1. Packages
  2. AWS Classic
  3. API Docs
  4. cognito
  5. UserPool

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.45.0 published on Tuesday, Jul 16, 2024 by Pulumi

aws.cognito.UserPool

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.45.0 published on Tuesday, Jul 16, 2024 by Pulumi

    Provides a Cognito User Pool resource.

    Example Usage

    Basic configuration

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const pool = new aws.cognito.UserPool("pool", {name: "mypool"});
    
    import pulumi
    import pulumi_aws as aws
    
    pool = aws.cognito.UserPool("pool", name="mypool")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
    			Name: pulumi.String("mypool"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var pool = new Aws.Cognito.UserPool("pool", new()
        {
            Name = "mypool",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pool = new UserPool("pool", UserPoolArgs.builder()
                .name("mypool")
                .build());
    
        }
    }
    
    resources:
      pool:
        type: aws:cognito:UserPool
        properties:
          name: mypool
    

    Enabling SMS and Software Token Multi-Factor Authentication

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.cognito.UserPool("example", {
        mfaConfiguration: "ON",
        smsAuthenticationMessage: "Your code is {####}",
        smsConfiguration: {
            externalId: "example",
            snsCallerArn: exampleAwsIamRole.arn,
            snsRegion: "us-east-1",
        },
        softwareTokenMfaConfiguration: {
            enabled: true,
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.cognito.UserPool("example",
        mfa_configuration="ON",
        sms_authentication_message="Your code is {####}",
        sms_configuration={
            "externalId": "example",
            "snsCallerArn": example_aws_iam_role["arn"],
            "snsRegion": "us-east-1",
        },
        software_token_mfa_configuration={
            "enabled": True,
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
    			MfaConfiguration:         pulumi.String("ON"),
    			SmsAuthenticationMessage: pulumi.String("Your code is {####}"),
    			SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
    				ExternalId:   pulumi.String("example"),
    				SnsCallerArn: pulumi.Any(exampleAwsIamRole.Arn),
    				SnsRegion:    pulumi.String("us-east-1"),
    			},
    			SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
    				Enabled: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Cognito.UserPool("example", new()
        {
            MfaConfiguration = "ON",
            SmsAuthenticationMessage = "Your code is {####}",
            SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
            {
                ExternalId = "example",
                SnsCallerArn = exampleAwsIamRole.Arn,
                SnsRegion = "us-east-1",
            },
            SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
            {
                Enabled = true,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new UserPool("example", UserPoolArgs.builder()
                .mfaConfiguration("ON")
                .smsAuthenticationMessage("Your code is {####}")
                .smsConfiguration(UserPoolSmsConfigurationArgs.builder()
                    .externalId("example")
                    .snsCallerArn(exampleAwsIamRole.arn())
                    .snsRegion("us-east-1")
                    .build())
                .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
                    .enabled(true)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:cognito:UserPool
        properties:
          mfaConfiguration: ON
          smsAuthenticationMessage: Your code is {####}
          smsConfiguration:
            externalId: example
            snsCallerArn: ${exampleAwsIamRole.arn}
            snsRegion: us-east-1
          softwareTokenMfaConfiguration:
            enabled: true
    

    Using Account Recovery Setting

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const test = new aws.cognito.UserPool("test", {
        name: "mypool",
        accountRecoverySetting: {
            recoveryMechanisms: [
                {
                    name: "verified_email",
                    priority: 1,
                },
                {
                    name: "verified_phone_number",
                    priority: 2,
                },
            ],
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    test = aws.cognito.UserPool("test",
        name="mypool",
        account_recovery_setting={
            "recoveryMechanisms": [
                {
                    "name": "verified_email",
                    "priority": 1,
                },
                {
                    "name": "verified_phone_number",
                    "priority": 2,
                },
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
    			Name: pulumi.String("mypool"),
    			AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
    				RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
    					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
    						Name:     pulumi.String("verified_email"),
    						Priority: pulumi.Int(1),
    					},
    					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
    						Name:     pulumi.String("verified_phone_number"),
    						Priority: pulumi.Int(2),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Aws.Cognito.UserPool("test", new()
        {
            Name = "mypool",
            AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
            {
                RecoveryMechanisms = new[]
                {
                    new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                    {
                        Name = "verified_email",
                        Priority = 1,
                    },
                    new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                    {
                        Name = "verified_phone_number",
                        Priority = 2,
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new UserPool("test", UserPoolArgs.builder()
                .name("mypool")
                .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
                    .recoveryMechanisms(                
                        UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                            .name("verified_email")
                            .priority(1)
                            .build(),
                        UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                            .name("verified_phone_number")
                            .priority(2)
                            .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      test:
        type: aws:cognito:UserPool
        properties:
          name: mypool
          accountRecoverySetting:
            recoveryMechanisms:
              - name: verified_email
                priority: 1
              - name: verified_phone_number
                priority: 2
    

    Create UserPool Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new UserPool(name: string, args?: UserPoolArgs, opts?: CustomResourceOptions);
    @overload
    def UserPool(resource_name: str,
                 args: Optional[UserPoolArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def UserPool(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
                 admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
                 alias_attributes: Optional[Sequence[str]] = None,
                 auto_verified_attributes: Optional[Sequence[str]] = None,
                 deletion_protection: Optional[str] = None,
                 device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
                 email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
                 email_verification_message: Optional[str] = None,
                 email_verification_subject: Optional[str] = None,
                 lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
                 mfa_configuration: Optional[str] = None,
                 name: Optional[str] = None,
                 password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
                 schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
                 sms_authentication_message: Optional[str] = None,
                 sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
                 sms_verification_message: Optional[str] = None,
                 software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
                 user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
                 username_attributes: Optional[Sequence[str]] = None,
                 username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
                 verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None)
    func NewUserPool(ctx *Context, name string, args *UserPoolArgs, opts ...ResourceOption) (*UserPool, error)
    public UserPool(string name, UserPoolArgs? args = null, CustomResourceOptions? opts = null)
    public UserPool(String name, UserPoolArgs args)
    public UserPool(String name, UserPoolArgs args, CustomResourceOptions options)
    
    type: aws:cognito:UserPool
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var userPoolResource = new Aws.Cognito.UserPool("userPoolResource", new()
    {
        AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
        {
            RecoveryMechanisms = new[]
            {
                new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                {
                    Name = "string",
                    Priority = 0,
                },
            },
        },
        AdminCreateUserConfig = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigArgs
        {
            AllowAdminCreateUserOnly = false,
            InviteMessageTemplate = new Aws.Cognito.Inputs.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs
            {
                EmailMessage = "string",
                EmailSubject = "string",
                SmsMessage = "string",
            },
        },
        AliasAttributes = new[]
        {
            "string",
        },
        AutoVerifiedAttributes = new[]
        {
            "string",
        },
        DeletionProtection = "string",
        DeviceConfiguration = new Aws.Cognito.Inputs.UserPoolDeviceConfigurationArgs
        {
            ChallengeRequiredOnNewDevice = false,
            DeviceOnlyRememberedOnUserPrompt = false,
        },
        EmailConfiguration = new Aws.Cognito.Inputs.UserPoolEmailConfigurationArgs
        {
            ConfigurationSet = "string",
            EmailSendingAccount = "string",
            FromEmailAddress = "string",
            ReplyToEmailAddress = "string",
            SourceArn = "string",
        },
        EmailVerificationMessage = "string",
        EmailVerificationSubject = "string",
        LambdaConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigArgs
        {
            CreateAuthChallenge = "string",
            CustomEmailSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomEmailSenderArgs
            {
                LambdaArn = "string",
                LambdaVersion = "string",
            },
            CustomMessage = "string",
            CustomSmsSender = new Aws.Cognito.Inputs.UserPoolLambdaConfigCustomSmsSenderArgs
            {
                LambdaArn = "string",
                LambdaVersion = "string",
            },
            DefineAuthChallenge = "string",
            KmsKeyId = "string",
            PostAuthentication = "string",
            PostConfirmation = "string",
            PreAuthentication = "string",
            PreSignUp = "string",
            PreTokenGeneration = "string",
            PreTokenGenerationConfig = new Aws.Cognito.Inputs.UserPoolLambdaConfigPreTokenGenerationConfigArgs
            {
                LambdaArn = "string",
                LambdaVersion = "string",
            },
            UserMigration = "string",
            VerifyAuthChallengeResponse = "string",
        },
        MfaConfiguration = "string",
        Name = "string",
        PasswordPolicy = new Aws.Cognito.Inputs.UserPoolPasswordPolicyArgs
        {
            MinimumLength = 0,
            RequireLowercase = false,
            RequireNumbers = false,
            RequireSymbols = false,
            RequireUppercase = false,
            TemporaryPasswordValidityDays = 0,
        },
        Schemas = new[]
        {
            new Aws.Cognito.Inputs.UserPoolSchemaArgs
            {
                AttributeDataType = "string",
                Name = "string",
                DeveloperOnlyAttribute = false,
                Mutable = false,
                NumberAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaNumberAttributeConstraintsArgs
                {
                    MaxValue = "string",
                    MinValue = "string",
                },
                Required = false,
                StringAttributeConstraints = new Aws.Cognito.Inputs.UserPoolSchemaStringAttributeConstraintsArgs
                {
                    MaxLength = "string",
                    MinLength = "string",
                },
            },
        },
        SmsAuthenticationMessage = "string",
        SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
        {
            ExternalId = "string",
            SnsCallerArn = "string",
            SnsRegion = "string",
        },
        SmsVerificationMessage = "string",
        SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
        {
            Enabled = false,
        },
        Tags = 
        {
            { "string", "string" },
        },
        UserAttributeUpdateSettings = new Aws.Cognito.Inputs.UserPoolUserAttributeUpdateSettingsArgs
        {
            AttributesRequireVerificationBeforeUpdates = new[]
            {
                "string",
            },
        },
        UserPoolAddOns = new Aws.Cognito.Inputs.UserPoolUserPoolAddOnsArgs
        {
            AdvancedSecurityMode = "string",
        },
        UsernameAttributes = new[]
        {
            "string",
        },
        UsernameConfiguration = new Aws.Cognito.Inputs.UserPoolUsernameConfigurationArgs
        {
            CaseSensitive = false,
        },
        VerificationMessageTemplate = new Aws.Cognito.Inputs.UserPoolVerificationMessageTemplateArgs
        {
            DefaultEmailOption = "string",
            EmailMessage = "string",
            EmailMessageByLink = "string",
            EmailSubject = "string",
            EmailSubjectByLink = "string",
            SmsMessage = "string",
        },
    });
    
    example, err := cognito.NewUserPool(ctx, "userPoolResource", &cognito.UserPoolArgs{
    	AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
    		RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
    			&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
    				Name:     pulumi.String("string"),
    				Priority: pulumi.Int(0),
    			},
    		},
    	},
    	AdminCreateUserConfig: &cognito.UserPoolAdminCreateUserConfigArgs{
    		AllowAdminCreateUserOnly: pulumi.Bool(false),
    		InviteMessageTemplate: &cognito.UserPoolAdminCreateUserConfigInviteMessageTemplateArgs{
    			EmailMessage: pulumi.String("string"),
    			EmailSubject: pulumi.String("string"),
    			SmsMessage:   pulumi.String("string"),
    		},
    	},
    	AliasAttributes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	AutoVerifiedAttributes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	DeletionProtection: pulumi.String("string"),
    	DeviceConfiguration: &cognito.UserPoolDeviceConfigurationArgs{
    		ChallengeRequiredOnNewDevice:     pulumi.Bool(false),
    		DeviceOnlyRememberedOnUserPrompt: pulumi.Bool(false),
    	},
    	EmailConfiguration: &cognito.UserPoolEmailConfigurationArgs{
    		ConfigurationSet:    pulumi.String("string"),
    		EmailSendingAccount: pulumi.String("string"),
    		FromEmailAddress:    pulumi.String("string"),
    		ReplyToEmailAddress: pulumi.String("string"),
    		SourceArn:           pulumi.String("string"),
    	},
    	EmailVerificationMessage: pulumi.String("string"),
    	EmailVerificationSubject: pulumi.String("string"),
    	LambdaConfig: &cognito.UserPoolLambdaConfigArgs{
    		CreateAuthChallenge: pulumi.String("string"),
    		CustomEmailSender: &cognito.UserPoolLambdaConfigCustomEmailSenderArgs{
    			LambdaArn:     pulumi.String("string"),
    			LambdaVersion: pulumi.String("string"),
    		},
    		CustomMessage: pulumi.String("string"),
    		CustomSmsSender: &cognito.UserPoolLambdaConfigCustomSmsSenderArgs{
    			LambdaArn:     pulumi.String("string"),
    			LambdaVersion: pulumi.String("string"),
    		},
    		DefineAuthChallenge: pulumi.String("string"),
    		KmsKeyId:            pulumi.String("string"),
    		PostAuthentication:  pulumi.String("string"),
    		PostConfirmation:    pulumi.String("string"),
    		PreAuthentication:   pulumi.String("string"),
    		PreSignUp:           pulumi.String("string"),
    		PreTokenGeneration:  pulumi.String("string"),
    		PreTokenGenerationConfig: &cognito.UserPoolLambdaConfigPreTokenGenerationConfigArgs{
    			LambdaArn:     pulumi.String("string"),
    			LambdaVersion: pulumi.String("string"),
    		},
    		UserMigration:               pulumi.String("string"),
    		VerifyAuthChallengeResponse: pulumi.String("string"),
    	},
    	MfaConfiguration: pulumi.String("string"),
    	Name:             pulumi.String("string"),
    	PasswordPolicy: &cognito.UserPoolPasswordPolicyArgs{
    		MinimumLength:                 pulumi.Int(0),
    		RequireLowercase:              pulumi.Bool(false),
    		RequireNumbers:                pulumi.Bool(false),
    		RequireSymbols:                pulumi.Bool(false),
    		RequireUppercase:              pulumi.Bool(false),
    		TemporaryPasswordValidityDays: pulumi.Int(0),
    	},
    	Schemas: cognito.UserPoolSchemaArray{
    		&cognito.UserPoolSchemaArgs{
    			AttributeDataType:      pulumi.String("string"),
    			Name:                   pulumi.String("string"),
    			DeveloperOnlyAttribute: pulumi.Bool(false),
    			Mutable:                pulumi.Bool(false),
    			NumberAttributeConstraints: &cognito.UserPoolSchemaNumberAttributeConstraintsArgs{
    				MaxValue: pulumi.String("string"),
    				MinValue: pulumi.String("string"),
    			},
    			Required: pulumi.Bool(false),
    			StringAttributeConstraints: &cognito.UserPoolSchemaStringAttributeConstraintsArgs{
    				MaxLength: pulumi.String("string"),
    				MinLength: pulumi.String("string"),
    			},
    		},
    	},
    	SmsAuthenticationMessage: pulumi.String("string"),
    	SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
    		ExternalId:   pulumi.String("string"),
    		SnsCallerArn: pulumi.String("string"),
    		SnsRegion:    pulumi.String("string"),
    	},
    	SmsVerificationMessage: pulumi.String("string"),
    	SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
    		Enabled: pulumi.Bool(false),
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	UserAttributeUpdateSettings: &cognito.UserPoolUserAttributeUpdateSettingsArgs{
    		AttributesRequireVerificationBeforeUpdates: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	UserPoolAddOns: &cognito.UserPoolUserPoolAddOnsArgs{
    		AdvancedSecurityMode: pulumi.String("string"),
    	},
    	UsernameAttributes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UsernameConfiguration: &cognito.UserPoolUsernameConfigurationArgs{
    		CaseSensitive: pulumi.Bool(false),
    	},
    	VerificationMessageTemplate: &cognito.UserPoolVerificationMessageTemplateArgs{
    		DefaultEmailOption: pulumi.String("string"),
    		EmailMessage:       pulumi.String("string"),
    		EmailMessageByLink: pulumi.String("string"),
    		EmailSubject:       pulumi.String("string"),
    		EmailSubjectByLink: pulumi.String("string"),
    		SmsMessage:         pulumi.String("string"),
    	},
    })
    
    var userPoolResource = new UserPool("userPoolResource", UserPoolArgs.builder()
        .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
            .recoveryMechanisms(UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                .name("string")
                .priority(0)
                .build())
            .build())
        .adminCreateUserConfig(UserPoolAdminCreateUserConfigArgs.builder()
            .allowAdminCreateUserOnly(false)
            .inviteMessageTemplate(UserPoolAdminCreateUserConfigInviteMessageTemplateArgs.builder()
                .emailMessage("string")
                .emailSubject("string")
                .smsMessage("string")
                .build())
            .build())
        .aliasAttributes("string")
        .autoVerifiedAttributes("string")
        .deletionProtection("string")
        .deviceConfiguration(UserPoolDeviceConfigurationArgs.builder()
            .challengeRequiredOnNewDevice(false)
            .deviceOnlyRememberedOnUserPrompt(false)
            .build())
        .emailConfiguration(UserPoolEmailConfigurationArgs.builder()
            .configurationSet("string")
            .emailSendingAccount("string")
            .fromEmailAddress("string")
            .replyToEmailAddress("string")
            .sourceArn("string")
            .build())
        .emailVerificationMessage("string")
        .emailVerificationSubject("string")
        .lambdaConfig(UserPoolLambdaConfigArgs.builder()
            .createAuthChallenge("string")
            .customEmailSender(UserPoolLambdaConfigCustomEmailSenderArgs.builder()
                .lambdaArn("string")
                .lambdaVersion("string")
                .build())
            .customMessage("string")
            .customSmsSender(UserPoolLambdaConfigCustomSmsSenderArgs.builder()
                .lambdaArn("string")
                .lambdaVersion("string")
                .build())
            .defineAuthChallenge("string")
            .kmsKeyId("string")
            .postAuthentication("string")
            .postConfirmation("string")
            .preAuthentication("string")
            .preSignUp("string")
            .preTokenGeneration("string")
            .preTokenGenerationConfig(UserPoolLambdaConfigPreTokenGenerationConfigArgs.builder()
                .lambdaArn("string")
                .lambdaVersion("string")
                .build())
            .userMigration("string")
            .verifyAuthChallengeResponse("string")
            .build())
        .mfaConfiguration("string")
        .name("string")
        .passwordPolicy(UserPoolPasswordPolicyArgs.builder()
            .minimumLength(0)
            .requireLowercase(false)
            .requireNumbers(false)
            .requireSymbols(false)
            .requireUppercase(false)
            .temporaryPasswordValidityDays(0)
            .build())
        .schemas(UserPoolSchemaArgs.builder()
            .attributeDataType("string")
            .name("string")
            .developerOnlyAttribute(false)
            .mutable(false)
            .numberAttributeConstraints(UserPoolSchemaNumberAttributeConstraintsArgs.builder()
                .maxValue("string")
                .minValue("string")
                .build())
            .required(false)
            .stringAttributeConstraints(UserPoolSchemaStringAttributeConstraintsArgs.builder()
                .maxLength("string")
                .minLength("string")
                .build())
            .build())
        .smsAuthenticationMessage("string")
        .smsConfiguration(UserPoolSmsConfigurationArgs.builder()
            .externalId("string")
            .snsCallerArn("string")
            .snsRegion("string")
            .build())
        .smsVerificationMessage("string")
        .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
            .enabled(false)
            .build())
        .tags(Map.of("string", "string"))
        .userAttributeUpdateSettings(UserPoolUserAttributeUpdateSettingsArgs.builder()
            .attributesRequireVerificationBeforeUpdates("string")
            .build())
        .userPoolAddOns(UserPoolUserPoolAddOnsArgs.builder()
            .advancedSecurityMode("string")
            .build())
        .usernameAttributes("string")
        .usernameConfiguration(UserPoolUsernameConfigurationArgs.builder()
            .caseSensitive(false)
            .build())
        .verificationMessageTemplate(UserPoolVerificationMessageTemplateArgs.builder()
            .defaultEmailOption("string")
            .emailMessage("string")
            .emailMessageByLink("string")
            .emailSubject("string")
            .emailSubjectByLink("string")
            .smsMessage("string")
            .build())
        .build());
    
    user_pool_resource = aws.cognito.UserPool("userPoolResource",
        account_recovery_setting={
            "recoveryMechanisms": [{
                "name": "string",
                "priority": 0,
            }],
        },
        admin_create_user_config={
            "allowAdminCreateUserOnly": False,
            "inviteMessageTemplate": {
                "emailMessage": "string",
                "emailSubject": "string",
                "smsMessage": "string",
            },
        },
        alias_attributes=["string"],
        auto_verified_attributes=["string"],
        deletion_protection="string",
        device_configuration={
            "challengeRequiredOnNewDevice": False,
            "deviceOnlyRememberedOnUserPrompt": False,
        },
        email_configuration={
            "configurationSet": "string",
            "emailSendingAccount": "string",
            "fromEmailAddress": "string",
            "replyToEmailAddress": "string",
            "sourceArn": "string",
        },
        email_verification_message="string",
        email_verification_subject="string",
        lambda_config={
            "createAuthChallenge": "string",
            "customEmailSender": {
                "lambdaArn": "string",
                "lambdaVersion": "string",
            },
            "customMessage": "string",
            "customSmsSender": {
                "lambdaArn": "string",
                "lambdaVersion": "string",
            },
            "defineAuthChallenge": "string",
            "kmsKeyId": "string",
            "postAuthentication": "string",
            "postConfirmation": "string",
            "preAuthentication": "string",
            "preSignUp": "string",
            "preTokenGeneration": "string",
            "preTokenGenerationConfig": {
                "lambdaArn": "string",
                "lambdaVersion": "string",
            },
            "userMigration": "string",
            "verifyAuthChallengeResponse": "string",
        },
        mfa_configuration="string",
        name="string",
        password_policy={
            "minimumLength": 0,
            "requireLowercase": False,
            "requireNumbers": False,
            "requireSymbols": False,
            "requireUppercase": False,
            "temporaryPasswordValidityDays": 0,
        },
        schemas=[{
            "attributeDataType": "string",
            "name": "string",
            "developerOnlyAttribute": False,
            "mutable": False,
            "numberAttributeConstraints": {
                "maxValue": "string",
                "minValue": "string",
            },
            "required": False,
            "stringAttributeConstraints": {
                "maxLength": "string",
                "minLength": "string",
            },
        }],
        sms_authentication_message="string",
        sms_configuration={
            "externalId": "string",
            "snsCallerArn": "string",
            "snsRegion": "string",
        },
        sms_verification_message="string",
        software_token_mfa_configuration={
            "enabled": False,
        },
        tags={
            "string": "string",
        },
        user_attribute_update_settings={
            "attributesRequireVerificationBeforeUpdates": ["string"],
        },
        user_pool_add_ons={
            "advancedSecurityMode": "string",
        },
        username_attributes=["string"],
        username_configuration={
            "caseSensitive": False,
        },
        verification_message_template={
            "defaultEmailOption": "string",
            "emailMessage": "string",
            "emailMessageByLink": "string",
            "emailSubject": "string",
            "emailSubjectByLink": "string",
            "smsMessage": "string",
        })
    
    const userPoolResource = new aws.cognito.UserPool("userPoolResource", {
        accountRecoverySetting: {
            recoveryMechanisms: [{
                name: "string",
                priority: 0,
            }],
        },
        adminCreateUserConfig: {
            allowAdminCreateUserOnly: false,
            inviteMessageTemplate: {
                emailMessage: "string",
                emailSubject: "string",
                smsMessage: "string",
            },
        },
        aliasAttributes: ["string"],
        autoVerifiedAttributes: ["string"],
        deletionProtection: "string",
        deviceConfiguration: {
            challengeRequiredOnNewDevice: false,
            deviceOnlyRememberedOnUserPrompt: false,
        },
        emailConfiguration: {
            configurationSet: "string",
            emailSendingAccount: "string",
            fromEmailAddress: "string",
            replyToEmailAddress: "string",
            sourceArn: "string",
        },
        emailVerificationMessage: "string",
        emailVerificationSubject: "string",
        lambdaConfig: {
            createAuthChallenge: "string",
            customEmailSender: {
                lambdaArn: "string",
                lambdaVersion: "string",
            },
            customMessage: "string",
            customSmsSender: {
                lambdaArn: "string",
                lambdaVersion: "string",
            },
            defineAuthChallenge: "string",
            kmsKeyId: "string",
            postAuthentication: "string",
            postConfirmation: "string",
            preAuthentication: "string",
            preSignUp: "string",
            preTokenGeneration: "string",
            preTokenGenerationConfig: {
                lambdaArn: "string",
                lambdaVersion: "string",
            },
            userMigration: "string",
            verifyAuthChallengeResponse: "string",
        },
        mfaConfiguration: "string",
        name: "string",
        passwordPolicy: {
            minimumLength: 0,
            requireLowercase: false,
            requireNumbers: false,
            requireSymbols: false,
            requireUppercase: false,
            temporaryPasswordValidityDays: 0,
        },
        schemas: [{
            attributeDataType: "string",
            name: "string",
            developerOnlyAttribute: false,
            mutable: false,
            numberAttributeConstraints: {
                maxValue: "string",
                minValue: "string",
            },
            required: false,
            stringAttributeConstraints: {
                maxLength: "string",
                minLength: "string",
            },
        }],
        smsAuthenticationMessage: "string",
        smsConfiguration: {
            externalId: "string",
            snsCallerArn: "string",
            snsRegion: "string",
        },
        smsVerificationMessage: "string",
        softwareTokenMfaConfiguration: {
            enabled: false,
        },
        tags: {
            string: "string",
        },
        userAttributeUpdateSettings: {
            attributesRequireVerificationBeforeUpdates: ["string"],
        },
        userPoolAddOns: {
            advancedSecurityMode: "string",
        },
        usernameAttributes: ["string"],
        usernameConfiguration: {
            caseSensitive: false,
        },
        verificationMessageTemplate: {
            defaultEmailOption: "string",
            emailMessage: "string",
            emailMessageByLink: "string",
            emailSubject: "string",
            emailSubjectByLink: "string",
            smsMessage: "string",
        },
    });
    
    type: aws:cognito:UserPool
    properties:
        accountRecoverySetting:
            recoveryMechanisms:
                - name: string
                  priority: 0
        adminCreateUserConfig:
            allowAdminCreateUserOnly: false
            inviteMessageTemplate:
                emailMessage: string
                emailSubject: string
                smsMessage: string
        aliasAttributes:
            - string
        autoVerifiedAttributes:
            - string
        deletionProtection: string
        deviceConfiguration:
            challengeRequiredOnNewDevice: false
            deviceOnlyRememberedOnUserPrompt: false
        emailConfiguration:
            configurationSet: string
            emailSendingAccount: string
            fromEmailAddress: string
            replyToEmailAddress: string
            sourceArn: string
        emailVerificationMessage: string
        emailVerificationSubject: string
        lambdaConfig:
            createAuthChallenge: string
            customEmailSender:
                lambdaArn: string
                lambdaVersion: string
            customMessage: string
            customSmsSender:
                lambdaArn: string
                lambdaVersion: string
            defineAuthChallenge: string
            kmsKeyId: string
            postAuthentication: string
            postConfirmation: string
            preAuthentication: string
            preSignUp: string
            preTokenGeneration: string
            preTokenGenerationConfig:
                lambdaArn: string
                lambdaVersion: string
            userMigration: string
            verifyAuthChallengeResponse: string
        mfaConfiguration: string
        name: string
        passwordPolicy:
            minimumLength: 0
            requireLowercase: false
            requireNumbers: false
            requireSymbols: false
            requireUppercase: false
            temporaryPasswordValidityDays: 0
        schemas:
            - attributeDataType: string
              developerOnlyAttribute: false
              mutable: false
              name: string
              numberAttributeConstraints:
                maxValue: string
                minValue: string
              required: false
              stringAttributeConstraints:
                maxLength: string
                minLength: string
        smsAuthenticationMessage: string
        smsConfiguration:
            externalId: string
            snsCallerArn: string
            snsRegion: string
        smsVerificationMessage: string
        softwareTokenMfaConfiguration:
            enabled: false
        tags:
            string: string
        userAttributeUpdateSettings:
            attributesRequireVerificationBeforeUpdates:
                - string
        userPoolAddOns:
            advancedSecurityMode: string
        usernameAttributes:
            - string
        usernameConfiguration:
            caseSensitive: false
        verificationMessageTemplate:
            defaultEmailOption: string
            emailMessage: string
            emailMessageByLink: string
            emailSubject: string
            emailSubjectByLink: string
            smsMessage: string
    

    UserPool Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The UserPool resource accepts the following input properties:

    AccountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    AdminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    AliasAttributes List<string>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    AutoVerifiedAttributes List<string>
    Attributes to be auto-verified. Valid values: email, phone_number.
    DeletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    DeviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    EmailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    EmailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    EmailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    LambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    MfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    Schemas List<UserPoolSchema>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    SmsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    SmsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    SmsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    Tags Dictionary<string, string>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    UserPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    UsernameAttributes List<string>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    UsernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    VerificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    AccountRecoverySetting UserPoolAccountRecoverySettingArgs
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs
    Configuration block for creating a new user profile. Detailed below.
    AliasAttributes []string
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    AutoVerifiedAttributes []string
    Attributes to be auto-verified. Valid values: email, phone_number.
    DeletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    DeviceConfiguration UserPoolDeviceConfigurationArgs
    Configuration block for the user pool's device tracking. Detailed below.
    EmailConfiguration UserPoolEmailConfigurationArgs
    Configuration block for configuring email. Detailed below.
    EmailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    EmailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    LambdaConfig UserPoolLambdaConfigArgs
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    MfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicyArgs
    Configuration block for information about the user pool password policy. Detailed below.
    Schemas []UserPoolSchemaArgs
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    SmsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    SmsConfiguration UserPoolSmsConfigurationArgs
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    SmsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    Tags map[string]string
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs
    Configuration block for user attribute update settings. Detailed below.
    UserPoolAddOns UserPoolUserPoolAddOnsArgs
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    UsernameAttributes []string
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    UsernameConfiguration UserPoolUsernameConfigurationArgs
    Configuration block for username configuration. Detailed below.
    VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes List<String>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    autoVerifiedAttributes List<String>
    Attributes to be auto-verified. Valid values: email, phone_number.
    deletionProtection String
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    emailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage String
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject String
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    lambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    mfaConfiguration String
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    schemas List<UserPoolSchema>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage String
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage String
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Map<String,String>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes List<String>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes string[]
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    autoVerifiedAttributes string[]
    Attributes to be auto-verified. Valid values: email, phone_number.
    deletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    emailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    lambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    mfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name string

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    schemas UserPoolSchema[]
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags {[key: string]: string}
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes string[]
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    account_recovery_setting UserPoolAccountRecoverySettingArgs
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    admin_create_user_config UserPoolAdminCreateUserConfigArgs
    Configuration block for creating a new user profile. Detailed below.
    alias_attributes Sequence[str]
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    auto_verified_attributes Sequence[str]
    Attributes to be auto-verified. Valid values: email, phone_number.
    deletion_protection str
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    device_configuration UserPoolDeviceConfigurationArgs
    Configuration block for the user pool's device tracking. Detailed below.
    email_configuration UserPoolEmailConfigurationArgs
    Configuration block for configuring email. Detailed below.
    email_verification_message str
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    email_verification_subject str
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    lambda_config UserPoolLambdaConfigArgs
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    mfa_configuration str
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name str

    Name of the user pool.

    The following arguments are optional:

    password_policy UserPoolPasswordPolicyArgs
    Configuration block for information about the user pool password policy. Detailed below.
    schemas Sequence[UserPoolSchemaArgs]
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    sms_authentication_message str
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    sms_configuration UserPoolSmsConfigurationArgs
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    sms_verification_message str
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Mapping[str, str]
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs
    Configuration block for user attribute update settings. Detailed below.
    user_pool_add_ons UserPoolUserPoolAddOnsArgs
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    username_attributes Sequence[str]
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    username_configuration UserPoolUsernameConfigurationArgs
    Configuration block for username configuration. Detailed below.
    verification_message_template UserPoolVerificationMessageTemplateArgs
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting Property Map
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig Property Map
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes List<String>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    autoVerifiedAttributes List<String>
    Attributes to be auto-verified. Valid values: email, phone_number.
    deletionProtection String
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration Property Map
    Configuration block for the user pool's device tracking. Detailed below.
    emailConfiguration Property Map
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage String
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject String
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    lambdaConfig Property Map
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    mfaConfiguration String
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy Property Map
    Configuration block for information about the user pool password policy. Detailed below.
    schemas List<Property Map>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage String
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration Property Map
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage String
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration Property Map
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Map<String>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userAttributeUpdateSettings Property Map
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns Property Map
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes List<String>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration Property Map
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate Property Map
    Configuration block for verification message templates. Detailed below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the UserPool resource produces the following output properties:

    Arn string
    ARN of the user pool.
    CreationDate string
    Date the user pool was created.
    CustomDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    Domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    Endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    EstimatedNumberOfUsers int
    A number estimating the size of the user pool.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedDate string
    Date the user pool was last modified.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    ARN of the user pool.
    CreationDate string
    Date the user pool was created.
    CustomDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    Domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    Endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    EstimatedNumberOfUsers int
    A number estimating the size of the user pool.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedDate string
    Date the user pool was last modified.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the user pool.
    creationDate String
    Date the user pool was created.
    customDomain String
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    domain String
    Holds the domain prefix if the user pool has a domain associated with it.
    endpoint String
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers Integer
    A number estimating the size of the user pool.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate String
    Date the user pool was last modified.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    ARN of the user pool.
    creationDate string
    Date the user pool was created.
    customDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers number
    A number estimating the size of the user pool.
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate string
    Date the user pool was last modified.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    ARN of the user pool.
    creation_date str
    Date the user pool was created.
    custom_domain str
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    domain str
    Holds the domain prefix if the user pool has a domain associated with it.
    endpoint str
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimated_number_of_users int
    A number estimating the size of the user pool.
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_date str
    Date the user pool was last modified.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the user pool.
    creationDate String
    Date the user pool was created.
    customDomain String
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    domain String
    Holds the domain prefix if the user pool has a domain associated with it.
    endpoint String
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers Number
    A number estimating the size of the user pool.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedDate String
    Date the user pool was last modified.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing UserPool Resource

    Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserPoolState, opts?: CustomResourceOptions): UserPool
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
            admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
            alias_attributes: Optional[Sequence[str]] = None,
            arn: Optional[str] = None,
            auto_verified_attributes: Optional[Sequence[str]] = None,
            creation_date: Optional[str] = None,
            custom_domain: Optional[str] = None,
            deletion_protection: Optional[str] = None,
            device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
            domain: Optional[str] = None,
            email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
            email_verification_message: Optional[str] = None,
            email_verification_subject: Optional[str] = None,
            endpoint: Optional[str] = None,
            estimated_number_of_users: Optional[int] = None,
            lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
            last_modified_date: Optional[str] = None,
            mfa_configuration: Optional[str] = None,
            name: Optional[str] = None,
            password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
            schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
            sms_authentication_message: Optional[str] = None,
            sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
            sms_verification_message: Optional[str] = None,
            software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
            user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
            username_attributes: Optional[Sequence[str]] = None,
            username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
            verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None) -> UserPool
    func GetUserPool(ctx *Context, name string, id IDInput, state *UserPoolState, opts ...ResourceOption) (*UserPool, error)
    public static UserPool Get(string name, Input<string> id, UserPoolState? state, CustomResourceOptions? opts = null)
    public static UserPool get(String name, Output<String> id, UserPoolState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    AdminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    AliasAttributes List<string>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    Arn string
    ARN of the user pool.
    AutoVerifiedAttributes List<string>
    Attributes to be auto-verified. Valid values: email, phone_number.
    CreationDate string
    Date the user pool was created.
    CustomDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    DeletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    DeviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    Domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    EmailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    EmailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    EmailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    Endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    EstimatedNumberOfUsers int
    A number estimating the size of the user pool.
    LambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    LastModifiedDate string
    Date the user pool was last modified.
    MfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    Schemas List<UserPoolSchema>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    SmsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    SmsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    SmsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    Tags Dictionary<string, string>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    UserPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    UsernameAttributes List<string>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    UsernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    VerificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    AccountRecoverySetting UserPoolAccountRecoverySettingArgs
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs
    Configuration block for creating a new user profile. Detailed below.
    AliasAttributes []string
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    Arn string
    ARN of the user pool.
    AutoVerifiedAttributes []string
    Attributes to be auto-verified. Valid values: email, phone_number.
    CreationDate string
    Date the user pool was created.
    CustomDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    DeletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    DeviceConfiguration UserPoolDeviceConfigurationArgs
    Configuration block for the user pool's device tracking. Detailed below.
    Domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    EmailConfiguration UserPoolEmailConfigurationArgs
    Configuration block for configuring email. Detailed below.
    EmailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    EmailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    Endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    EstimatedNumberOfUsers int
    A number estimating the size of the user pool.
    LambdaConfig UserPoolLambdaConfigArgs
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    LastModifiedDate string
    Date the user pool was last modified.
    MfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicyArgs
    Configuration block for information about the user pool password policy. Detailed below.
    Schemas []UserPoolSchemaArgs
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    SmsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    SmsConfiguration UserPoolSmsConfigurationArgs
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    SmsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    Tags map[string]string
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs
    Configuration block for user attribute update settings. Detailed below.
    UserPoolAddOns UserPoolUserPoolAddOnsArgs
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    UsernameAttributes []string
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    UsernameConfiguration UserPoolUsernameConfigurationArgs
    Configuration block for username configuration. Detailed below.
    VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes List<String>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    arn String
    ARN of the user pool.
    autoVerifiedAttributes List<String>
    Attributes to be auto-verified. Valid values: email, phone_number.
    creationDate String
    Date the user pool was created.
    customDomain String
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    deletionProtection String
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    domain String
    Holds the domain prefix if the user pool has a domain associated with it.
    emailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage String
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject String
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    endpoint String
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers Integer
    A number estimating the size of the user pool.
    lambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    lastModifiedDate String
    Date the user pool was last modified.
    mfaConfiguration String
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    schemas List<UserPoolSchema>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage String
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage String
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Map<String,String>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes List<String>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting UserPoolAccountRecoverySetting
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig UserPoolAdminCreateUserConfig
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes string[]
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    arn string
    ARN of the user pool.
    autoVerifiedAttributes string[]
    Attributes to be auto-verified. Valid values: email, phone_number.
    creationDate string
    Date the user pool was created.
    customDomain string
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    deletionProtection string
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration UserPoolDeviceConfiguration
    Configuration block for the user pool's device tracking. Detailed below.
    domain string
    Holds the domain prefix if the user pool has a domain associated with it.
    emailConfiguration UserPoolEmailConfiguration
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage string
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject string
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    endpoint string
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers number
    A number estimating the size of the user pool.
    lambdaConfig UserPoolLambdaConfig
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    lastModifiedDate string
    Date the user pool was last modified.
    mfaConfiguration string
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name string

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy
    Configuration block for information about the user pool password policy. Detailed below.
    schemas UserPoolSchema[]
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage string
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration UserPoolSmsConfiguration
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage string
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags {[key: string]: string}
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns UserPoolUserPoolAddOns
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes string[]
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration UserPoolUsernameConfiguration
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate UserPoolVerificationMessageTemplate
    Configuration block for verification message templates. Detailed below.
    account_recovery_setting UserPoolAccountRecoverySettingArgs
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    admin_create_user_config UserPoolAdminCreateUserConfigArgs
    Configuration block for creating a new user profile. Detailed below.
    alias_attributes Sequence[str]
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    arn str
    ARN of the user pool.
    auto_verified_attributes Sequence[str]
    Attributes to be auto-verified. Valid values: email, phone_number.
    creation_date str
    Date the user pool was created.
    custom_domain str
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    deletion_protection str
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    device_configuration UserPoolDeviceConfigurationArgs
    Configuration block for the user pool's device tracking. Detailed below.
    domain str
    Holds the domain prefix if the user pool has a domain associated with it.
    email_configuration UserPoolEmailConfigurationArgs
    Configuration block for configuring email. Detailed below.
    email_verification_message str
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    email_verification_subject str
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    endpoint str
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimated_number_of_users int
    A number estimating the size of the user pool.
    lambda_config UserPoolLambdaConfigArgs
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    last_modified_date str
    Date the user pool was last modified.
    mfa_configuration str
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name str

    Name of the user pool.

    The following arguments are optional:

    password_policy UserPoolPasswordPolicyArgs
    Configuration block for information about the user pool password policy. Detailed below.
    schemas Sequence[UserPoolSchemaArgs]
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    sms_authentication_message str
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    sms_configuration UserPoolSmsConfigurationArgs
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    sms_verification_message str
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Mapping[str, str]
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs
    Configuration block for user attribute update settings. Detailed below.
    user_pool_add_ons UserPoolUserPoolAddOnsArgs
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    username_attributes Sequence[str]
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    username_configuration UserPoolUsernameConfigurationArgs
    Configuration block for username configuration. Detailed below.
    verification_message_template UserPoolVerificationMessageTemplateArgs
    Configuration block for verification message templates. Detailed below.
    accountRecoverySetting Property Map
    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
    adminCreateUserConfig Property Map
    Configuration block for creating a new user profile. Detailed below.
    aliasAttributes List<String>
    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
    arn String
    ARN of the user pool.
    autoVerifiedAttributes List<String>
    Attributes to be auto-verified. Valid values: email, phone_number.
    creationDate String
    Date the user pool was created.
    customDomain String
    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.
    deletionProtection String
    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
    deviceConfiguration Property Map
    Configuration block for the user pool's device tracking. Detailed below.
    domain String
    Holds the domain prefix if the user pool has a domain associated with it.
    emailConfiguration Property Map
    Configuration block for configuring email. Detailed below.
    emailVerificationMessage String
    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
    emailVerificationSubject String
    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
    endpoint String
    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy
    estimatedNumberOfUsers Number
    A number estimating the size of the user pool.
    lambdaConfig Property Map
    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
    lastModifiedDate String
    Date the user pool was last modified.
    mfaConfiguration String
    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy Property Map
    Configuration block for information about the user pool password policy. Detailed below.
    schemas List<Property Map>
    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
    smsAuthenticationMessage String
    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
    smsConfiguration Property Map
    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
    smsVerificationMessage String
    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
    softwareTokenMfaConfiguration Property Map
    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
    tags Map<String>
    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    userAttributeUpdateSettings Property Map
    Configuration block for user attribute update settings. Detailed below.
    userPoolAddOns Property Map
    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
    usernameAttributes List<String>
    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
    usernameConfiguration Property Map
    Configuration block for username configuration. Detailed below.
    verificationMessageTemplate Property Map
    Configuration block for verification message templates. Detailed below.

    Supporting Types

    UserPoolAccountRecoverySetting, UserPoolAccountRecoverySettingArgs

    RecoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>
    List of Account Recovery Options of the following structure:
    RecoveryMechanisms []UserPoolAccountRecoverySettingRecoveryMechanism
    List of Account Recovery Options of the following structure:
    recoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>
    List of Account Recovery Options of the following structure:
    recoveryMechanisms UserPoolAccountRecoverySettingRecoveryMechanism[]
    List of Account Recovery Options of the following structure:
    recovery_mechanisms Sequence[UserPoolAccountRecoverySettingRecoveryMechanism]
    List of Account Recovery Options of the following structure:
    recoveryMechanisms List<Property Map>
    List of Account Recovery Options of the following structure:

    UserPoolAccountRecoverySettingRecoveryMechanism, UserPoolAccountRecoverySettingRecoveryMechanismArgs

    Name string
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    Priority int
    Positive integer specifying priority of a method with 1 being the highest priority.
    Name string
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    Priority int
    Positive integer specifying priority of a method with 1 being the highest priority.
    name String
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    priority Integer
    Positive integer specifying priority of a method with 1 being the highest priority.
    name string
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    priority number
    Positive integer specifying priority of a method with 1 being the highest priority.
    name str
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    priority int
    Positive integer specifying priority of a method with 1 being the highest priority.
    name String
    Recovery method for a user. Can be of the following: verified_email, verified_phone_number, and admin_only.
    priority Number
    Positive integer specifying priority of a method with 1 being the highest priority.

    UserPoolAdminCreateUserConfig, UserPoolAdminCreateUserConfigArgs

    AllowAdminCreateUserOnly bool
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate
    Invite message template structure. Detailed below.
    AllowAdminCreateUserOnly bool
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate
    Invite message template structure. Detailed below.
    allowAdminCreateUserOnly Boolean
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate
    Invite message template structure. Detailed below.
    allowAdminCreateUserOnly boolean
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate
    Invite message template structure. Detailed below.
    allow_admin_create_user_only bool
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    invite_message_template UserPoolAdminCreateUserConfigInviteMessageTemplate
    Invite message template structure. Detailed below.
    allowAdminCreateUserOnly Boolean
    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.
    inviteMessageTemplate Property Map
    Invite message template structure. Detailed below.

    UserPoolAdminCreateUserConfigInviteMessageTemplate, UserPoolAdminCreateUserConfigInviteMessageTemplateArgs

    EmailMessage string
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    EmailSubject string
    Subject line for email messages.
    SmsMessage string
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    EmailMessage string
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    EmailSubject string
    Subject line for email messages.
    SmsMessage string
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailMessage String
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailSubject String
    Subject line for email messages.
    smsMessage String
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailMessage string
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailSubject string
    Subject line for email messages.
    smsMessage string
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    email_message str
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    email_subject str
    Subject line for email messages.
    sms_message str
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailMessage String
    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.
    emailSubject String
    Subject line for email messages.
    smsMessage String
    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    UserPoolDeviceConfiguration, UserPoolDeviceConfigurationArgs

    ChallengeRequiredOnNewDevice bool
    Whether a challenge is required on a new device. Only applicable to a new device.
    DeviceOnlyRememberedOnUserPrompt bool
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."
    ChallengeRequiredOnNewDevice bool
    Whether a challenge is required on a new device. Only applicable to a new device.
    DeviceOnlyRememberedOnUserPrompt bool
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."
    challengeRequiredOnNewDevice Boolean
    Whether a challenge is required on a new device. Only applicable to a new device.
    deviceOnlyRememberedOnUserPrompt Boolean
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."
    challengeRequiredOnNewDevice boolean
    Whether a challenge is required on a new device. Only applicable to a new device.
    deviceOnlyRememberedOnUserPrompt boolean
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."
    challenge_required_on_new_device bool
    Whether a challenge is required on a new device. Only applicable to a new device.
    device_only_remembered_on_user_prompt bool
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."
    challengeRequiredOnNewDevice Boolean
    Whether a challenge is required on a new device. Only applicable to a new device.
    deviceOnlyRememberedOnUserPrompt Boolean
    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    UserPoolEmailConfiguration, UserPoolEmailConfigurationArgs

    ConfigurationSet string
    Email configuration set name from SES.
    EmailSendingAccount string
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    FromEmailAddress string
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    ReplyToEmailAddress string
    REPLY-TO email address.
    SourceArn string
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.
    ConfigurationSet string
    Email configuration set name from SES.
    EmailSendingAccount string
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    FromEmailAddress string
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    ReplyToEmailAddress string
    REPLY-TO email address.
    SourceArn string
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.
    configurationSet String
    Email configuration set name from SES.
    emailSendingAccount String
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    fromEmailAddress String
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    replyToEmailAddress String
    REPLY-TO email address.
    sourceArn String
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.
    configurationSet string
    Email configuration set name from SES.
    emailSendingAccount string
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    fromEmailAddress string
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    replyToEmailAddress string
    REPLY-TO email address.
    sourceArn string
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.
    configuration_set str
    Email configuration set name from SES.
    email_sending_account str
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    from_email_address str
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    reply_to_email_address str
    REPLY-TO email address.
    source_arn str
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.
    configurationSet String
    Email configuration set name from SES.
    emailSendingAccount String
    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.
    fromEmailAddress String
    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.
    replyToEmailAddress String
    REPLY-TO email address.
    sourceArn String
    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    UserPoolLambdaConfig, UserPoolLambdaConfigArgs

    CreateAuthChallenge string
    ARN of the lambda creating an authentication challenge.
    CustomEmailSender UserPoolLambdaConfigCustomEmailSender
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    CustomMessage string
    Custom Message AWS Lambda trigger.
    CustomSmsSender UserPoolLambdaConfigCustomSmsSender
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    DefineAuthChallenge string
    Defines the authentication challenge.
    KmsKeyId string
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    PostAuthentication string
    Post-authentication AWS Lambda trigger.
    PostConfirmation string
    Post-confirmation AWS Lambda trigger.
    PreAuthentication string
    Pre-authentication AWS Lambda trigger.
    PreSignUp string
    Pre-registration AWS Lambda trigger.
    PreTokenGeneration string
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    PreTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig
    Allow to customize access tokens. See pre_token_configuration_type
    UserMigration string
    User migration Lambda config type.
    VerifyAuthChallengeResponse string
    Verifies the authentication challenge response.
    CreateAuthChallenge string
    ARN of the lambda creating an authentication challenge.
    CustomEmailSender UserPoolLambdaConfigCustomEmailSender
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    CustomMessage string
    Custom Message AWS Lambda trigger.
    CustomSmsSender UserPoolLambdaConfigCustomSmsSender
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    DefineAuthChallenge string
    Defines the authentication challenge.
    KmsKeyId string
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    PostAuthentication string
    Post-authentication AWS Lambda trigger.
    PostConfirmation string
    Post-confirmation AWS Lambda trigger.
    PreAuthentication string
    Pre-authentication AWS Lambda trigger.
    PreSignUp string
    Pre-registration AWS Lambda trigger.
    PreTokenGeneration string
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    PreTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig
    Allow to customize access tokens. See pre_token_configuration_type
    UserMigration string
    User migration Lambda config type.
    VerifyAuthChallengeResponse string
    Verifies the authentication challenge response.
    createAuthChallenge String
    ARN of the lambda creating an authentication challenge.
    customEmailSender UserPoolLambdaConfigCustomEmailSender
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    customMessage String
    Custom Message AWS Lambda trigger.
    customSmsSender UserPoolLambdaConfigCustomSmsSender
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    defineAuthChallenge String
    Defines the authentication challenge.
    kmsKeyId String
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    postAuthentication String
    Post-authentication AWS Lambda trigger.
    postConfirmation String
    Post-confirmation AWS Lambda trigger.
    preAuthentication String
    Pre-authentication AWS Lambda trigger.
    preSignUp String
    Pre-registration AWS Lambda trigger.
    preTokenGeneration String
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    preTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig
    Allow to customize access tokens. See pre_token_configuration_type
    userMigration String
    User migration Lambda config type.
    verifyAuthChallengeResponse String
    Verifies the authentication challenge response.
    createAuthChallenge string
    ARN of the lambda creating an authentication challenge.
    customEmailSender UserPoolLambdaConfigCustomEmailSender
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    customMessage string
    Custom Message AWS Lambda trigger.
    customSmsSender UserPoolLambdaConfigCustomSmsSender
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    defineAuthChallenge string
    Defines the authentication challenge.
    kmsKeyId string
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    postAuthentication string
    Post-authentication AWS Lambda trigger.
    postConfirmation string
    Post-confirmation AWS Lambda trigger.
    preAuthentication string
    Pre-authentication AWS Lambda trigger.
    preSignUp string
    Pre-registration AWS Lambda trigger.
    preTokenGeneration string
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    preTokenGenerationConfig UserPoolLambdaConfigPreTokenGenerationConfig
    Allow to customize access tokens. See pre_token_configuration_type
    userMigration string
    User migration Lambda config type.
    verifyAuthChallengeResponse string
    Verifies the authentication challenge response.
    create_auth_challenge str
    ARN of the lambda creating an authentication challenge.
    custom_email_sender UserPoolLambdaConfigCustomEmailSender
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    custom_message str
    Custom Message AWS Lambda trigger.
    custom_sms_sender UserPoolLambdaConfigCustomSmsSender
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    define_auth_challenge str
    Defines the authentication challenge.
    kms_key_id str
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    post_authentication str
    Post-authentication AWS Lambda trigger.
    post_confirmation str
    Post-confirmation AWS Lambda trigger.
    pre_authentication str
    Pre-authentication AWS Lambda trigger.
    pre_sign_up str
    Pre-registration AWS Lambda trigger.
    pre_token_generation str
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    pre_token_generation_config UserPoolLambdaConfigPreTokenGenerationConfig
    Allow to customize access tokens. See pre_token_configuration_type
    user_migration str
    User migration Lambda config type.
    verify_auth_challenge_response str
    Verifies the authentication challenge response.
    createAuthChallenge String
    ARN of the lambda creating an authentication challenge.
    customEmailSender Property Map
    A custom email sender AWS Lambda trigger. See custom_email_sender Below.
    customMessage String
    Custom Message AWS Lambda trigger.
    customSmsSender Property Map
    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.
    defineAuthChallenge String
    Defines the authentication challenge.
    kmsKeyId String
    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.
    postAuthentication String
    Post-authentication AWS Lambda trigger.
    postConfirmation String
    Post-confirmation AWS Lambda trigger.
    preAuthentication String
    Pre-authentication AWS Lambda trigger.
    preSignUp String
    Pre-registration AWS Lambda trigger.
    preTokenGeneration String
    Allow to customize identity token claims before token generation. Set this parameter for legacy purposes; for new instances of pre token generation triggers, set the lambda_arn of pre_token_generation_config.
    preTokenGenerationConfig Property Map
    Allow to customize access tokens. See pre_token_configuration_type
    userMigration String
    User migration Lambda config type.
    verifyAuthChallengeResponse String
    Verifies the authentication challenge response.

    UserPoolLambdaConfigCustomEmailSender, UserPoolLambdaConfigCustomEmailSenderArgs

    LambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    LambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
    LambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    LambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
    lambdaArn String
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    lambdaVersion String
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
    lambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    lambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
    lambda_arn str
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    lambda_version str
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.
    lambdaArn String
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.
    lambdaVersion String
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    UserPoolLambdaConfigCustomSmsSender, UserPoolLambdaConfigCustomSmsSenderArgs

    LambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    LambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
    LambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    LambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
    lambdaArn String
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    lambdaVersion String
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
    lambdaArn string
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    lambdaVersion string
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
    lambda_arn str
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    lambda_version str
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.
    lambdaArn String
    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.
    lambdaVersion String
    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    UserPoolLambdaConfigPreTokenGenerationConfig, UserPoolLambdaConfigPreTokenGenerationConfigArgs

    UserPoolPasswordPolicy, UserPoolPasswordPolicyArgs

    MinimumLength int
    Minimum length of the password policy that you have set.
    RequireLowercase bool
    Whether you have required users to use at least one lowercase letter in their password.
    RequireNumbers bool
    Whether you have required users to use at least one number in their password.
    RequireSymbols bool
    Whether you have required users to use at least one symbol in their password.
    RequireUppercase bool
    Whether you have required users to use at least one uppercase letter in their password.
    TemporaryPasswordValidityDays int
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
    MinimumLength int
    Minimum length of the password policy that you have set.
    RequireLowercase bool
    Whether you have required users to use at least one lowercase letter in their password.
    RequireNumbers bool
    Whether you have required users to use at least one number in their password.
    RequireSymbols bool
    Whether you have required users to use at least one symbol in their password.
    RequireUppercase bool
    Whether you have required users to use at least one uppercase letter in their password.
    TemporaryPasswordValidityDays int
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
    minimumLength Integer
    Minimum length of the password policy that you have set.
    requireLowercase Boolean
    Whether you have required users to use at least one lowercase letter in their password.
    requireNumbers Boolean
    Whether you have required users to use at least one number in their password.
    requireSymbols Boolean
    Whether you have required users to use at least one symbol in their password.
    requireUppercase Boolean
    Whether you have required users to use at least one uppercase letter in their password.
    temporaryPasswordValidityDays Integer
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
    minimumLength number
    Minimum length of the password policy that you have set.
    requireLowercase boolean
    Whether you have required users to use at least one lowercase letter in their password.
    requireNumbers boolean
    Whether you have required users to use at least one number in their password.
    requireSymbols boolean
    Whether you have required users to use at least one symbol in their password.
    requireUppercase boolean
    Whether you have required users to use at least one uppercase letter in their password.
    temporaryPasswordValidityDays number
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
    minimum_length int
    Minimum length of the password policy that you have set.
    require_lowercase bool
    Whether you have required users to use at least one lowercase letter in their password.
    require_numbers bool
    Whether you have required users to use at least one number in their password.
    require_symbols bool
    Whether you have required users to use at least one symbol in their password.
    require_uppercase bool
    Whether you have required users to use at least one uppercase letter in their password.
    temporary_password_validity_days int
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.
    minimumLength Number
    Minimum length of the password policy that you have set.
    requireLowercase Boolean
    Whether you have required users to use at least one lowercase letter in their password.
    requireNumbers Boolean
    Whether you have required users to use at least one number in their password.
    requireSymbols Boolean
    Whether you have required users to use at least one symbol in their password.
    requireUppercase Boolean
    Whether you have required users to use at least one uppercase letter in their password.
    temporaryPasswordValidityDays Number
    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    UserPoolSchema, UserPoolSchemaArgs

    AttributeDataType string
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    Name string
    Name of the attribute.
    DeveloperOnlyAttribute bool
    Whether the attribute type is developer only.
    Mutable bool
    Whether the attribute can be changed once it has been created.
    NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    Required bool
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    StringAttributeConstraints UserPoolSchemaStringAttributeConstraints
    Constraints for an attribute of the string type. Detailed below.
    AttributeDataType string
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    Name string
    Name of the attribute.
    DeveloperOnlyAttribute bool
    Whether the attribute type is developer only.
    Mutable bool
    Whether the attribute can be changed once it has been created.
    NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    Required bool
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    StringAttributeConstraints UserPoolSchemaStringAttributeConstraints
    Constraints for an attribute of the string type. Detailed below.
    attributeDataType String
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    name String
    Name of the attribute.
    developerOnlyAttribute Boolean
    Whether the attribute type is developer only.
    mutable Boolean
    Whether the attribute can be changed once it has been created.
    numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    required Boolean
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    stringAttributeConstraints UserPoolSchemaStringAttributeConstraints
    Constraints for an attribute of the string type. Detailed below.
    attributeDataType string
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    name string
    Name of the attribute.
    developerOnlyAttribute boolean
    Whether the attribute type is developer only.
    mutable boolean
    Whether the attribute can be changed once it has been created.
    numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    required boolean
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    stringAttributeConstraints UserPoolSchemaStringAttributeConstraints
    Constraints for an attribute of the string type. Detailed below.
    attribute_data_type str
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    name str
    Name of the attribute.
    developer_only_attribute bool
    Whether the attribute type is developer only.
    mutable bool
    Whether the attribute can be changed once it has been created.
    number_attribute_constraints UserPoolSchemaNumberAttributeConstraints
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    required bool
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    string_attribute_constraints UserPoolSchemaStringAttributeConstraints
    Constraints for an attribute of the string type. Detailed below.
    attributeDataType String
    Attribute data type. Must be one of Boolean, Number, String, DateTime.
    name String
    Name of the attribute.
    developerOnlyAttribute Boolean
    Whether the attribute type is developer only.
    mutable Boolean
    Whether the attribute can be changed once it has been created.
    numberAttributeConstraints Property Map
    Configuration block for the constraints for an attribute of the number type. Detailed below.
    required Boolean
    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.
    stringAttributeConstraints Property Map
    Constraints for an attribute of the string type. Detailed below.

    UserPoolSchemaNumberAttributeConstraints, UserPoolSchemaNumberAttributeConstraintsArgs

    MaxValue string
    Maximum value of an attribute that is of the number data type.
    MinValue string
    Minimum value of an attribute that is of the number data type.
    MaxValue string
    Maximum value of an attribute that is of the number data type.
    MinValue string
    Minimum value of an attribute that is of the number data type.
    maxValue String
    Maximum value of an attribute that is of the number data type.
    minValue String
    Minimum value of an attribute that is of the number data type.
    maxValue string
    Maximum value of an attribute that is of the number data type.
    minValue string
    Minimum value of an attribute that is of the number data type.
    max_value str
    Maximum value of an attribute that is of the number data type.
    min_value str
    Minimum value of an attribute that is of the number data type.
    maxValue String
    Maximum value of an attribute that is of the number data type.
    minValue String
    Minimum value of an attribute that is of the number data type.

    UserPoolSchemaStringAttributeConstraints, UserPoolSchemaStringAttributeConstraintsArgs

    MaxLength string
    Maximum length of an attribute value of the string type.
    MinLength string
    Minimum length of an attribute value of the string type.
    MaxLength string
    Maximum length of an attribute value of the string type.
    MinLength string
    Minimum length of an attribute value of the string type.
    maxLength String
    Maximum length of an attribute value of the string type.
    minLength String
    Minimum length of an attribute value of the string type.
    maxLength string
    Maximum length of an attribute value of the string type.
    minLength string
    Minimum length of an attribute value of the string type.
    max_length str
    Maximum length of an attribute value of the string type.
    min_length str
    Minimum length of an attribute value of the string type.
    maxLength String
    Maximum length of an attribute value of the string type.
    minLength String
    Minimum length of an attribute value of the string type.

    UserPoolSmsConfiguration, UserPoolSmsConfigurationArgs

    ExternalId string
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    SnsCallerArn string
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    SnsRegion string
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
    ExternalId string
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    SnsCallerArn string
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    SnsRegion string
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
    externalId String
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    snsCallerArn String
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    snsRegion String
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
    externalId string
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    snsCallerArn string
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    snsRegion string
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
    external_id str
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    sns_caller_arn str
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    sns_region str
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.
    externalId String
    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.
    snsCallerArn String
    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.
    snsRegion String
    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    UserPoolSoftwareTokenMfaConfiguration, UserPoolSoftwareTokenMfaConfigurationArgs

    Enabled bool
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.
    Enabled bool
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.
    enabled Boolean
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.
    enabled boolean
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.
    enabled bool
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.
    enabled Boolean
    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    UserPoolUserAttributeUpdateSettings, UserPoolUserAttributeUpdateSettingsArgs

    AttributesRequireVerificationBeforeUpdates List<string>
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.
    AttributesRequireVerificationBeforeUpdates []string
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.
    attributesRequireVerificationBeforeUpdates List<String>
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.
    attributesRequireVerificationBeforeUpdates string[]
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.
    attributes_require_verification_before_updates Sequence[str]
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.
    attributesRequireVerificationBeforeUpdates List<String>
    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    UserPoolUserPoolAddOns, UserPoolUserPoolAddOnsArgs

    AdvancedSecurityMode string
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.
    AdvancedSecurityMode string
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.
    advancedSecurityMode String
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.
    advancedSecurityMode string
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.
    advanced_security_mode str
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.
    advancedSecurityMode String
    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    UserPoolUsernameConfiguration, UserPoolUsernameConfigurationArgs

    CaseSensitive bool
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
    CaseSensitive bool
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
    caseSensitive Boolean
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
    caseSensitive boolean
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
    case_sensitive bool
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.
    caseSensitive Boolean
    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    UserPoolVerificationMessageTemplate, UserPoolVerificationMessageTemplateArgs

    DefaultEmailOption string
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    EmailMessage string
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    EmailMessageByLink string
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    EmailSubject string
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    EmailSubjectByLink string
    Subject line for the email message template for sending a confirmation link to the user.
    SmsMessage string
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.
    DefaultEmailOption string
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    EmailMessage string
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    EmailMessageByLink string
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    EmailSubject string
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    EmailSubjectByLink string
    Subject line for the email message template for sending a confirmation link to the user.
    SmsMessage string
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.
    defaultEmailOption String
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    emailMessage String
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    emailMessageByLink String
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    emailSubject String
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    emailSubjectByLink String
    Subject line for the email message template for sending a confirmation link to the user.
    smsMessage String
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.
    defaultEmailOption string
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    emailMessage string
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    emailMessageByLink string
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    emailSubject string
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    emailSubjectByLink string
    Subject line for the email message template for sending a confirmation link to the user.
    smsMessage string
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.
    default_email_option str
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    email_message str
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    email_message_by_link str
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    email_subject str
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    email_subject_by_link str
    Subject line for the email message template for sending a confirmation link to the user.
    sms_message str
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.
    defaultEmailOption String
    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.
    emailMessage String
    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.
    emailMessageByLink String
    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.
    emailSubject String
    Subject line for the email message template. Conflicts with email_verification_subject argument.
    emailSubjectByLink String
    Subject line for the email message template for sending a confirmation link to the user.
    smsMessage String
    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    Import

    Using pulumi import, import Cognito User Pools using the id. For example:

    $ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.45.0 published on Tuesday, Jul 16, 2024 by Pulumi