AWS v6.77.1, Apr 18 25

AWS v6.77.1 published on Friday, Apr 18, 2025 by Pulumi

aws.cognito.UserPool

Explore with Pulumi AI

AWS v6.77.1 published on Friday, Apr 18, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {name: "mypool"});

import pulumi
import pulumi_aws as aws

pool = aws.cognito.UserPool("pool", name="mypool")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
			Name: pulumi.String("mypool"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pool = new Aws.Cognito.UserPool("pool", new()
    {
        Name = "mypool",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pool = new UserPool("pool", UserPoolArgs.builder()
            .name("mypool")
            .build());

    }
}

resources:
  pool:
    type: aws:cognito:UserPool
    properties:
      name: mypool

Enabling SMS and Software Token Multi-Factor Authentication

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {
    mfaConfiguration: "ON",
    smsAuthenticationMessage: "Your code is {####}",
    smsConfiguration: {
        externalId: "example",
        snsCallerArn: exampleAwsIamRole.arn,
        snsRegion: "us-east-1",
    },
    softwareTokenMfaConfiguration: {
        enabled: true,
    },
});

import pulumi
import pulumi_aws as aws

example = aws.cognito.UserPool("example",
    mfa_configuration="ON",
    sms_authentication_message="Your code is {####}",
    sms_configuration={
        "external_id": "example",
        "sns_caller_arn": example_aws_iam_role["arn"],
        "sns_region": "us-east-1",
    },
    software_token_mfa_configuration={
        "enabled": True,
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
			MfaConfiguration:         pulumi.String("ON"),
			SmsAuthenticationMessage: pulumi.String("Your code is {####}"),
			SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
				ExternalId:   pulumi.String("example"),
				SnsCallerArn: pulumi.Any(exampleAwsIamRole.Arn),
				SnsRegion:    pulumi.String("us-east-1"),
			},
			SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
				Enabled: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Cognito.UserPool("example", new()
    {
        MfaConfiguration = "ON",
        SmsAuthenticationMessage = "Your code is {####}",
        SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
        {
            ExternalId = "example",
            SnsCallerArn = exampleAwsIamRole.Arn,
            SnsRegion = "us-east-1",
        },
        SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
        {
            Enabled = true,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new UserPool("example", UserPoolArgs.builder()
            .mfaConfiguration("ON")
            .smsAuthenticationMessage("Your code is {####}")
            .smsConfiguration(UserPoolSmsConfigurationArgs.builder()
                .externalId("example")
                .snsCallerArn(exampleAwsIamRole.arn())
                .snsRegion("us-east-1")
                .build())
            .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
                .enabled(true)
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:cognito:UserPool
    properties:
      mfaConfiguration: ON
      smsAuthenticationMessage: Your code is {####}
      smsConfiguration:
        externalId: example
        snsCallerArn: ${exampleAwsIamRole.arn}
        snsRegion: us-east-1
      softwareTokenMfaConfiguration:
        enabled: true

Using Account Recovery Setting

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.cognito.UserPool("test", {
    name: "mypool",
    accountRecoverySetting: {
        recoveryMechanisms: [
            {
                name: "verified_email",
                priority: 1,
            },
            {
                name: "verified_phone_number",
                priority: 2,
            },
        ],
    },
});

import pulumi
import pulumi_aws as aws

test = aws.cognito.UserPool("test",
    name="mypool",
    account_recovery_setting={
        "recovery_mechanisms": [
            {
                "name": "verified_email",
                "priority": 1,
            },
            {
                "name": "verified_phone_number",
                "priority": 2,
            },
        ],
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
			Name: pulumi.String("mypool"),
			AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
				RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
						Name:     pulumi.String("verified_email"),
						Priority: pulumi.Int(1),
					},
					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
						Name:     pulumi.String("verified_phone_number"),
						Priority: pulumi.Int(2),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = new Aws.Cognito.UserPool("test", new()
    {
        Name = "mypool",
        AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
        {
            RecoveryMechanisms = new[]
            {
                new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                {
                    Name = "verified_email",
                    Priority = 1,
                },
                new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                {
                    Name = "verified_phone_number",
                    Priority = 2,
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new UserPool("test", UserPoolArgs.builder()
            .name("mypool")
            .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
                .recoveryMechanisms(                
                    UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                        .name("verified_email")
                        .priority(1)
                        .build(),
                    UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                        .name("verified_phone_number")
                        .priority(2)
                        .build())
                .build())
            .build());

    }
}

resources:
  test:
    type: aws:cognito:UserPool
    properties:
      name: mypool
      accountRecoverySetting:
        recoveryMechanisms:
          - name: verified_email
            priority: 1
          - name: verified_phone_number
            priority: 2

Create UserPool Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new UserPool(name: string, args?: UserPoolArgs, opts?: CustomResourceOptions);

@overload
def UserPool(resource_name: str,
             args: Optional[UserPoolArgs] = None,
             opts: Optional[ResourceOptions] = None)

@overload
def UserPool(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
             admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
             alias_attributes: Optional[Sequence[str]] = None,
             auto_verified_attributes: Optional[Sequence[str]] = None,
             deletion_protection: Optional[str] = None,
             device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
             email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
             email_mfa_configuration: Optional[UserPoolEmailMfaConfigurationArgs] = None,
             email_verification_message: Optional[str] = None,
             email_verification_subject: Optional[str] = None,
             lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
             mfa_configuration: Optional[str] = None,
             name: Optional[str] = None,
             password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
             schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
             sign_in_policy: Optional[UserPoolSignInPolicyArgs] = None,
             sms_authentication_message: Optional[str] = None,
             sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
             sms_verification_message: Optional[str] = None,
             software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
             tags: Optional[Mapping[str, str]] = None,
             user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
             user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
             user_pool_tier: Optional[str] = None,
             username_attributes: Optional[Sequence[str]] = None,
             username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
             verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None,
             web_authn_configuration: Optional[UserPoolWebAuthnConfigurationArgs] = None)

func NewUserPool(ctx *Context, name string, args *UserPoolArgs, opts ...ResourceOption) (*UserPool, error)

public UserPool(string name, UserPoolArgs? args = null, CustomResourceOptions? opts = null)

public UserPool(String name, UserPoolArgs args)
public UserPool(String name, UserPoolArgs args, CustomResourceOptions options)

type: aws:cognito:UserPool
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args UserPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args UserPoolArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserPoolArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserPoolArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args UserPoolArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var userPoolResource = new Aws.Cognito.UserPool("userPoolResource", new()
{
    AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
    {
        RecoveryMechanisms = new[]
        {
            new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
            {
                Name = "string",
                Priority = 0,
            },
        },
    },
    AdminCreateUserConfig = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigArgs
    {
        AllowAdminCreateUserOnly = false,
        InviteMessageTemplate = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs
        {
            EmailMessage = "string",
            EmailSubject = "string",
            SmsMessage = "string",
        },
    },
    AliasAttributes = new[]
    {
        "string",
    },
    AutoVerifiedAttributes = new[]
    {
        "string",
    },
    DeletionProtection = "string",
    DeviceConfiguration = new Aws.Cognito.Inputs.UserPoolDeviceConfigurationArgs
    {
        ChallengeRequiredOnNewDevice = false,
        DeviceOnlyRememberedOnUserPrompt = false,
    },
    EmailConfiguration = new Aws.Cognito.Inputs.UserPoolEmailConfigurationArgs
    {
        ConfigurationSet = "string",
        EmailSendingAccount = "string",
        FromEmailAddress = "string",
        ReplyToEmailAddress = "string",
        SourceArn = "string",
    },
    EmailMfaConfiguration = new Aws.Cognito.Inputs.UserPoolEmailMfaConfigurationArgs
    {
        Message = "string",
        Subject = "string",
    },
    EmailVerificationMessage = "string",
    EmailVerificationSubject = "string",
    LambdaConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigArgs
    {
        CreateAuthChallenge = "string",
        CustomEmailSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomEmailSenderArgs
        {
            LambdaArn = "string",
            LambdaVersion = "string",
        },
        CustomMessage = "string",
        CustomSmsSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomSmsSenderArgs
        {
            LambdaArn = "string",
            LambdaVersion = "string",
        },
        DefineAuthChallenge = "string",
        KmsKeyId = "string",
        PostAuthentication = "string",
        PostConfirmation = "string",
        PreAuthentication = "string",
        PreSignUp = "string",
        PreTokenGeneration = "string",
        PreTokenGenerationConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigPreTokenGenerationConfigArgs
        {
            LambdaArn = "string",
            LambdaVersion = "string",
        },
        UserMigration = "string",
        VerifyAuthChallengeResponse = "string",
    },
    MfaConfiguration = "string",
    Name = "string",
    PasswordPolicy = new Aws.Cognito.Inputs.UserPoolPasswordPolicyArgs
    {
        MinimumLength = 0,
        PasswordHistorySize = 0,
        RequireLowercase = false,
        RequireNumbers = false,
        RequireSymbols = false,
        RequireUppercase = false,
        TemporaryPasswordValidityDays = 0,
    },
    Schemas = new[]
    {
        new Aws.Cognito.Inputs.UserPoolSchemaArgs
        {
            AttributeDataType = "string",
            Name = "string",
            DeveloperOnlyAttribute = false,
            Mutable = false,
            NumberAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaNumberAttributeConstraintsArgs
            {
                MaxValue = "string",
                MinValue = "string",
            },
            Required = false,
            StringAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaStringAttributeConstraintsArgs
            {
                MaxLength = "string",
                MinLength = "string",
            },
        },
    },
    SignInPolicy = new Aws.Cognito.Inputs.UserPoolSignInPolicyArgs
    {
        AllowedFirstAuthFactors = new[]
        {
            "string",
        },
    },
    SmsAuthenticationMessage = "string",
    SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
    {
        ExternalId = "string",
        SnsCallerArn = "string",
        SnsRegion = "string",
    },
    SmsVerificationMessage = "string",
    SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
    {
        Enabled = false,
    },
    Tags = 
    {
        { "string", "string" },
    },
    UserAttributeUpdateSettings = new Aws.Cognito.Inputs.UserPoolUserAttributeUpdateSettingsArgs
    {
        AttributesRequireVerificationBeforeUpdates = new[]
        {
            "string",
        },
    },
    UserPoolAddOns = new Aws.Cognito.Inputs.UserPoolUserPoolAddOnsArgs
    {
        AdvancedSecurityMode = "string",
    },
    UserPoolTier = "string",
    UsernameAttributes = new[]
    {
        "string",
    },
    UsernameConfiguration = new Aws.Cognito.Inputs.UserPoolUsernameConfigurationArgs
    {
        CaseSensitive = false,
    },
    VerificationMessageTemplate = new Aws.Cognito.Inputs.UserPoolVerificationMessageTemplateArgs
    {
        DefaultEmailOption = "string",
        EmailMessage = "string",
        EmailMessageByLink = "string",
        EmailSubject = "string",
        EmailSubjectByLink = "string",
        SmsMessage = "string",
    },
    WebAuthnConfiguration = new Aws.Cognito.Inputs.UserPoolWebAuthnConfigurationArgs
    {
        RelyingPartyId = "string",
        UserVerification = "string",
    },
});

example, err := cognito.NewUserPool(ctx, "userPoolResource", &cognito.UserPoolArgs{
	AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
		RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
			&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
				Name:     pulumi.String("string"),
				Priority: pulumi.Int(0),
			},
		},
	},
	AdminCreateUserConfig: &cognito.UserPoolAdminCreateUserConfigArgs{
		AllowAdminCreateUserOnly: pulumi.Bool(false),
		InviteMessageTemplate: &cognito.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs{
			EmailMessage: pulumi.String("string"),
			EmailSubject: pulumi.String("string"),
			SmsMessage:   pulumi.String("string"),
		},
	},
	AliasAttributes: pulumi.StringArray{
		pulumi.String("string"),
	},
	AutoVerifiedAttributes: pulumi.StringArray{
		pulumi.String("string"),
	},
	DeletionProtection: pulumi.String("string"),
	DeviceConfiguration: &cognito.UserPoolDeviceConfigurationArgs{
		ChallengeRequiredOnNewDevice:     pulumi.Bool(false),
		DeviceOnlyRememberedOnUserPrompt: pulumi.Bool(false),
	},
	EmailConfiguration: &cognito.UserPoolEmailConfigurationArgs{
		ConfigurationSet:    pulumi.String("string"),
		EmailSendingAccount: pulumi.String("string"),
		FromEmailAddress:    pulumi.String("string"),
		ReplyToEmailAddress: pulumi.String("string"),
		SourceArn:           pulumi.String("string"),
	},
	EmailMfaConfiguration: &cognito.UserPoolEmailMfaConfigurationArgs{
		Message: pulumi.String("string"),
		Subject: pulumi.String("string"),
	},
	EmailVerificationMessage: pulumi.String("string"),
	EmailVerificationSubject: pulumi.String("string"),
	LambdaConfig: &cognito.UserPoolLambdaConfigArgs{
		CreateAuthChallenge: pulumi.String("string"),
		CustomEmailSender: &cognito.UserPoolLambdaConfigCustomEmailSenderArgs{
			LambdaArn:     pulumi.String("string"),
			LambdaVersion: pulumi.String("string"),
		},
		CustomMessage: pulumi.String("string"),
		CustomSmsSender: &cognito.UserPoolLambdaConfigCustomSmsSenderArgs{
			LambdaArn:     pulumi.String("string"),
			LambdaVersion: pulumi.String("string"),
		},
		DefineAuthChallenge: pulumi.String("string"),
		KmsKeyId:            pulumi.String("string"),
		PostAuthentication:  pulumi.String("string"),
		PostConfirmation:    pulumi.String("string"),
		PreAuthentication:   pulumi.String("string"),
		PreSignUp:           pulumi.String("string"),
		PreTokenGeneration:  pulumi.String("string"),
		PreTokenGenerationConfig: &cognito.UserPoolLambdaConfigPreTokenGenerationConfigArgs{
			LambdaArn:     pulumi.String("string"),
			LambdaVersion: pulumi.String("string"),
		},
		UserMigration:               pulumi.String("string"),
		VerifyAuthChallengeResponse: pulumi.String("string"),
	},
	MfaConfiguration: pulumi.String("string"),
	Name:             pulumi.String("string"),
	PasswordPolicy: &cognito.UserPoolPasswordPolicyArgs{
		MinimumLength:                 pulumi.Int(0),
		PasswordHistorySize:           pulumi.Int(0),
		RequireLowercase:              pulumi.Bool(false),
		RequireNumbers:                pulumi.Bool(false),
		RequireSymbols:                pulumi.Bool(false),
		RequireUppercase:              pulumi.Bool(false),
		TemporaryPasswordValidityDays: pulumi.Int(0),
	},
	Schemas: cognito.UserPoolSchemaArray{
		&cognito.UserPoolSchemaArgs{
			AttributeDataType:      pulumi.String("string"),
			Name:                   pulumi.String("string"),
			DeveloperOnlyAttribute: pulumi.Bool(false),
			Mutable:                pulumi.Bool(false),
			NumberAttributeConstraints: &cognito.UserPoolSchemaNumberAttributeConstraintsArgs{
				MaxValue: pulumi.String("string"),
				MinValue: pulumi.String("string"),
			},
			Required: pulumi.Bool(false),
			StringAttributeConstraints: &cognito.UserPoolSchemaStringAttributeConstraintsArgs{
				MaxLength: pulumi.String("string"),
				MinLength: pulumi.String("string"),
			},
		},
	},
	SignInPolicy: &cognito.UserPoolSignInPolicyArgs{
		AllowedFirstAuthFactors: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	SmsAuthenticationMessage: pulumi.String("string"),
	SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
		ExternalId:   pulumi.String("string"),
		SnsCallerArn: pulumi.String("string"),
		SnsRegion:    pulumi.String("string"),
	},
	SmsVerificationMessage: pulumi.String("string"),
	SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
		Enabled: pulumi.Bool(false),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	UserAttributeUpdateSettings: &cognito.UserPoolUserAttributeUpdateSettingsArgs{
		AttributesRequireVerificationBeforeUpdates: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	UserPoolAddOns: &cognito.UserPoolUserPoolAddOnsArgs{
		AdvancedSecurityMode: pulumi.String("string"),
	},
	UserPoolTier: pulumi.String("string"),
	UsernameAttributes: pulumi.StringArray{
		pulumi.String("string"),
	},
	UsernameConfiguration: &cognito.UserPoolUsernameConfigurationArgs{
		CaseSensitive: pulumi.Bool(false),
	},
	VerificationMessageTemplate: &cognito.UserPoolVerificationMessageTemplateArgs{
		DefaultEmailOption: pulumi.String("string"),
		EmailMessage:       pulumi.String("string"),
		EmailMessageByLink: pulumi.String("string"),
		EmailSubject:       pulumi.String("string"),
		EmailSubjectByLink: pulumi.String("string"),
		SmsMessage:         pulumi.String("string"),
	},
	WebAuthnConfiguration: &cognito.UserPoolWebAuthnConfigurationArgs{
		RelyingPartyId:   pulumi.String("string"),
		UserVerification: pulumi.String("string"),
	},
})

var userPoolResource = new UserPool("userPoolResource", UserPoolArgs.builder()
    .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
        .recoveryMechanisms(UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
            .name("string")
            .priority(0)
            .build())
        .build())
    .adminCreateUserConfig(UserPoolAdminCreateUserConfigArgs.builder()
        .allowAdminCreateUserOnly(false)
        .inviteMessageTemplate(UserPoolAdminCreateUserConfigInviteMessageTemplateArgs.builder()
            .emailMessage("string")
            .emailSubject("string")
            .smsMessage("string")
            .build())
        .build())
    .aliasAttributes("string")
    .autoVerifiedAttributes("string")
    .deletionProtection("string")
    .deviceConfiguration(UserPoolDeviceConfigurationArgs.builder()
        .challengeRequiredOnNewDevice(false)
        .deviceOnlyRememberedOnUserPrompt(false)
        .build())
    .emailConfiguration(UserPoolEmailConfigurationArgs.builder()
        .configurationSet("string")
        .emailSendingAccount("string")
        .fromEmailAddress("string")
        .replyToEmailAddress("string")
        .sourceArn("string")
        .build())
    .emailMfaConfiguration(UserPoolEmailMfaConfigurationArgs.builder()
        .message("string")
        .subject("string")
        .build())
    .emailVerificationMessage("string")
    .emailVerificationSubject("string")
    .lambdaConfig(UserPoolLambdaConfigArgs.builder()
        .createAuthChallenge("string")
        .customEmailSender(UserPoolLambdaConfigCustomEmailSenderArgs.builder()
            .lambdaArn("string")
            .lambdaVersion("string")
            .build())
        .customMessage("string")
        .customSmsSender(UserPoolLambdaConfigCustomSmsSenderArgs.builder()
            .lambdaArn("string")
            .lambdaVersion("string")
            .build())
        .defineAuthChallenge("string")
        .kmsKeyId("string")
        .postAuthentication("string")
        .postConfirmation("string")
        .preAuthentication("string")
        .preSignUp("string")
        .preTokenGeneration("string")
        .preTokenGenerationConfig(UserPoolLambdaConfigPreTokenGenerationConfigArgs.builder()
            .lambdaArn("string")
            .lambdaVersion("string")
            .build())
        .userMigration("string")
        .verifyAuthChallengeResponse("string")
        .build())
    .mfaConfiguration("string")
    .name("string")
    .passwordPolicy(UserPoolPasswordPolicyArgs.builder()
        .minimumLength(0)
        .passwordHistorySize(0)
        .requireLowercase(false)
        .requireNumbers(false)
        .requireSymbols(false)
        .requireUppercase(false)
        .temporaryPasswordValidityDays(0)
        .build())
    .schemas(UserPoolSchemaArgs.builder()
        .attributeDataType("string")
        .name("string")
        .developerOnlyAttribute(false)
        .mutable(false)
        .numberAttributeConstraints(UserPoolSchemaNumberAttributeConstraintsArgs.builder()
            .maxValue("string")
            .minValue("string")
            .build())
        .required(false)
        .stringAttributeConstraints(UserPoolSchemaStringAttributeConstraintsArgs.builder()
            .maxLength("string")
            .minLength("string")
            .build())
        .build())
    .signInPolicy(UserPoolSignInPolicyArgs.builder()
        .allowedFirstAuthFactors("string")
        .build())
    .smsAuthenticationMessage("string")
    .smsConfiguration(UserPoolSmsConfigurationArgs.builder()
        .externalId("string")
        .snsCallerArn("string")
        .snsRegion("string")
        .build())
    .smsVerificationMessage("string")
    .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
        .enabled(false)
        .build())
    .tags(Map.of("string", "string"))
    .userAttributeUpdateSettings(UserPoolUserAttributeUpdateSettingsArgs.builder()
        .attributesRequireVerificationBeforeUpdates("string")
        .build())
    .userPoolAddOns(UserPoolUserPoolAddOnsArgs.builder()
        .advancedSecurityMode("string")
        .build())
    .userPoolTier("string")
    .usernameAttributes("string")
    .usernameConfiguration(UserPoolUsernameConfigurationArgs.builder()
        .caseSensitive(false)
        .build())
    .verificationMessageTemplate(UserPoolVerificationMessageTemplateArgs.builder()
        .defaultEmailOption("string")
        .emailMessage("string")
        .emailMessageByLink("string")
        .emailSubject("string")
        .emailSubjectByLink("string")
        .smsMessage("string")
        .build())
    .webAuthnConfiguration(UserPoolWebAuthnConfigurationArgs.builder()
        .relyingPartyId("string")
        .userVerification("string")
        .build())
    .build());

user_pool_resource = aws.cognito.UserPool("userPoolResource",
    account_recovery_setting={
        "recovery_mechanisms": [{
            "name": "string",
            "priority": 0,
        }],
    },
    admin_create_user_config={
        "allow_admin_create_user_only": False,
        "invite_message_template": {
            "email_message": "string",
            "email_subject": "string",
            "sms_message": "string",
        },
    },
    alias_attributes=["string"],
    auto_verified_attributes=["string"],
    deletion_protection="string",
    device_configuration={
        "challenge_required_on_new_device": False,
        "device_only_remembered_on_user_prompt": False,
    },
    email_configuration={
        "configuration_set": "string",
        "email_sending_account": "string",
        "from_email_address": "string",
        "reply_to_email_address": "string",
        "source_arn": "string",
    },
    email_mfa_configuration={
        "message": "string",
        "subject": "string",
    },
    email_verification_message="string",
    email_verification_subject="string",
    lambda_config={
        "create_auth_challenge": "string",
        "custom_email_sender": {
            "lambda_arn": "string",
            "lambda_version": "string",
        },
        "custom_message": "string",
        "custom_sms_sender": {
            "lambda_arn": "string",
            "lambda_version": "string",
        },
        "define_auth_challenge": "string",
        "kms_key_id": "string",
        "post_authentication": "string",
        "post_confirmation": "string",
        "pre_authentication": "string",
        "pre_sign_up": "string",
        "pre_token_generation": "string",
        "pre_token_generation_config": {
            "lambda_arn": "string",
            "lambda_version": "string",
        },
        "user_migration": "string",
        "verify_auth_challenge_response": "string",
    },
    mfa_configuration="string",
    name="string",
    password_policy={
        "minimum_length": 0,
        "password_history_size": 0,
        "require_lowercase": False,
        "require_numbers": False,
        "require_symbols": False,
        "require_uppercase": False,
        "temporary_password_validity_days": 0,
    },
    schemas=[{
        "attribute_data_type": "string",
        "name": "string",
        "developer_only_attribute": False,
        "mutable": False,
        "number_attribute_constraints": {
            "max_value": "string",
            "min_value": "string",
        },
        "required": False,
        "string_attribute_constraints": {
            "max_length": "string",
            "min_length": "string",
        },
    }],
    sign_in_policy={
        "allowed_first_auth_factors": ["string"],
    },
    sms_authentication_message="string",
    sms_configuration={
        "external_id": "string",
        "sns_caller_arn": "string",
        "sns_region": "string",
    },
    sms_verification_message="string",
    software_token_mfa_configuration={
        "enabled": False,
    },
    tags={
        "string": "string",
    },
    user_attribute_update_settings={
        "attributes_require_verification_before_updates": ["string"],
    },
    user_pool_add_ons={
        "advanced_security_mode": "string",
    },
    user_pool_tier="string",
    username_attributes=["string"],
    username_configuration={
        "case_sensitive": False,
    },
    verification_message_template={
        "default_email_option": "string",
        "email_message": "string",
        "email_message_by_link": "string",
        "email_subject": "string",
        "email_subject_by_link": "string",
        "sms_message": "string",
    },
    web_authn_configuration={
        "relying_party_id": "string",
        "user_verification": "string",
    })

const userPoolResource = new aws.cognito.UserPool("userPoolResource", {
    accountRecoverySetting: {
        recoveryMechanisms: [{
            name: "string",
            priority: 0,
        }],
    },
    adminCreateUserConfig: {
        allowAdminCreateUserOnly: false,
        inviteMessageTemplate: {
            emailMessage: "string",
            emailSubject: "string",
            smsMessage: "string",
        },
    },
    aliasAttributes: ["string"],
    autoVerifiedAttributes: ["string"],
    deletionProtection: "string",
    deviceConfiguration: {
        challengeRequiredOnNewDevice: false,
        deviceOnlyRememberedOnUserPrompt: false,
    },
    emailConfiguration: {
        configurationSet: "string",
        emailSendingAccount: "string",
        fromEmailAddress: "string",
        replyToEmailAddress: "string",
        sourceArn: "string",
    },
    emailMfaConfiguration: {
        message: "string",
        subject: "string",
    },
    emailVerificationMessage: "string",
    emailVerificationSubject: "string",
    lambdaConfig: {
        createAuthChallenge: "string",
        customEmailSender: {
            lambdaArn: "string",
            lambdaVersion: "string",
        },
        customMessage: "string",
        customSmsSender: {
            lambdaArn: "string",
            lambdaVersion: "string",
        },
        defineAuthChallenge: "string",
        kmsKeyId: "string",
        postAuthentication: "string",
        postConfirmation: "string",
        preAuthentication: "string",
        preSignUp: "string",
        preTokenGeneration: "string",
        preTokenGenerationConfig: {
            lambdaArn: "string",
            lambdaVersion: "string",
        },
        userMigration: "string",
        verifyAuthChallengeResponse: "string",
    },
    mfaConfiguration: "string",
    name: "string",
    passwordPolicy: {
        minimumLength: 0,
        passwordHistorySize: 0,
        requireLowercase: false,
        requireNumbers: false,
        requireSymbols: false,
        requireUppercase: false,
        temporaryPasswordValidityDays: 0,
    },
    schemas: [{
        attributeDataType: "string",
        name: "string",
        developerOnlyAttribute: false,
        mutable: false,
        numberAttributeConstraints: {
            maxValue: "string",
            minValue: "string",
        },
        required: false,
        stringAttributeConstraints: {
            maxLength: "string",
            minLength: "string",
        },
    }],
    signInPolicy: {
        allowedFirstAuthFactors: ["string"],
    },
    smsAuthenticationMessage: "string",
    smsConfiguration: {
        externalId: "string",
        snsCallerArn: "string",
        snsRegion: "string",
    },
    smsVerificationMessage: "string",
    softwareTokenMfaConfiguration: {
        enabled: false,
    },
    tags: {
        string: "string",
    },
    userAttributeUpdateSettings: {
        attributesRequireVerificationBeforeUpdates: ["string"],
    },
    userPoolAddOns: {
        advancedSecurityMode: "string",
    },
    userPoolTier: "string",
    usernameAttributes: ["string"],
    usernameConfiguration: {
        caseSensitive: false,
    },
    verificationMessageTemplate: {
        defaultEmailOption: "string",
        emailMessage: "string",
        emailMessageByLink: "string",
        emailSubject: "string",
        emailSubjectByLink: "string",
        smsMessage: "string",
    },
    webAuthnConfiguration: {
        relyingPartyId: "string",
        userVerification: "string",
    },
});

type: aws:cognito:UserPool
properties:
    accountRecoverySetting:
        recoveryMechanisms:
            - name: string
              priority: 0
    adminCreateUserConfig:
        allowAdminCreateUserOnly: false
        inviteMessageTemplate:
            emailMessage: string
            emailSubject: string
            smsMessage: string
    aliasAttributes:
        - string
    autoVerifiedAttributes:
        - string
    deletionProtection: string
    deviceConfiguration:
        challengeRequiredOnNewDevice: false
        deviceOnlyRememberedOnUserPrompt: false
    emailConfiguration:
        configurationSet: string
        emailSendingAccount: string
        fromEmailAddress: string
        replyToEmailAddress: string
        sourceArn: string
    emailMfaConfiguration:
        message: string
        subject: string
    emailVerificationMessage: string
    emailVerificationSubject: string
    lambdaConfig:
        createAuthChallenge: string
        customEmailSender:
            lambdaArn: string
            lambdaVersion: string
        customMessage: string
        customSmsSender:
            lambdaArn: string
            lambdaVersion: string
        defineAuthChallenge: string
        kmsKeyId: string
        postAuthentication: string
        postConfirmation: string
        preAuthentication: string
        preSignUp: string
        preTokenGeneration: string
        preTokenGenerationConfig:
            lambdaArn: string
            lambdaVersion: string
        userMigration: string
        verifyAuthChallengeResponse: string
    mfaConfiguration: string
    name: string
    passwordPolicy:
        minimumLength: 0
        passwordHistorySize: 0
        requireLowercase: false
        requireNumbers: false
        requireSymbols: false
        requireUppercase: false
        temporaryPasswordValidityDays: 0
    schemas:
        - attributeDataType: string
          developerOnlyAttribute: false
          mutable: false
          name: string
          numberAttributeConstraints:
            maxValue: string
            minValue: string
          required: false
          stringAttributeConstraints:
            maxLength: string
            minLength: string
    signInPolicy:
        allowedFirstAuthFactors:
            - string
    smsAuthenticationMessage: string
    smsConfiguration:
        externalId: string
        snsCallerArn: string
        snsRegion: string
    smsVerificationMessage: string
    softwareTokenMfaConfiguration:
        enabled: false
    tags:
        string: string
    userAttributeUpdateSettings:
        attributesRequireVerificationBeforeUpdates:
            - string
    userPoolAddOns:
        advancedSecurityMode: string
    userPoolTier: string
    usernameAttributes:
        - string
    usernameConfiguration:
        caseSensitive: false
    verificationMessageTemplate:
        defaultEmailOption: string
        emailMessage: string
        emailMessageByLink: string
        emailSubject: string
        emailSubjectByLink: string
        smsMessage: string
    webAuthnConfiguration:
        relyingPartyId: string
        userVerification: string

UserPool Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The UserPool resource accepts the following input properties:

AccountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

AdminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

AliasAttributes List<string>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

AutoVerifiedAttributes List<string>

Attributes to be auto-verified. Valid values: email, phone_number.

DeletionProtection string

When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

DeviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

EmailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

EmailMfaConfiguration UserPoolEmailMfaConfiguration

Configuration block for configuring email Multi-Factor Authentication (MFA); requires at least 2 account_recovery_setting entries; requires an email_configuration configuration block. Detailed below.

EmailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

EmailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

LambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

MfaConfiguration string

Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

Name string

Name of the user pool.

The following arguments are optional:

PasswordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

Schemas List<UserPoolSchema>

Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

SignInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

SmsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

SmsConfiguration UserPoolSmsConfiguration

Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

SmsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

Tags Dictionary<string, string>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

UserPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

UserPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

UsernameAttributes List<string>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

UsernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

VerificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

WebAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

AccountRecoverySetting UserPoolAccountRecoverySettingArgs

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs

Configuration block for creating a new user profile. Detailed below.

AliasAttributes []string

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

AutoVerifiedAttributes []string

Attributes to be auto-verified. Valid values: email, phone_number.

DeletionProtection string

DeviceConfiguration UserPoolDeviceConfigurationArgs

Configuration block for the user pool's device tracking. Detailed below.

EmailConfiguration UserPoolEmailConfigurationArgs

Configuration block for configuring email. Detailed below.

EmailMfaConfiguration UserPoolEmailMfaConfigurationArgs

EmailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

EmailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

LambdaConfig UserPoolLambdaConfigArgs

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

MfaConfiguration string

Name string

Name of the user pool.

The following arguments are optional:

PasswordPolicy UserPoolPasswordPolicyArgs

Configuration block for information about the user pool password policy. Detailed below.

Schemas []UserPoolSchemaArgs

SignInPolicy UserPoolSignInPolicyArgs

Configuration block for information about the user pool sign in policy. Detailed below.

SmsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

SmsConfiguration UserPoolSmsConfigurationArgs

SmsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

Tags map[string]string

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs

Configuration block for user attribute update settings. Detailed below.

UserPoolAddOns UserPoolUserPoolAddOnsArgs

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

UserPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

UsernameAttributes []string

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

UsernameConfiguration UserPoolUsernameConfigurationArgs

Configuration block for username configuration. Detailed below.

VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs

Configuration block for verification message templates. Detailed below.

WebAuthnConfiguration UserPoolWebAuthnConfigurationArgs

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

aliasAttributes List<String>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

autoVerifiedAttributes List<String>

Attributes to be auto-verified. Valid values: email, phone_number.

deletionProtection String

deviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

emailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

emailMfaConfiguration UserPoolEmailMfaConfiguration

emailVerificationMessage String

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject String

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

lambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

mfaConfiguration String

name String

Name of the user pool.

The following arguments are optional:

passwordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

schemas List<UserPoolSchema>

signInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage String

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration UserPoolSmsConfiguration

smsVerificationMessage String

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Map<String,String>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier String

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes List<String>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

verificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

aliasAttributes string[]

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

autoVerifiedAttributes string[]

Attributes to be auto-verified. Valid values: email, phone_number.

deletionProtection string

deviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

emailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

emailMfaConfiguration UserPoolEmailMfaConfiguration

emailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

lambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

mfaConfiguration string

name string

Name of the user pool.

The following arguments are optional:

passwordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

schemas UserPoolSchema[]

signInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration UserPoolSmsConfiguration

smsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags {[key: string]: string}

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes string[]

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

verificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

account_recovery_setting UserPoolAccountRecoverySettingArgs

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

admin_create_user_config UserPoolAdminCreateUserConfigArgs

Configuration block for creating a new user profile. Detailed below.

alias_attributes Sequence[str]

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

auto_verified_attributes Sequence[str]

Attributes to be auto-verified. Valid values: email, phone_number.

deletion_protection str

device_configuration UserPoolDeviceConfigurationArgs

Configuration block for the user pool's device tracking. Detailed below.

email_configuration UserPoolEmailConfigurationArgs

Configuration block for configuring email. Detailed below.

email_mfa_configuration UserPoolEmailMfaConfigurationArgs

email_verification_message str

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

email_verification_subject str

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

lambda_config UserPoolLambdaConfigArgs

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

mfa_configuration str

name str

Name of the user pool.

The following arguments are optional:

password_policy UserPoolPasswordPolicyArgs

Configuration block for information about the user pool password policy. Detailed below.

schemas Sequence[UserPoolSchemaArgs]

sign_in_policy UserPoolSignInPolicyArgs

Configuration block for information about the user pool sign in policy. Detailed below.

sms_authentication_message str

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

sms_configuration UserPoolSmsConfigurationArgs

sms_verification_message str

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Mapping[str, str]

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs

Configuration block for user attribute update settings. Detailed below.

user_pool_add_ons UserPoolUserPoolAddOnsArgs

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

user_pool_tier str

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

username_attributes Sequence[str]

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

username_configuration UserPoolUsernameConfigurationArgs

Configuration block for username configuration. Detailed below.

verification_message_template UserPoolVerificationMessageTemplateArgs

Configuration block for verification message templates. Detailed below.

web_authn_configuration UserPoolWebAuthnConfigurationArgs

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting Property Map

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig Property Map

Configuration block for creating a new user profile. Detailed below.

aliasAttributes List<String>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

autoVerifiedAttributes List<String>

Attributes to be auto-verified. Valid values: email, phone_number.

deletionProtection String

deviceConfiguration Property Map

Configuration block for the user pool's device tracking. Detailed below.

emailConfiguration Property Map

Configuration block for configuring email. Detailed below.

emailMfaConfiguration Property Map

emailVerificationMessage String

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject String

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

lambdaConfig Property Map

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

mfaConfiguration String

name String

Name of the user pool.

The following arguments are optional:

passwordPolicy Property Map

Configuration block for information about the user pool password policy. Detailed below.

schemas List<Property Map>

signInPolicy Property Map

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage String

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration Property Map

smsVerificationMessage String

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration Property Map

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Map<String>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userAttributeUpdateSettings Property Map

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns Property Map

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier String

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes List<String>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration Property Map

Configuration block for username configuration. Detailed below.

verificationMessageTemplate Property Map

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration Property Map

Configuration block for web authn configuration. Detailed below.

Outputs

All input properties are implicitly available as output properties. Additionally, the UserPool resource produces the following output properties:

Arn string: ARN of the user pool.
CreationDate string: Date the user pool was created.
CustomDomain string: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
Domain string: Holds the domain prefix if the user pool has a domain associated with it.
Endpoint string: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
EstimatedNumberOfUsers int: A number estimating the size of the user pool.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedDate string: Date the user pool was last modified.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: ARN of the user pool.
CreationDate string: Date the user pool was created.
CustomDomain string: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
Domain string: Holds the domain prefix if the user pool has a domain associated with it.
Endpoint string: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
EstimatedNumberOfUsers int: A number estimating the size of the user pool.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedDate string: Date the user pool was last modified.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the user pool.
creationDate String: Date the user pool was created.
customDomain String: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
domain String: Holds the domain prefix if the user pool has a domain associated with it.
endpoint String: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
estimatedNumberOfUsers Integer: A number estimating the size of the user pool.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedDate String: Date the user pool was last modified.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: ARN of the user pool.
creationDate string: Date the user pool was created.
customDomain string: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
domain string: Holds the domain prefix if the user pool has a domain associated with it.
endpoint string: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
estimatedNumberOfUsers number: A number estimating the size of the user pool.
id string: The provider-assigned unique ID for this managed resource.
lastModifiedDate string: Date the user pool was last modified.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: ARN of the user pool.
creation_date str: Date the user pool was created.
custom_domain str: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
domain str: Holds the domain prefix if the user pool has a domain associated with it.
endpoint str: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
estimated_number_of_users int: A number estimating the size of the user pool.
id str: The provider-assigned unique ID for this managed resource.
last_modified_date str: Date the user pool was last modified.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the user pool.
creationDate String: Date the user pool was created.
customDomain String: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
domain String: Holds the domain prefix if the user pool has a domain associated with it.
endpoint String: Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
estimatedNumberOfUsers Number: A number estimating the size of the user pool.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedDate String: Date the user pool was last modified.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing UserPool Resource

Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserPoolState, opts?: CustomResourceOptions): UserPool

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
        admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
        alias_attributes: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        auto_verified_attributes: Optional[Sequence[str]] = None,
        creation_date: Optional[str] = None,
        custom_domain: Optional[str] = None,
        deletion_protection: Optional[str] = None,
        device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
        domain: Optional[str] = None,
        email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
        email_mfa_configuration: Optional[UserPoolEmailMfaConfigurationArgs] = None,
        email_verification_message: Optional[str] = None,
        email_verification_subject: Optional[str] = None,
        endpoint: Optional[str] = None,
        estimated_number_of_users: Optional[int] = None,
        lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
        last_modified_date: Optional[str] = None,
        mfa_configuration: Optional[str] = None,
        name: Optional[str] = None,
        password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
        schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
        sign_in_policy: Optional[UserPoolSignInPolicyArgs] = None,
        sms_authentication_message: Optional[str] = None,
        sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
        sms_verification_message: Optional[str] = None,
        software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
        user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
        user_pool_tier: Optional[str] = None,
        username_attributes: Optional[Sequence[str]] = None,
        username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
        verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None,
        web_authn_configuration: Optional[UserPoolWebAuthnConfigurationArgs] = None) -> UserPool

func GetUserPool(ctx *Context, name string, id IDInput, state *UserPoolState, opts ...ResourceOption) (*UserPool, error)

public static UserPool Get(string name, Input<string> id, UserPoolState? state, CustomResourceOptions? opts = null)

public static UserPool get(String name, Output<String> id, UserPoolState state, CustomResourceOptions options)

resources:  _:    type: aws:cognito:UserPool    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

AdminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

AliasAttributes List<string>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

Arn string

ARN of the user pool.

AutoVerifiedAttributes List<string>

Attributes to be auto-verified. Valid values: email, phone_number.

CreationDate string

Date the user pool was created.

CustomDomain string

A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

DeletionProtection string

DeviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

Domain string

Holds the domain prefix if the user pool has a domain associated with it.

EmailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

EmailMfaConfiguration UserPoolEmailMfaConfiguration

EmailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

EmailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

Endpoint string

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

EstimatedNumberOfUsers int

A number estimating the size of the user pool.

LambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

LastModifiedDate string

Date the user pool was last modified.

MfaConfiguration string

Name string

Name of the user pool.

The following arguments are optional:

PasswordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

Schemas List<UserPoolSchema>

SignInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

SmsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

SmsConfiguration UserPoolSmsConfiguration

SmsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

Tags Dictionary<string, string>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

UserPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

UserPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

UsernameAttributes List<string>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

UsernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

VerificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

WebAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

AccountRecoverySetting UserPoolAccountRecoverySettingArgs

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs

Configuration block for creating a new user profile. Detailed below.

AliasAttributes []string

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

Arn string

ARN of the user pool.

AutoVerifiedAttributes []string

Attributes to be auto-verified. Valid values: email, phone_number.

CreationDate string

Date the user pool was created.

CustomDomain string

DeletionProtection string

DeviceConfiguration UserPoolDeviceConfigurationArgs

Configuration block for the user pool's device tracking. Detailed below.

Domain string

Holds the domain prefix if the user pool has a domain associated with it.

EmailConfiguration UserPoolEmailConfigurationArgs

Configuration block for configuring email. Detailed below.

EmailMfaConfiguration UserPoolEmailMfaConfigurationArgs

EmailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

EmailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

Endpoint string

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

EstimatedNumberOfUsers int

A number estimating the size of the user pool.

LambdaConfig UserPoolLambdaConfigArgs

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

LastModifiedDate string

Date the user pool was last modified.

MfaConfiguration string

Name string

Name of the user pool.

The following arguments are optional:

PasswordPolicy UserPoolPasswordPolicyArgs

Configuration block for information about the user pool password policy. Detailed below.

Schemas []UserPoolSchemaArgs

SignInPolicy UserPoolSignInPolicyArgs

Configuration block for information about the user pool sign in policy. Detailed below.

SmsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

SmsConfiguration UserPoolSmsConfigurationArgs

SmsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

Tags map[string]string

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs

Configuration block for user attribute update settings. Detailed below.

UserPoolAddOns UserPoolUserPoolAddOnsArgs

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

UserPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

UsernameAttributes []string

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

UsernameConfiguration UserPoolUsernameConfigurationArgs

Configuration block for username configuration. Detailed below.

VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs

Configuration block for verification message templates. Detailed below.

WebAuthnConfiguration UserPoolWebAuthnConfigurationArgs

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

aliasAttributes List<String>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

arn String

ARN of the user pool.

autoVerifiedAttributes List<String>

Attributes to be auto-verified. Valid values: email, phone_number.

creationDate String

Date the user pool was created.

customDomain String

deletionProtection String

deviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

domain String

Holds the domain prefix if the user pool has a domain associated with it.

emailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

emailMfaConfiguration UserPoolEmailMfaConfiguration

emailVerificationMessage String

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject String

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

endpoint String

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

estimatedNumberOfUsers Integer

A number estimating the size of the user pool.

lambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

lastModifiedDate String

Date the user pool was last modified.

mfaConfiguration String

name String

Name of the user pool.

The following arguments are optional:

passwordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

schemas List<UserPoolSchema>

signInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage String

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration UserPoolSmsConfiguration

smsVerificationMessage String

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Map<String,String>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier String

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes List<String>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

verificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting UserPoolAccountRecoverySetting

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig UserPoolAdminCreateUserConfig

Configuration block for creating a new user profile. Detailed below.

aliasAttributes string[]

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

arn string

ARN of the user pool.

autoVerifiedAttributes string[]

Attributes to be auto-verified. Valid values: email, phone_number.

creationDate string

Date the user pool was created.

customDomain string

deletionProtection string

deviceConfiguration UserPoolDeviceConfiguration

Configuration block for the user pool's device tracking. Detailed below.

domain string

Holds the domain prefix if the user pool has a domain associated with it.

emailConfiguration UserPoolEmailConfiguration

Configuration block for configuring email. Detailed below.

emailMfaConfiguration UserPoolEmailMfaConfiguration

emailVerificationMessage string

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject string

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

endpoint string

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

estimatedNumberOfUsers number

A number estimating the size of the user pool.

lambdaConfig UserPoolLambdaConfig

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

lastModifiedDate string

Date the user pool was last modified.

mfaConfiguration string

name string

Name of the user pool.

The following arguments are optional:

passwordPolicy UserPoolPasswordPolicy

Configuration block for information about the user pool password policy. Detailed below.

schemas UserPoolSchema[]

signInPolicy UserPoolSignInPolicy

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage string

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration UserPoolSmsConfiguration

smsVerificationMessage string

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags {[key: string]: string}

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns UserPoolUserPoolAddOns

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier string

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes string[]

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration UserPoolUsernameConfiguration

Configuration block for username configuration. Detailed below.

verificationMessageTemplate UserPoolVerificationMessageTemplate

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration UserPoolWebAuthnConfiguration

Configuration block for web authn configuration. Detailed below.

account_recovery_setting UserPoolAccountRecoverySettingArgs

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

admin_create_user_config UserPoolAdminCreateUserConfigArgs

Configuration block for creating a new user profile. Detailed below.

alias_attributes Sequence[str]

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

arn str

ARN of the user pool.

auto_verified_attributes Sequence[str]

Attributes to be auto-verified. Valid values: email, phone_number.

creation_date str

Date the user pool was created.

custom_domain str

deletion_protection str

device_configuration UserPoolDeviceConfigurationArgs

Configuration block for the user pool's device tracking. Detailed below.

domain str

Holds the domain prefix if the user pool has a domain associated with it.

email_configuration UserPoolEmailConfigurationArgs

Configuration block for configuring email. Detailed below.

email_mfa_configuration UserPoolEmailMfaConfigurationArgs

email_verification_message str

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

email_verification_subject str

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

endpoint str

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

estimated_number_of_users int

A number estimating the size of the user pool.

lambda_config UserPoolLambdaConfigArgs

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

last_modified_date str

Date the user pool was last modified.

mfa_configuration str

name str

Name of the user pool.

The following arguments are optional:

password_policy UserPoolPasswordPolicyArgs

Configuration block for information about the user pool password policy. Detailed below.

schemas Sequence[UserPoolSchemaArgs]

sign_in_policy UserPoolSignInPolicyArgs

Configuration block for information about the user pool sign in policy. Detailed below.

sms_authentication_message str

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

sms_configuration UserPoolSmsConfigurationArgs

sms_verification_message str

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Mapping[str, str]

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs

Configuration block for user attribute update settings. Detailed below.

user_pool_add_ons UserPoolUserPoolAddOnsArgs

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

user_pool_tier str

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

username_attributes Sequence[str]

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

username_configuration UserPoolUsernameConfigurationArgs

Configuration block for username configuration. Detailed below.

verification_message_template UserPoolVerificationMessageTemplateArgs

Configuration block for verification message templates. Detailed below.

web_authn_configuration UserPoolWebAuthnConfigurationArgs

Configuration block for web authn configuration. Detailed below.

accountRecoverySetting Property Map

Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

adminCreateUserConfig Property Map

Configuration block for creating a new user profile. Detailed below.

aliasAttributes List<String>

Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

arn String

ARN of the user pool.

autoVerifiedAttributes List<String>

Attributes to be auto-verified. Valid values: email, phone_number.

creationDate String

Date the user pool was created.

customDomain String

deletionProtection String

deviceConfiguration Property Map

Configuration block for the user pool's device tracking. Detailed below.

domain String

Holds the domain prefix if the user pool has a domain associated with it.

emailConfiguration Property Map

Configuration block for configuring email. Detailed below.

emailMfaConfiguration Property Map

emailVerificationMessage String

String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

emailVerificationSubject String

String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

endpoint String

Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

estimatedNumberOfUsers Number

A number estimating the size of the user pool.

lambdaConfig Property Map

Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

lastModifiedDate String

Date the user pool was last modified.

mfaConfiguration String

name String

Name of the user pool.

The following arguments are optional:

passwordPolicy Property Map

Configuration block for information about the user pool password policy. Detailed below.

schemas List<Property Map>

signInPolicy Property Map

Configuration block for information about the user pool sign in policy. Detailed below.

smsAuthenticationMessage String

String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

smsConfiguration Property Map

smsVerificationMessage String

String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

softwareTokenMfaConfiguration Property Map

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

tags Map<String>

Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

userAttributeUpdateSettings Property Map

Configuration block for user attribute update settings. Detailed below.

userPoolAddOns Property Map

Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

userPoolTier String

The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.

usernameAttributes List<String>

Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

usernameConfiguration Property Map

Configuration block for username configuration. Detailed below.

verificationMessageTemplate Property Map

Configuration block for verification message templates. Detailed below.

webAuthnConfiguration Property Map

Configuration block for web authn configuration. Detailed below.

Supporting Types

UserPoolAccountRecoverySetting, UserPoolAccountRecoverySettingArgs

RecoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>: List of Account Recovery Options of the following structure:

RecoveryMechanisms []UserPoolAccountRecoverySettingRecoveryMechanism: List of Account Recovery Options of the following structure:

recoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>: List of Account Recovery Options of the following structure:

recoveryMechanisms UserPoolAccountRecoverySettingRecoveryMechanism[]: List of Account Recovery Options of the following structure:

recovery_mechanisms Sequence[UserPoolAccountRecoverySettingRecoveryMechanism]: List of Account Recovery Options of the following structure:

recoveryMechanisms List<Property Map>: List of Account Recovery Options of the following structure:

UserPoolAccountRecoverySettingRecoveryMechanism, UserPoolAccountRecoverySettingRecoveryMechanismArgs

Name string: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
Priority int: Positive integer specifying priority of a method with 1 being the highest priority.

Name string: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
Priority int: Positive integer specifying priority of a method with 1 being the highest priority.

name String: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
priority Integer: Positive integer specifying priority of a method with 1 being the highest priority.

name string: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
priority number: Positive integer specifying priority of a method with 1 being the highest priority.

name str: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
priority int: Positive integer specifying priority of a method with 1 being the highest priority.

name String: Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
priority Number: Positive integer specifying priority of a method with 1 being the highest priority.

UserPoolAdminCreateUserConfig, UserPoolAdminCreateUserConfigArgs

AllowAdminCreateUserOnly bool: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate: Invite message template structure. Detailed below.

AllowAdminCreateUserOnly bool: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate: Invite message template structure. Detailed below.

allowAdminCreateUserOnly Boolean: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate: Invite message template structure. Detailed below.

allowAdminCreateUserOnly boolean: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate: Invite message template structure. Detailed below.

allow_admin_create_user_only bool: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
invite_message_template UserPoolAdminCreateUserConfigInviteMessageTemplate: Invite message template structure. Detailed below.

allowAdminCreateUserOnly Boolean: Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
inviteMessageTemplate Property Map: Invite message template structure. Detailed below.

UserPoolAdminCreateUserConfigInviteMessageTemplate, UserPoolAdminCreateUserConfigInviteMessageTemplateArgs

EmailMessage string: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
EmailSubject string: Subject line for email messages.
SmsMessage string: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

EmailMessage string: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
EmailSubject string: Subject line for email messages.
SmsMessage string: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

emailMessage String: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
emailSubject String: Subject line for email messages.
smsMessage String: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

emailMessage string: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
emailSubject string: Subject line for email messages.
smsMessage string: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

email_message str: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
email_subject str: Subject line for email messages.
sms_message str: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

emailMessage String: Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
emailSubject String: Subject line for email messages.
smsMessage String: Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

UserPoolDeviceConfiguration, UserPoolDeviceConfigurationArgs

ChallengeRequiredOnNewDevice bool: Whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt bool: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

ChallengeRequiredOnNewDevice bool: Whether a challenge is required on a new device. Only applicable to a new device.
DeviceOnlyRememberedOnUserPrompt bool: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

challengeRequiredOnNewDevice Boolean: Whether a challenge is required on a new device. Only applicable to a new device.
deviceOnlyRememberedOnUserPrompt Boolean: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

challengeRequiredOnNewDevice boolean: Whether a challenge is required on a new device. Only applicable to a new device.
deviceOnlyRememberedOnUserPrompt boolean: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

challenge_required_on_new_device bool: Whether a challenge is required on a new device. Only applicable to a new device.
device_only_remembered_on_user_prompt bool: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

challengeRequiredOnNewDevice Boolean: Whether a challenge is required on a new device. Only applicable to a new device.
deviceOnlyRememberedOnUserPrompt Boolean: Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

UserPoolEmailConfiguration, UserPoolEmailConfigurationArgs

ConfigurationSet string: Email configuration set name from SES.
EmailSendingAccount string: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
FromEmailAddress string: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
ReplyToEmailAddress string: REPLY-TO email address.
SourceArn string: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

ConfigurationSet string: Email configuration set name from SES.
EmailSendingAccount string: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
FromEmailAddress string: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
ReplyToEmailAddress string: REPLY-TO email address.
SourceArn string: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

configurationSet String: Email configuration set name from SES.
emailSendingAccount String: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
fromEmailAddress String: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
replyToEmailAddress String: REPLY-TO email address.
sourceArn String: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

configurationSet string: Email configuration set name from SES.
emailSendingAccount string: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
fromEmailAddress string: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
replyToEmailAddress string: REPLY-TO email address.
sourceArn string: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

configuration_set str: Email configuration set name from SES.
email_sending_account str: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
from_email_address str: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
reply_to_email_address str: REPLY-TO email address.
source_arn str: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

configurationSet String: Email configuration set name from SES.
emailSendingAccount String: Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
fromEmailAddress String: Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
replyToEmailAddress String: REPLY-TO email address.
sourceArn String: ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

UserPoolEmailMfaConfiguration, UserPoolEmailMfaConfigurationArgs

Message string: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
Subject string: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

Message string: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
Subject string: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

message String: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
subject String: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

message string: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
subject string: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

message str: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
subject str: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

message String: The template for the email messages that your user pool sends to users with codes for MFA and sign-in with email OTPs. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
subject String: The subject of the email messages that your user pool sends to users with codes for MFA and email OTP sign-in.

UserPoolLambdaConfig, UserPoolLambdaConfigArgs

CreateAuthChallenge string: ARN of the lambda creating an authentication challenge.
CustomEmailSender UserPoolLambdaConfigCustomEmailSender: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
CustomMessage string: Custom Message AWS Lambda trigger.
CustomSmsSender UserPoolLambdaConfigCustomSmsSender: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
DefineAuthChallenge string: Defines the authentication challenge.
KmsKeyId string: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
PostAuthentication string: Post-authentication AWS Lambda trigger.
PostConfirmation string: Post-confirmation AWS Lambda trigger.
PreAuthentication string: Pre-authentication AWS Lambda trigger.
PreSignUp string: Pre-registration AWS Lambda trigger.
PreTokenGeneration string: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
PreTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig: Allow to customize access tokens. See pre_token_configuration_type
UserMigration string: User migration Lambda config type.
VerifyAuthChallengeResponse string: Verifies the authentication challenge response.

CreateAuthChallenge string: ARN of the lambda creating an authentication challenge.
CustomEmailSender UserPoolLambdaConfigCustomEmailSender: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
CustomMessage string: Custom Message AWS Lambda trigger.
CustomSmsSender UserPoolLambdaConfigCustomSmsSender: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
DefineAuthChallenge string: Defines the authentication challenge.
KmsKeyId string: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
PostAuthentication string: Post-authentication AWS Lambda trigger.
PostConfirmation string: Post-confirmation AWS Lambda trigger.
PreAuthentication string: Pre-authentication AWS Lambda trigger.
PreSignUp string: Pre-registration AWS Lambda trigger.
PreTokenGeneration string: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
PreTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig: Allow to customize access tokens. See pre_token_configuration_type
UserMigration string: User migration Lambda config type.
VerifyAuthChallengeResponse string: Verifies the authentication challenge response.

createAuthChallenge String: ARN of the lambda creating an authentication challenge.
customEmailSender UserPoolLambdaConfigCustomEmailSender: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
customMessage String: Custom Message AWS Lambda trigger.
customSmsSender UserPoolLambdaConfigCustomSmsSender: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
defineAuthChallenge String: Defines the authentication challenge.
kmsKeyId String: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
postAuthentication String: Post-authentication AWS Lambda trigger.
postConfirmation String: Post-confirmation AWS Lambda trigger.
preAuthentication String: Pre-authentication AWS Lambda trigger.
preSignUp String: Pre-registration AWS Lambda trigger.
preTokenGeneration String: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
preTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig: Allow to customize access tokens. See pre_token_configuration_type
userMigration String: User migration Lambda config type.
verifyAuthChallengeResponse String: Verifies the authentication challenge response.

createAuthChallenge string: ARN of the lambda creating an authentication challenge.
customEmailSender UserPoolLambdaConfigCustomEmailSender: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
customMessage string: Custom Message AWS Lambda trigger.
customSmsSender UserPoolLambdaConfigCustomSmsSender: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
defineAuthChallenge string: Defines the authentication challenge.
kmsKeyId string: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
postAuthentication string: Post-authentication AWS Lambda trigger.
postConfirmation string: Post-confirmation AWS Lambda trigger.
preAuthentication string: Pre-authentication AWS Lambda trigger.
preSignUp string: Pre-registration AWS Lambda trigger.
preTokenGeneration string: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
preTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig: Allow to customize access tokens. See pre_token_configuration_type
userMigration string: User migration Lambda config type.
verifyAuthChallengeResponse string: Verifies the authentication challenge response.

create_auth_challenge str: ARN of the lambda creating an authentication challenge.
custom_email_sender UserPoolLambdaConfigCustomEmailSender: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
custom_message str: Custom Message AWS Lambda trigger.
custom_sms_sender UserPoolLambdaConfigCustomSmsSender: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
define_auth_challenge str: Defines the authentication challenge.
kms_key_id str: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
post_authentication str: Post-authentication AWS Lambda trigger.
post_confirmation str: Post-confirmation AWS Lambda trigger.
pre_authentication str: Pre-authentication AWS Lambda trigger.
pre_sign_up str: Pre-registration AWS Lambda trigger.
pre_token_generation str: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
pre_token_generation_config UserPoolLambdaConfigPreTokenGenerationConfig: Allow to customize access tokens. See pre_token_configuration_type
user_migration str: User migration Lambda config type.
verify_auth_challenge_response str: Verifies the authentication challenge response.

createAuthChallenge String: ARN of the lambda creating an authentication challenge.
customEmailSender Property Map: A custom email sender AWS Lambda trigger. See custom_email_sender Below.
customMessage String: Custom Message AWS Lambda trigger.
customSmsSender Property Map: A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
defineAuthChallenge String: Defines the authentication challenge.
kmsKeyId String: The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
postAuthentication String: Post-authentication AWS Lambda trigger.
postConfirmation String: Post-confirmation AWS Lambda trigger.
preAuthentication String: Pre-authentication AWS Lambda trigger.
preSignUp String: Pre-registration AWS Lambda trigger.
preTokenGeneration String: Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
preTokenGenerationConfig Property Map: Allow to customize access tokens. See pre_token_configuration_type
userMigration String: User migration Lambda config type.
verifyAuthChallengeResponse String: Verifies the authentication challenge response.

UserPoolLambdaConfigCustomEmailSender, UserPoolLambdaConfigCustomEmailSenderArgs

LambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
LambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

LambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
LambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

lambdaArn String: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
lambdaVersion String: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

lambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
lambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

lambda_arn str: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
lambda_version str: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

lambdaArn String: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
lambdaVersion String: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

UserPoolLambdaConfigCustomSmsSender, UserPoolLambdaConfigCustomSmsSenderArgs

LambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
LambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

LambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
LambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

lambdaArn String: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
lambdaVersion String: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

lambdaArn string: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
lambdaVersion string: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

lambda_arn str: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
lambda_version str: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

lambdaArn String: The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
lambdaVersion String: The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

UserPoolLambdaConfigPreTokenGenerationConfig, UserPoolLambdaConfigPreTokenGenerationConfigArgs

LambdaArn string
LambdaVersion string

LambdaArn string
LambdaVersion string

lambdaArn String
lambdaVersion String

lambdaArn string
lambdaVersion string

lambda_arn str
lambda_version str

lambdaArn String
lambdaVersion String

UserPoolPasswordPolicy, UserPoolPasswordPolicyArgs

MinimumLength int

Minimum length of the password policy that you have set.

PasswordHistorySize int

Number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of number of previous passwords specified by this argument. A value of 0 means that password history is not enforced. Valid values are between 0 and 24.

Note: This argument requires advanced security features to be active in the user pool.

RequireLowercase bool

Whether you have required users to use at least one lowercase letter in their password.

RequireNumbers bool

Whether you have required users to use at least one number in their password.

RequireSymbols bool

Whether you have required users to use at least one symbol in their password.

RequireUppercase bool

Whether you have required users to use at least one uppercase letter in their password.

TemporaryPasswordValidityDays int

In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

MinimumLength int

Minimum length of the password policy that you have set.

PasswordHistorySize int

Note: This argument requires advanced security features to be active in the user pool.

RequireLowercase bool

Whether you have required users to use at least one lowercase letter in their password.

RequireNumbers bool

Whether you have required users to use at least one number in their password.

RequireSymbols bool

Whether you have required users to use at least one symbol in their password.

RequireUppercase bool

Whether you have required users to use at least one uppercase letter in their password.

TemporaryPasswordValidityDays int

minimumLength Integer

Minimum length of the password policy that you have set.

passwordHistorySize Integer

Note: This argument requires advanced security features to be active in the user pool.

requireLowercase Boolean

Whether you have required users to use at least one lowercase letter in their password.

requireNumbers Boolean

Whether you have required users to use at least one number in their password.

requireSymbols Boolean

Whether you have required users to use at least one symbol in their password.

requireUppercase Boolean

Whether you have required users to use at least one uppercase letter in their password.

temporaryPasswordValidityDays Integer

minimumLength number

Minimum length of the password policy that you have set.

passwordHistorySize number

Note: This argument requires advanced security features to be active in the user pool.

requireLowercase boolean

Whether you have required users to use at least one lowercase letter in their password.

requireNumbers boolean

Whether you have required users to use at least one number in their password.

requireSymbols boolean

Whether you have required users to use at least one symbol in their password.

requireUppercase boolean

Whether you have required users to use at least one uppercase letter in their password.

temporaryPasswordValidityDays number

minimum_length int

Minimum length of the password policy that you have set.

password_history_size int

Note: This argument requires advanced security features to be active in the user pool.

require_lowercase bool

Whether you have required users to use at least one lowercase letter in their password.

require_numbers bool

Whether you have required users to use at least one number in their password.

require_symbols bool

Whether you have required users to use at least one symbol in their password.

require_uppercase bool

Whether you have required users to use at least one uppercase letter in their password.

temporary_password_validity_days int

minimumLength Number

Minimum length of the password policy that you have set.

passwordHistorySize Number

Note: This argument requires advanced security features to be active in the user pool.

requireLowercase Boolean

Whether you have required users to use at least one lowercase letter in their password.

requireNumbers Boolean

Whether you have required users to use at least one number in their password.

requireSymbols Boolean

Whether you have required users to use at least one symbol in their password.

requireUppercase Boolean

Whether you have required users to use at least one uppercase letter in their password.

temporaryPasswordValidityDays Number

UserPoolSchema, UserPoolSchemaArgs

AttributeDataType string: Attribute data type. Must be one of Boolean, Number, String, DateTime.
Name string: Name of the attribute.
DeveloperOnlyAttribute bool: Whether the attribute type is developer only.
Mutable bool: Whether the attribute can be changed once it has been created.
NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints: Configuration block for the constraints for an attribute of the number type. Detailed below.
Required bool: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
StringAttributeConstraints UserPoolSchemaStringAttributeConstraints: Constraints for an attribute of the string type. Detailed below.

AttributeDataType string: Attribute data type. Must be one of Boolean, Number, String, DateTime.
Name string: Name of the attribute.
DeveloperOnlyAttribute bool: Whether the attribute type is developer only.
Mutable bool: Whether the attribute can be changed once it has been created.
NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints: Configuration block for the constraints for an attribute of the number type. Detailed below.
Required bool: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
StringAttributeConstraints UserPoolSchemaStringAttributeConstraints: Constraints for an attribute of the string type. Detailed below.

attributeDataType String: Attribute data type. Must be one of Boolean, Number, String, DateTime.
name String: Name of the attribute.
developerOnlyAttribute Boolean: Whether the attribute type is developer only.
mutable Boolean: Whether the attribute can be changed once it has been created.
numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints: Configuration block for the constraints for an attribute of the number type. Detailed below.
required Boolean: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
stringAttributeConstraints UserPoolSchemaStringAttributeConstraints: Constraints for an attribute of the string type. Detailed below.

attributeDataType string: Attribute data type. Must be one of Boolean, Number, String, DateTime.
name string: Name of the attribute.
developerOnlyAttribute boolean: Whether the attribute type is developer only.
mutable boolean: Whether the attribute can be changed once it has been created.
numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints: Configuration block for the constraints for an attribute of the number type. Detailed below.
required boolean: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
stringAttributeConstraints UserPoolSchemaStringAttributeConstraints: Constraints for an attribute of the string type. Detailed below.

attribute_data_type str: Attribute data type. Must be one of Boolean, Number, String, DateTime.
name str: Name of the attribute.
developer_only_attribute bool: Whether the attribute type is developer only.
mutable bool: Whether the attribute can be changed once it has been created.
number_attribute_constraints UserPoolSchemaNumberAttributeConstraints: Configuration block for the constraints for an attribute of the number type. Detailed below.
required bool: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
string_attribute_constraints UserPoolSchemaStringAttributeConstraints: Constraints for an attribute of the string type. Detailed below.

attributeDataType String: Attribute data type. Must be one of Boolean, Number, String, DateTime.
name String: Name of the attribute.
developerOnlyAttribute Boolean: Whether the attribute type is developer only.
mutable Boolean: Whether the attribute can be changed once it has been created.
numberAttributeConstraints Property Map: Configuration block for the constraints for an attribute of the number type. Detailed below.
required Boolean: Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
stringAttributeConstraints Property Map: Constraints for an attribute of the string type. Detailed below.

UserPoolSchemaNumberAttributeConstraints, UserPoolSchemaNumberAttributeConstraintsArgs

MaxValue string: Maximum value of an attribute that is of the number data type.
MinValue string: Minimum value of an attribute that is of the number data type.

MaxValue string: Maximum value of an attribute that is of the number data type.
MinValue string: Minimum value of an attribute that is of the number data type.

maxValue String: Maximum value of an attribute that is of the number data type.
minValue String: Minimum value of an attribute that is of the number data type.

maxValue string: Maximum value of an attribute that is of the number data type.
minValue string: Minimum value of an attribute that is of the number data type.

max_value str: Maximum value of an attribute that is of the number data type.
min_value str: Minimum value of an attribute that is of the number data type.

maxValue String: Maximum value of an attribute that is of the number data type.
minValue String: Minimum value of an attribute that is of the number data type.

UserPoolSchemaStringAttributeConstraints, UserPoolSchemaStringAttributeConstraintsArgs

MaxLength string: Maximum length of an attribute value of the string type.
MinLength string: Minimum length of an attribute value of the string type.

MaxLength string: Maximum length of an attribute value of the string type.
MinLength string: Minimum length of an attribute value of the string type.

maxLength String: Maximum length of an attribute value of the string type.
minLength String: Minimum length of an attribute value of the string type.

maxLength string: Maximum length of an attribute value of the string type.
minLength string: Minimum length of an attribute value of the string type.

max_length str: Maximum length of an attribute value of the string type.
min_length str: Minimum length of an attribute value of the string type.

maxLength String: Maximum length of an attribute value of the string type.
minLength String: Minimum length of an attribute value of the string type.

UserPoolSignInPolicy, UserPoolSignInPolicyArgs

AllowedFirstAuthFactors List<string>: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

AllowedFirstAuthFactors []string: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

allowedFirstAuthFactors List<String>: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

allowedFirstAuthFactors string[]: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

allowed_first_auth_factors Sequence[str]: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

allowedFirstAuthFactors List<String>: The sign in methods your user pool supports as the first factor. This is a list of strings, allowed values are PASSWORD, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

UserPoolSmsConfiguration, UserPoolSmsConfigurationArgs

ExternalId string: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
SnsCallerArn string: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
SnsRegion string: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

ExternalId string: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
SnsCallerArn string: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
SnsRegion string: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

externalId String: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
snsCallerArn String: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
snsRegion String: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

externalId string: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
snsCallerArn string: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
snsRegion string: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

external_id str: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
sns_caller_arn str: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
sns_region str: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

externalId String: External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
snsCallerArn String: ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
snsRegion String: The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

UserPoolSoftwareTokenMfaConfiguration, UserPoolSoftwareTokenMfaConfigurationArgs

Enabled bool: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

Enabled bool: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

enabled Boolean: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

enabled boolean: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

enabled bool: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

enabled Boolean: Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

UserPoolUserAttributeUpdateSettings, UserPoolUserAttributeUpdateSettingsArgs

AttributesRequireVerificationBeforeUpdates List<string>: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

AttributesRequireVerificationBeforeUpdates []string: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

attributesRequireVerificationBeforeUpdates List<String>: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

attributesRequireVerificationBeforeUpdates string[]: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

attributes_require_verification_before_updates Sequence[str]: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

attributesRequireVerificationBeforeUpdates List<String>: A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

UserPoolUserPoolAddOns, UserPoolUserPoolAddOnsArgs

AdvancedSecurityMode string: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

AdvancedSecurityMode string: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

advancedSecurityMode String: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

advancedSecurityMode string: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

advanced_security_mode str: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

advancedSecurityMode String: Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

UserPoolUsernameConfiguration, UserPoolUsernameConfigurationArgs

CaseSensitive bool: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

CaseSensitive bool: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

caseSensitive Boolean: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

caseSensitive boolean: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

case_sensitive bool: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

caseSensitive Boolean: Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

UserPoolVerificationMessageTemplate, UserPoolVerificationMessageTemplateArgs

DefaultEmailOption string: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
EmailMessage string: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
EmailMessageByLink string: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
EmailSubject string: Subject line for the email message template. Conflicts with email_verification_subject argument.
EmailSubjectByLink string: Subject line for the email message template for sending a confirmation link to the user.
SmsMessage string: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

DefaultEmailOption string: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
EmailMessage string: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
EmailMessageByLink string: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
EmailSubject string: Subject line for the email message template. Conflicts with email_verification_subject argument.
EmailSubjectByLink string: Subject line for the email message template for sending a confirmation link to the user.
SmsMessage string: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

defaultEmailOption String: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
emailMessage String: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
emailMessageByLink String: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
emailSubject String: Subject line for the email message template. Conflicts with email_verification_subject argument.
emailSubjectByLink String: Subject line for the email message template for sending a confirmation link to the user.
smsMessage String: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

defaultEmailOption string: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
emailMessage string: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
emailMessageByLink string: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
emailSubject string: Subject line for the email message template. Conflicts with email_verification_subject argument.
emailSubjectByLink string: Subject line for the email message template for sending a confirmation link to the user.
smsMessage string: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

default_email_option str: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
email_message str: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
email_message_by_link str: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
email_subject str: Subject line for the email message template. Conflicts with email_verification_subject argument.
email_subject_by_link str: Subject line for the email message template for sending a confirmation link to the user.
sms_message str: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

defaultEmailOption String: Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
emailMessage String: Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
emailMessageByLink String: Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
emailSubject String: Subject line for the email message template. Conflicts with email_verification_subject argument.
emailSubjectByLink String: Subject line for the email message template for sending a confirmation link to the user.
smsMessage String: SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

UserPoolWebAuthnConfiguration, UserPoolWebAuthnConfigurationArgs

RelyingPartyId string: The authentication domain that passkeys providers use as a relying party.
UserVerification string: If your user pool should require a passkey. Must be one of required or preferred.

RelyingPartyId string: The authentication domain that passkeys providers use as a relying party.
UserVerification string: If your user pool should require a passkey. Must be one of required or preferred.

relyingPartyId String: The authentication domain that passkeys providers use as a relying party.
userVerification String: If your user pool should require a passkey. Must be one of required or preferred.

relyingPartyId string: The authentication domain that passkeys providers use as a relying party.
userVerification string: If your user pool should require a passkey. Must be one of required or preferred.

relying_party_id str: The authentication domain that passkeys providers use as a relying party.
user_verification str: If your user pool should require a passkey. Must be one of required or preferred.

relyingPartyId String: The authentication domain that passkeys providers use as a relying party.
userVerification String: If your user pool should require a passkey. Must be one of required or preferred.

Import

Using pulumi import, import Cognito User Pools using the id. For example:

$ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.77.1 published on Friday, Apr 18, 2025 by Pulumi

pulumi/pulumi-aws

aws.cognito.UserPool

On this page

On this page

Example Usage

Basic configuration

Enabling SMS and Software Token Multi-Factor Authentication

Using Account Recovery Setting

Create UserPool Resource

Constructor syntax

Parameters

Constructor example

UserPool Resource Properties

Inputs

Outputs

Look up Existing UserPool Resource

Supporting Types

UserPoolAccountRecoverySetting, UserPoolAccountRecoverySettingArgs

UserPoolAccountRecoverySettingRecoveryMechanism, UserPoolAccountRecoverySettingRecoveryMechanismArgs

UserPoolAdminCreateUserConfig, UserPoolAdminCreateUserConfigArgs

UserPoolAdminCreateUserConfigInviteMessageTemplate, UserPoolAdminCreateUserConfigInviteMessageTemplateArgs

UserPoolDeviceConfiguration, UserPoolDeviceConfigurationArgs

UserPoolEmailConfiguration, UserPoolEmailConfigurationArgs

UserPoolEmailMfaConfiguration, UserPoolEmailMfaConfigurationArgs

UserPoolLambdaConfig, UserPoolLambdaConfigArgs

UserPoolLambdaConfigCustomEmailSender, UserPoolLambdaConfigCustomEmailSenderArgs

UserPoolLambdaConfigCustomSmsSender, UserPoolLambdaConfigCustomSmsSenderArgs

UserPoolLambdaConfigPreTokenGenerationConfig, UserPoolLambdaConfigPreTokenGenerationConfigArgs

UserPoolPasswordPolicy, UserPoolPasswordPolicyArgs

UserPoolSchema, UserPoolSchemaArgs

UserPoolSchemaNumberAttributeConstraints, UserPoolSchemaNumberAttributeConstraintsArgs

UserPoolSchemaStringAttributeConstraints, UserPoolSchemaStringAttributeConstraintsArgs

UserPoolSignInPolicy, UserPoolSignInPolicyArgs

UserPoolSmsConfiguration, UserPoolSmsConfigurationArgs

UserPoolSoftwareTokenMfaConfiguration, UserPoolSoftwareTokenMfaConfigurationArgs

UserPoolUserAttributeUpdateSettings, UserPoolUserAttributeUpdateSettingsArgs

UserPoolUserPoolAddOns, UserPoolUserPoolAddOnsArgs

UserPoolUsernameConfiguration, UserPoolUsernameConfigurationArgs

UserPoolVerificationMessageTemplate, UserPoolVerificationMessageTemplateArgs

UserPoolWebAuthnConfiguration, UserPoolWebAuthnConfigurationArgs

Import

Package Details

On this page

On this page