to another user.
    temporaryPassword string
    The user's temporary password. Conflicts with password.
    userPoolId string
    The user pool ID for the user pool where the user will be created.
    username string

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    validationData {[key: string]: string}

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    attributes Mapping[str, str]
    A map that contains user attributes and attribute values to be set for the user.
    client_metadata Mapping[str, str]
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    creation_date str
    desired_delivery_mediums Sequence[str]
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled bool
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    force_alias_creation bool
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    last_modified_date str
    message_action str
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    mfa_setting_lists Sequence[str]
    password str
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    preferred_mfa_setting str
    status str
    current user status.
    sub str
    unique user id that is never reassignable to another user.
    temporary_password str
    The user's temporary password. Conflicts with password.
    user_pool_id str
    The user pool ID for the user pool where the user will be created.
    username str

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    validation_data Mapping[str, str]

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    attributes Map<String>
    A map that contains user attributes and attribute values to be set for the user.
    clientMetadata Map<String>
    A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
    creationDate String
    desiredDeliveryMediums List<String>
    A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
    enabled Boolean
    Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
    forceAliasCreation Boolean
    If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
    lastModifiedDate String
    messageAction String
    Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
    mfaSettingLists List<String>
    password String
    The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
    preferredMfaSetting String
    status String
    current user status.
    sub String
    unique user id that is never reassignable to another user.
    temporaryPassword String
    The user's temporary password. Conflicts with password.
    userPoolId String
    The user pool ID for the user pool where the user will be created.
    username String

    The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

    The following arguments are optional:

    validationData Map<String>

    The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

    NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

    Import

    Using pulumi import, import Cognito User using the user_pool_id/name attributes concatenated. For example:

    $ pulumi import aws:cognito/user:User user us-east-1_vG78M4goG/user
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.27.0 published on Monday, Mar 18, 2024 by Pulumi