1. Packages
  2. AWS Classic
  3. API Docs
  4. cognito
  5. UserPool

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi

aws.cognito.UserPool

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi

    Provides a Cognito User Pool resource.

    Example Usage

    Basic configuration

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var pool = new Aws.Cognito.UserPool("pool");
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "pool", nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pool = new UserPool("pool");
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    pool = aws.cognito.UserPool("pool")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const pool = new aws.cognito.UserPool("pool", {});
    
    resources:
      pool:
        type: aws:cognito:UserPool
    

    Enabling SMS and Software Token Multi-Factor Authentication

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        // ... other configuration ...
        var example = new Aws.Cognito.UserPool("example", new()
        {
            MfaConfiguration = "ON",
            SmsAuthenticationMessage = "Your code is {####}",
            SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
            {
                ExternalId = "example",
                SnsCallerArn = aws_iam_role.Example.Arn,
                SnsRegion = "us-east-1",
            },
            SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
            {
                Enabled = true,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
    			MfaConfiguration:         pulumi.String("ON"),
    			SmsAuthenticationMessage: pulumi.String("Your code is {####}"),
    			SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
    				ExternalId:   pulumi.String("example"),
    				SnsCallerArn: pulumi.Any(aws_iam_role.Example.Arn),
    				SnsRegion:    pulumi.String("us-east-1"),
    			},
    			SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
    				Enabled: pulumi.Bool(true),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new UserPool("example", UserPoolArgs.builder()        
                .mfaConfiguration("ON")
                .smsAuthenticationMessage("Your code is {####}")
                .smsConfiguration(UserPoolSmsConfigurationArgs.builder()
                    .externalId("example")
                    .snsCallerArn(aws_iam_role.example().arn())
                    .snsRegion("us-east-1")
                    .build())
                .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
                    .enabled(true)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    # ... other configuration ...
    example = aws.cognito.UserPool("example",
        mfa_configuration="ON",
        sms_authentication_message="Your code is {####}",
        sms_configuration=aws.cognito.UserPoolSmsConfigurationArgs(
            external_id="example",
            sns_caller_arn=aws_iam_role["example"]["arn"],
            sns_region="us-east-1",
        ),
        software_token_mfa_configuration=aws.cognito.UserPoolSoftwareTokenMfaConfigurationArgs(
            enabled=True,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    // ... other configuration ...
    const example = new aws.cognito.UserPool("example", {
        mfaConfiguration: "ON",
        smsAuthenticationMessage: "Your code is {####}",
        smsConfiguration: {
            externalId: "example",
            snsCallerArn: aws_iam_role.example.arn,
            snsRegion: "us-east-1",
        },
        softwareTokenMfaConfiguration: {
            enabled: true,
        },
    });
    
    resources:
      example:
        type: aws:cognito:UserPool
        properties:
          mfaConfiguration: ON
          smsAuthenticationMessage: Your code is {####}
          smsConfiguration:
            externalId: example
            snsCallerArn: ${aws_iam_role.example.arn}
            snsRegion: us-east-1
          softwareTokenMfaConfiguration:
            enabled: true
    

    Using Account Recovery Setting

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var test = new Aws.Cognito.UserPool("test", new()
        {
            AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
            {
                RecoveryMechanisms = new[]
                {
                    new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                    {
                        Name = "verified_email",
                        Priority = 1,
                    },
                    new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
                    {
                        Name = "verified_phone_number",
                        Priority = 2,
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
    			AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
    				RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
    					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
    						Name:     pulumi.String("verified_email"),
    						Priority: pulumi.Int(1),
    					},
    					&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
    						Name:     pulumi.String("verified_phone_number"),
    						Priority: pulumi.Int(2),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolArgs;
    import com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var test = new UserPool("test", UserPoolArgs.builder()        
                .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
                    .recoveryMechanisms(                
                        UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                            .name("verified_email")
                            .priority(1)
                            .build(),
                        UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
                            .name("verified_phone_number")
                            .priority(2)
                            .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    test = aws.cognito.UserPool("test", account_recovery_setting=aws.cognito.UserPoolAccountRecoverySettingArgs(
        recovery_mechanisms=[
            aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(
                name="verified_email",
                priority=1,
            ),
            aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(
                name="verified_phone_number",
                priority=2,
            ),
        ],
    ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const test = new aws.cognito.UserPool("test", {accountRecoverySetting: {
        recoveryMechanisms: [
            {
                name: "verified_email",
                priority: 1,
            },
            {
                name: "verified_phone_number",
                priority: 2,
            },
        ],
    }});
    
    resources:
      test:
        type: aws:cognito:UserPool
        properties:
          accountRecoverySetting:
            recoveryMechanisms:
              - name: verified_email
                priority: 1
              - name: verified_phone_number
                priority: 2
    

    Create UserPool Resource

    new UserPool(name: string, args?: UserPoolArgs, opts?: CustomResourceOptions);
    @overload
    def UserPool(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
                 admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
                 alias_attributes: Optional[Sequence[str]] = None,
                 auto_verified_attributes: Optional[Sequence[str]] = None,
                 deletion_protection: Optional[str] = None,
                 device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
                 email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
                 email_verification_message: Optional[str] = None,
                 email_verification_subject: Optional[str] = None,
                 lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
                 mfa_configuration: Optional[str] = None,
                 name: Optional[str] = None,
                 password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
                 schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
                 sms_authentication_message: Optional[str] = None,
                 sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
                 sms_verification_message: Optional[str] = None,
                 software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
                 user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
                 username_attributes: Optional[Sequence[str]] = None,
                 username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
                 verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None)
    @overload
    def UserPool(resource_name: str,
                 args: Optional[UserPoolArgs] = None,
                 opts: Optional[ResourceOptions] = None)
    func NewUserPool(ctx *Context, name string, args *UserPoolArgs, opts ...ResourceOption) (*UserPool, error)
    public UserPool(string name, UserPoolArgs? args = null, CustomResourceOptions? opts = null)
    public UserPool(String name, UserPoolArgs args)
    public UserPool(String name, UserPoolArgs args, CustomResourceOptions options)
    
    type: aws:cognito:UserPool
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserPoolArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    UserPool Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The UserPool resource accepts the following input properties:

    AccountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    AdminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    AliasAttributes List<string>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    AutoVerifiedAttributes List<string>

    Attributes to be auto-verified. Valid values: email, phone_number.

    DeletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    DeviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    EmailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    EmailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    EmailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    LambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    MfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    Schemas List<UserPoolSchema>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    SmsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    SmsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    SmsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    Tags Dictionary<string, string>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    UserPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    UsernameAttributes List<string>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    UsernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    VerificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    AccountRecoverySetting UserPoolAccountRecoverySettingArgs

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs

    Configuration block for creating a new user profile. Detailed below.

    AliasAttributes []string

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    AutoVerifiedAttributes []string

    Attributes to be auto-verified. Valid values: email, phone_number.

    DeletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    DeviceConfiguration UserPoolDeviceConfigurationArgs

    Configuration block for the user pool's device tracking. Detailed below.

    EmailConfiguration UserPoolEmailConfigurationArgs

    Configuration block for configuring email. Detailed below.

    EmailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    EmailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    LambdaConfig UserPoolLambdaConfigArgs

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    MfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicyArgs

    Configuration block for information about the user pool password policy. Detailed below.

    Schemas []UserPoolSchemaArgs

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    SmsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    SmsConfiguration UserPoolSmsConfigurationArgs

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    SmsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    Tags map[string]string

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs

    Configuration block for user attribute update settings. Detailed below.

    UserPoolAddOns UserPoolUserPoolAddOnsArgs

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    UsernameAttributes []string

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    UsernameConfiguration UserPoolUsernameConfigurationArgs

    Configuration block for username configuration. Detailed below.

    VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes List<String>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    autoVerifiedAttributes List<String>

    Attributes to be auto-verified. Valid values: email, phone_number.

    deletionProtection String

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    emailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage String

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject String

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    lambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    mfaConfiguration String

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    schemas List<UserPoolSchema>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage String

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage String

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Map<String,String>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes List<String>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes string[]

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    autoVerifiedAttributes string[]

    Attributes to be auto-verified. Valid values: email, phone_number.

    deletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    emailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    lambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    mfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name string

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    schemas UserPoolSchema[]

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags {[key: string]: string}

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes string[]

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    account_recovery_setting UserPoolAccountRecoverySettingArgs

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    admin_create_user_config UserPoolAdminCreateUserConfigArgs

    Configuration block for creating a new user profile. Detailed below.

    alias_attributes Sequence[str]

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    auto_verified_attributes Sequence[str]

    Attributes to be auto-verified. Valid values: email, phone_number.

    deletion_protection str

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    device_configuration UserPoolDeviceConfigurationArgs

    Configuration block for the user pool's device tracking. Detailed below.

    email_configuration UserPoolEmailConfigurationArgs

    Configuration block for configuring email. Detailed below.

    email_verification_message str

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    email_verification_subject str

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    lambda_config UserPoolLambdaConfigArgs

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    mfa_configuration str

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name str

    Name of the user pool.

    The following arguments are optional:

    password_policy UserPoolPasswordPolicyArgs

    Configuration block for information about the user pool password policy. Detailed below.

    schemas Sequence[UserPoolSchemaArgs]

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    sms_authentication_message str

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    sms_configuration UserPoolSmsConfigurationArgs

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    sms_verification_message str

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Mapping[str, str]

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs

    Configuration block for user attribute update settings. Detailed below.

    user_pool_add_ons UserPoolUserPoolAddOnsArgs

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    username_attributes Sequence[str]

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    username_configuration UserPoolUsernameConfigurationArgs

    Configuration block for username configuration. Detailed below.

    verification_message_template UserPoolVerificationMessageTemplateArgs

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting Property Map

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig Property Map

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes List<String>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    autoVerifiedAttributes List<String>

    Attributes to be auto-verified. Valid values: email, phone_number.

    deletionProtection String

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration Property Map

    Configuration block for the user pool's device tracking. Detailed below.

    emailConfiguration Property Map

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage String

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject String

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    lambdaConfig Property Map

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    mfaConfiguration String

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy Property Map

    Configuration block for information about the user pool password policy. Detailed below.

    schemas List<Property Map>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage String

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration Property Map

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage String

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration Property Map

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Map<String>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    userAttributeUpdateSettings Property Map

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns Property Map

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes List<String>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration Property Map

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate Property Map

    Configuration block for verification message templates. Detailed below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the UserPool resource produces the following output properties:

    Arn string

    ARN of the user pool.

    CreationDate string

    Date the user pool was created.

    CustomDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    Domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    Endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    EstimatedNumberOfUsers int

    A number estimating the size of the user pool.

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedDate string

    Date the user pool was last modified.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Arn string

    ARN of the user pool.

    CreationDate string

    Date the user pool was created.

    CustomDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    Domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    Endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    EstimatedNumberOfUsers int

    A number estimating the size of the user pool.

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedDate string

    Date the user pool was last modified.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    ARN of the user pool.

    creationDate String

    Date the user pool was created.

    customDomain String

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    domain String

    Holds the domain prefix if the user pool has a domain associated with it.

    endpoint String

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers Integer

    A number estimating the size of the user pool.

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedDate String

    Date the user pool was last modified.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn string

    ARN of the user pool.

    creationDate string

    Date the user pool was created.

    customDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers number

    A number estimating the size of the user pool.

    id string

    The provider-assigned unique ID for this managed resource.

    lastModifiedDate string

    Date the user pool was last modified.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn str

    ARN of the user pool.

    creation_date str

    Date the user pool was created.

    custom_domain str

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    domain str

    Holds the domain prefix if the user pool has a domain associated with it.

    endpoint str

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimated_number_of_users int

    A number estimating the size of the user pool.

    id str

    The provider-assigned unique ID for this managed resource.

    last_modified_date str

    Date the user pool was last modified.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    arn String

    ARN of the user pool.

    creationDate String

    Date the user pool was created.

    customDomain String

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    domain String

    Holds the domain prefix if the user pool has a domain associated with it.

    endpoint String

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers Number

    A number estimating the size of the user pool.

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedDate String

    Date the user pool was last modified.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    Look up Existing UserPool Resource

    Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserPoolState, opts?: CustomResourceOptions): UserPool
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            account_recovery_setting: Optional[UserPoolAccountRecoverySettingArgs] = None,
            admin_create_user_config: Optional[UserPoolAdminCreateUserConfigArgs] = None,
            alias_attributes: Optional[Sequence[str]] = None,
            arn: Optional[str] = None,
            auto_verified_attributes: Optional[Sequence[str]] = None,
            creation_date: Optional[str] = None,
            custom_domain: Optional[str] = None,
            deletion_protection: Optional[str] = None,
            device_configuration: Optional[UserPoolDeviceConfigurationArgs] = None,
            domain: Optional[str] = None,
            email_configuration: Optional[UserPoolEmailConfigurationArgs] = None,
            email_verification_message: Optional[str] = None,
            email_verification_subject: Optional[str] = None,
            endpoint: Optional[str] = None,
            estimated_number_of_users: Optional[int] = None,
            lambda_config: Optional[UserPoolLambdaConfigArgs] = None,
            last_modified_date: Optional[str] = None,
            mfa_configuration: Optional[str] = None,
            name: Optional[str] = None,
            password_policy: Optional[UserPoolPasswordPolicyArgs] = None,
            schemas: Optional[Sequence[UserPoolSchemaArgs]] = None,
            sms_authentication_message: Optional[str] = None,
            sms_configuration: Optional[UserPoolSmsConfigurationArgs] = None,
            sms_verification_message: Optional[str] = None,
            software_token_mfa_configuration: Optional[UserPoolSoftwareTokenMfaConfigurationArgs] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            user_attribute_update_settings: Optional[UserPoolUserAttributeUpdateSettingsArgs] = None,
            user_pool_add_ons: Optional[UserPoolUserPoolAddOnsArgs] = None,
            username_attributes: Optional[Sequence[str]] = None,
            username_configuration: Optional[UserPoolUsernameConfigurationArgs] = None,
            verification_message_template: Optional[UserPoolVerificationMessageTemplateArgs] = None) -> UserPool
    func GetUserPool(ctx *Context, name string, id IDInput, state *UserPoolState, opts ...ResourceOption) (*UserPool, error)
    public static UserPool Get(string name, Input<string> id, UserPoolState? state, CustomResourceOptions? opts = null)
    public static UserPool get(String name, Output<String> id, UserPoolState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    AdminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    AliasAttributes List<string>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    Arn string

    ARN of the user pool.

    AutoVerifiedAttributes List<string>

    Attributes to be auto-verified. Valid values: email, phone_number.

    CreationDate string

    Date the user pool was created.

    CustomDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    DeletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    DeviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    Domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    EmailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    EmailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    EmailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    Endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    EstimatedNumberOfUsers int

    A number estimating the size of the user pool.

    LambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    LastModifiedDate string

    Date the user pool was last modified.

    MfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    Schemas List<UserPoolSchema>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    SmsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    SmsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    SmsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    Tags Dictionary<string, string>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    UserPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    UsernameAttributes List<string>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    UsernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    VerificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    AccountRecoverySetting UserPoolAccountRecoverySettingArgs

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    AdminCreateUserConfig UserPoolAdminCreateUserConfigArgs

    Configuration block for creating a new user profile. Detailed below.

    AliasAttributes []string

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    Arn string

    ARN of the user pool.

    AutoVerifiedAttributes []string

    Attributes to be auto-verified. Valid values: email, phone_number.

    CreationDate string

    Date the user pool was created.

    CustomDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    DeletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    DeviceConfiguration UserPoolDeviceConfigurationArgs

    Configuration block for the user pool's device tracking. Detailed below.

    Domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    EmailConfiguration UserPoolEmailConfigurationArgs

    Configuration block for configuring email. Detailed below.

    EmailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    EmailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    Endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    EstimatedNumberOfUsers int

    A number estimating the size of the user pool.

    LambdaConfig UserPoolLambdaConfigArgs

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    LastModifiedDate string

    Date the user pool was last modified.

    MfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    Name string

    Name of the user pool.

    The following arguments are optional:

    PasswordPolicy UserPoolPasswordPolicyArgs

    Configuration block for information about the user pool password policy. Detailed below.

    Schemas []UserPoolSchemaArgs

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    SmsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    SmsConfiguration UserPoolSmsConfigurationArgs

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    SmsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    SoftwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfigurationArgs

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    Tags map[string]string

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsArgs

    Configuration block for user attribute update settings. Detailed below.

    UserPoolAddOns UserPoolUserPoolAddOnsArgs

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    UsernameAttributes []string

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    UsernameConfiguration UserPoolUsernameConfigurationArgs

    Configuration block for username configuration. Detailed below.

    VerificationMessageTemplate UserPoolVerificationMessageTemplateArgs

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes List<String>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    arn String

    ARN of the user pool.

    autoVerifiedAttributes List<String>

    Attributes to be auto-verified. Valid values: email, phone_number.

    creationDate String

    Date the user pool was created.

    customDomain String

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    deletionProtection String

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    domain String

    Holds the domain prefix if the user pool has a domain associated with it.

    emailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage String

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject String

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    endpoint String

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers Integer

    A number estimating the size of the user pool.

    lambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    lastModifiedDate String

    Date the user pool was last modified.

    mfaConfiguration String

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    schemas List<UserPoolSchema>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage String

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage String

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Map<String,String>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes List<String>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting UserPoolAccountRecoverySetting

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig UserPoolAdminCreateUserConfig

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes string[]

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    arn string

    ARN of the user pool.

    autoVerifiedAttributes string[]

    Attributes to be auto-verified. Valid values: email, phone_number.

    creationDate string

    Date the user pool was created.

    customDomain string

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    deletionProtection string

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration UserPoolDeviceConfiguration

    Configuration block for the user pool's device tracking. Detailed below.

    domain string

    Holds the domain prefix if the user pool has a domain associated with it.

    emailConfiguration UserPoolEmailConfiguration

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage string

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject string

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    endpoint string

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers number

    A number estimating the size of the user pool.

    lambdaConfig UserPoolLambdaConfig

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    lastModifiedDate string

    Date the user pool was last modified.

    mfaConfiguration string

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name string

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy UserPoolPasswordPolicy

    Configuration block for information about the user pool password policy. Detailed below.

    schemas UserPoolSchema[]

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage string

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration UserPoolSmsConfiguration

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage string

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration UserPoolSoftwareTokenMfaConfiguration

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags {[key: string]: string}

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    userAttributeUpdateSettings UserPoolUserAttributeUpdateSettings

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns UserPoolUserPoolAddOns

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes string[]

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration UserPoolUsernameConfiguration

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate UserPoolVerificationMessageTemplate

    Configuration block for verification message templates. Detailed below.

    account_recovery_setting UserPoolAccountRecoverySettingArgs

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    admin_create_user_config UserPoolAdminCreateUserConfigArgs

    Configuration block for creating a new user profile. Detailed below.

    alias_attributes Sequence[str]

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    arn str

    ARN of the user pool.

    auto_verified_attributes Sequence[str]

    Attributes to be auto-verified. Valid values: email, phone_number.

    creation_date str

    Date the user pool was created.

    custom_domain str

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    deletion_protection str

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    device_configuration UserPoolDeviceConfigurationArgs

    Configuration block for the user pool's device tracking. Detailed below.

    domain str

    Holds the domain prefix if the user pool has a domain associated with it.

    email_configuration UserPoolEmailConfigurationArgs

    Configuration block for configuring email. Detailed below.

    email_verification_message str

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    email_verification_subject str

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    endpoint str

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimated_number_of_users int

    A number estimating the size of the user pool.

    lambda_config UserPoolLambdaConfigArgs

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    last_modified_date str

    Date the user pool was last modified.

    mfa_configuration str

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name str

    Name of the user pool.

    The following arguments are optional:

    password_policy UserPoolPasswordPolicyArgs

    Configuration block for information about the user pool password policy. Detailed below.

    schemas Sequence[UserPoolSchemaArgs]

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    sms_authentication_message str

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    sms_configuration UserPoolSmsConfigurationArgs

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    sms_verification_message str

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    software_token_mfa_configuration UserPoolSoftwareTokenMfaConfigurationArgs

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Mapping[str, str]

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    user_attribute_update_settings UserPoolUserAttributeUpdateSettingsArgs

    Configuration block for user attribute update settings. Detailed below.

    user_pool_add_ons UserPoolUserPoolAddOnsArgs

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    username_attributes Sequence[str]

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    username_configuration UserPoolUsernameConfigurationArgs

    Configuration block for username configuration. Detailed below.

    verification_message_template UserPoolVerificationMessageTemplateArgs

    Configuration block for verification message templates. Detailed below.

    accountRecoverySetting Property Map

    Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.

    adminCreateUserConfig Property Map

    Configuration block for creating a new user profile. Detailed below.

    aliasAttributes List<String>

    Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.

    arn String

    ARN of the user pool.

    autoVerifiedAttributes List<String>

    Attributes to be auto-verified. Valid values: email, phone_number.

    creationDate String

    Date the user pool was created.

    customDomain String

    A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: auth.example.com.

    deletionProtection String

    When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.

    deviceConfiguration Property Map

    Configuration block for the user pool's device tracking. Detailed below.

    domain String

    Holds the domain prefix if the user pool has a domain associated with it.

    emailConfiguration Property Map

    Configuration block for configuring email. Detailed below.

    emailVerificationMessage String

    String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.

    emailVerificationSubject String

    String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.

    endpoint String

    Endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

    estimatedNumberOfUsers Number

    A number estimating the size of the user pool.

    lambdaConfig Property Map

    Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.

    lastModifiedDate String

    Date the user pool was last modified.

    mfaConfiguration String

    Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).

    name String

    Name of the user pool.

    The following arguments are optional:

    passwordPolicy Property Map

    Configuration block for information about the user pool password policy. Detailed below.

    schemas List<Property Map>

    Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.

    smsAuthenticationMessage String

    String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.

    smsConfiguration Property Map

    Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.

    smsVerificationMessage String

    String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.

    softwareTokenMfaConfiguration Property Map

    Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

    tags Map<String>

    Map of tags to assign to the User Pool. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    userAttributeUpdateSettings Property Map

    Configuration block for user attribute update settings. Detailed below.

    userPoolAddOns Property Map

    Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.

    usernameAttributes List<String>

    Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

    usernameConfiguration Property Map

    Configuration block for username configuration. Detailed below.

    verificationMessageTemplate Property Map

    Configuration block for verification message templates. Detailed below.

    Supporting Types

    UserPoolAccountRecoverySetting, UserPoolAccountRecoverySettingArgs

    RecoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>

    List of Account Recovery Options of the following structure:

    RecoveryMechanisms []UserPoolAccountRecoverySettingRecoveryMechanism

    List of Account Recovery Options of the following structure:

    recoveryMechanisms List<UserPoolAccountRecoverySettingRecoveryMechanism>

    List of Account Recovery Options of the following structure:

    recoveryMechanisms UserPoolAccountRecoverySettingRecoveryMechanism[]

    List of Account Recovery Options of the following structure:

    recovery_mechanisms Sequence[UserPoolAccountRecoverySettingRecoveryMechanism]

    List of Account Recovery Options of the following structure:

    recoveryMechanisms List<Property Map>

    List of Account Recovery Options of the following structure:

    UserPoolAccountRecoverySettingRecoveryMechanism, UserPoolAccountRecoverySettingRecoveryMechanismArgs

    Name string

    Name of the user pool.

    The following arguments are optional:

    Priority int

    Positive integer specifying priority of a method with 1 being the highest priority.

    Name string

    Name of the user pool.

    The following arguments are optional:

    Priority int

    Positive integer specifying priority of a method with 1 being the highest priority.

    name String

    Name of the user pool.

    The following arguments are optional:

    priority Integer

    Positive integer specifying priority of a method with 1 being the highest priority.

    name string

    Name of the user pool.

    The following arguments are optional:

    priority number

    Positive integer specifying priority of a method with 1 being the highest priority.

    name str

    Name of the user pool.

    The following arguments are optional:

    priority int

    Positive integer specifying priority of a method with 1 being the highest priority.

    name String

    Name of the user pool.

    The following arguments are optional:

    priority Number

    Positive integer specifying priority of a method with 1 being the highest priority.

    UserPoolAdminCreateUserConfig, UserPoolAdminCreateUserConfigArgs

    AllowAdminCreateUserOnly bool

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate

    Invite message template structure. Detailed below.

    AllowAdminCreateUserOnly bool

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    InviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate

    Invite message template structure. Detailed below.

    allowAdminCreateUserOnly Boolean

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate

    Invite message template structure. Detailed below.

    allowAdminCreateUserOnly boolean

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    inviteMessageTemplate UserPoolAdminCreateUserConfigInviteMessageTemplate

    Invite message template structure. Detailed below.

    allow_admin_create_user_only bool

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    invite_message_template UserPoolAdminCreateUserConfigInviteMessageTemplate

    Invite message template structure. Detailed below.

    allowAdminCreateUserOnly Boolean

    Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

    inviteMessageTemplate Property Map

    Invite message template structure. Detailed below.

    UserPoolAdminCreateUserConfigInviteMessageTemplate, UserPoolAdminCreateUserConfigInviteMessageTemplateArgs

    EmailMessage string

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    EmailSubject string

    Subject line for email messages.

    SmsMessage string

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    EmailMessage string

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    EmailSubject string

    Subject line for email messages.

    SmsMessage string

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailMessage String

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailSubject String

    Subject line for email messages.

    smsMessage String

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailMessage string

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailSubject string

    Subject line for email messages.

    smsMessage string

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    email_message str

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    email_subject str

    Subject line for email messages.

    sms_message str

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailMessage String

    Message template for email messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    emailSubject String

    Subject line for email messages.

    smsMessage String

    Message template for SMS messages. Must contain {username} and {####} placeholders, for username and temporary password, respectively.

    UserPoolDeviceConfiguration, UserPoolDeviceConfigurationArgs

    ChallengeRequiredOnNewDevice bool

    Whether a challenge is required on a new device. Only applicable to a new device.

    DeviceOnlyRememberedOnUserPrompt bool

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    ChallengeRequiredOnNewDevice bool

    Whether a challenge is required on a new device. Only applicable to a new device.

    DeviceOnlyRememberedOnUserPrompt bool

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    challengeRequiredOnNewDevice Boolean

    Whether a challenge is required on a new device. Only applicable to a new device.

    deviceOnlyRememberedOnUserPrompt Boolean

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    challengeRequiredOnNewDevice boolean

    Whether a challenge is required on a new device. Only applicable to a new device.

    deviceOnlyRememberedOnUserPrompt boolean

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    challenge_required_on_new_device bool

    Whether a challenge is required on a new device. Only applicable to a new device.

    device_only_remembered_on_user_prompt bool

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    challengeRequiredOnNewDevice Boolean

    Whether a challenge is required on a new device. Only applicable to a new device.

    deviceOnlyRememberedOnUserPrompt Boolean

    Whether a device is only remembered on user prompt. false equates to "Always" remember, true is "User Opt In," and not using a device_configuration block is "No."

    UserPoolEmailConfiguration, UserPoolEmailConfigurationArgs

    ConfigurationSet string

    Email configuration set name from SES.

    EmailSendingAccount string

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    FromEmailAddress string

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    ReplyToEmailAddress string

    REPLY-TO email address.

    SourceArn string

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    ConfigurationSet string

    Email configuration set name from SES.

    EmailSendingAccount string

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    FromEmailAddress string

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    ReplyToEmailAddress string

    REPLY-TO email address.

    SourceArn string

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    configurationSet String

    Email configuration set name from SES.

    emailSendingAccount String

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    fromEmailAddress String

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    replyToEmailAddress String

    REPLY-TO email address.

    sourceArn String

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    configurationSet string

    Email configuration set name from SES.

    emailSendingAccount string

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    fromEmailAddress string

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    replyToEmailAddress string

    REPLY-TO email address.

    sourceArn string

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    configuration_set str

    Email configuration set name from SES.

    email_sending_account str

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    from_email_address str

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    reply_to_email_address str

    REPLY-TO email address.

    source_arn str

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    configurationSet String

    Email configuration set name from SES.

    emailSendingAccount String

    Email delivery method to use. COGNITO_DEFAULT for the default email functionality built into Cognito or DEVELOPER to use your Amazon SES configuration. Required to be DEVELOPER if from_email_address is set.

    fromEmailAddress String

    Sender’s email address or sender’s display name with their email address (e.g., john@example.com, John Smith <john@example.com> or \"John Smith Ph.D.\" <john@example.com>). Escaped double quotes are required around display names that contain certain characters as specified in RFC 5322.

    replyToEmailAddress String

    REPLY-TO email address.

    sourceArn String

    ARN of the SES verified email identity to use. Required if email_sending_account is set to DEVELOPER.

    UserPoolLambdaConfig, UserPoolLambdaConfigArgs

    CreateAuthChallenge string

    ARN of the lambda creating an authentication challenge.

    CustomEmailSender UserPoolLambdaConfigCustomEmailSender

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    CustomMessage string

    Custom Message AWS Lambda trigger.

    CustomSmsSender UserPoolLambdaConfigCustomSmsSender

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    DefineAuthChallenge string

    Defines the authentication challenge.

    KmsKeyId string

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    PostAuthentication string

    Post-authentication AWS Lambda trigger.

    PostConfirmation string

    Post-confirmation AWS Lambda trigger.

    PreAuthentication string

    Pre-authentication AWS Lambda trigger.

    PreSignUp string

    Pre-registration AWS Lambda trigger.

    PreTokenGeneration string

    Allow to customize identity token claims before token generation.

    UserMigration string

    User migration Lambda config type.

    VerifyAuthChallengeResponse string

    Verifies the authentication challenge response.

    CreateAuthChallenge string

    ARN of the lambda creating an authentication challenge.

    CustomEmailSender UserPoolLambdaConfigCustomEmailSender

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    CustomMessage string

    Custom Message AWS Lambda trigger.

    CustomSmsSender UserPoolLambdaConfigCustomSmsSender

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    DefineAuthChallenge string

    Defines the authentication challenge.

    KmsKeyId string

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    PostAuthentication string

    Post-authentication AWS Lambda trigger.

    PostConfirmation string

    Post-confirmation AWS Lambda trigger.

    PreAuthentication string

    Pre-authentication AWS Lambda trigger.

    PreSignUp string

    Pre-registration AWS Lambda trigger.

    PreTokenGeneration string

    Allow to customize identity token claims before token generation.

    UserMigration string

    User migration Lambda config type.

    VerifyAuthChallengeResponse string

    Verifies the authentication challenge response.

    createAuthChallenge String

    ARN of the lambda creating an authentication challenge.

    customEmailSender UserPoolLambdaConfigCustomEmailSender

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    customMessage String

    Custom Message AWS Lambda trigger.

    customSmsSender UserPoolLambdaConfigCustomSmsSender

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    defineAuthChallenge String

    Defines the authentication challenge.

    kmsKeyId String

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    postAuthentication String

    Post-authentication AWS Lambda trigger.

    postConfirmation String

    Post-confirmation AWS Lambda trigger.

    preAuthentication String

    Pre-authentication AWS Lambda trigger.

    preSignUp String

    Pre-registration AWS Lambda trigger.

    preTokenGeneration String

    Allow to customize identity token claims before token generation.

    userMigration String

    User migration Lambda config type.

    verifyAuthChallengeResponse String

    Verifies the authentication challenge response.

    createAuthChallenge string

    ARN of the lambda creating an authentication challenge.

    customEmailSender UserPoolLambdaConfigCustomEmailSender

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    customMessage string

    Custom Message AWS Lambda trigger.

    customSmsSender UserPoolLambdaConfigCustomSmsSender

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    defineAuthChallenge string

    Defines the authentication challenge.

    kmsKeyId string

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    postAuthentication string

    Post-authentication AWS Lambda trigger.

    postConfirmation string

    Post-confirmation AWS Lambda trigger.

    preAuthentication string

    Pre-authentication AWS Lambda trigger.

    preSignUp string

    Pre-registration AWS Lambda trigger.

    preTokenGeneration string

    Allow to customize identity token claims before token generation.

    userMigration string

    User migration Lambda config type.

    verifyAuthChallengeResponse string

    Verifies the authentication challenge response.

    create_auth_challenge str

    ARN of the lambda creating an authentication challenge.

    custom_email_sender UserPoolLambdaConfigCustomEmailSender

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    custom_message str

    Custom Message AWS Lambda trigger.

    custom_sms_sender UserPoolLambdaConfigCustomSmsSender

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    define_auth_challenge str

    Defines the authentication challenge.

    kms_key_id str

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    post_authentication str

    Post-authentication AWS Lambda trigger.

    post_confirmation str

    Post-confirmation AWS Lambda trigger.

    pre_authentication str

    Pre-authentication AWS Lambda trigger.

    pre_sign_up str

    Pre-registration AWS Lambda trigger.

    pre_token_generation str

    Allow to customize identity token claims before token generation.

    user_migration str

    User migration Lambda config type.

    verify_auth_challenge_response str

    Verifies the authentication challenge response.

    createAuthChallenge String

    ARN of the lambda creating an authentication challenge.

    customEmailSender Property Map

    A custom email sender AWS Lambda trigger. See custom_email_sender Below.

    customMessage String

    Custom Message AWS Lambda trigger.

    customSmsSender Property Map

    A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.

    defineAuthChallenge String

    Defines the authentication challenge.

    kmsKeyId String

    The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.

    postAuthentication String

    Post-authentication AWS Lambda trigger.

    postConfirmation String

    Post-confirmation AWS Lambda trigger.

    preAuthentication String

    Pre-authentication AWS Lambda trigger.

    preSignUp String

    Pre-registration AWS Lambda trigger.

    preTokenGeneration String

    Allow to customize identity token claims before token generation.

    userMigration String

    User migration Lambda config type.

    verifyAuthChallengeResponse String

    Verifies the authentication challenge response.

    UserPoolLambdaConfigCustomEmailSender, UserPoolLambdaConfigCustomEmailSenderArgs

    LambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    LambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    LambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    LambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    lambdaArn String

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    lambdaVersion String

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    lambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    lambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    lambda_arn str

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    lambda_version str

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    lambdaArn String

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send email notifications to users.

    lambdaVersion String

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom email Lambda function. The only supported value is V1_0.

    UserPoolLambdaConfigCustomSmsSender, UserPoolLambdaConfigCustomSmsSenderArgs

    LambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    LambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    LambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    LambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    lambdaArn String

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    lambdaVersion String

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    lambdaArn string

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    lambdaVersion string

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    lambda_arn str

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    lambda_version str

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    lambdaArn String

    The Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.

    lambdaVersion String

    The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is V1_0.

    UserPoolPasswordPolicy, UserPoolPasswordPolicyArgs

    MinimumLength int

    Minimum length of the password policy that you have set.

    RequireLowercase bool

    Whether you have required users to use at least one lowercase letter in their password.

    RequireNumbers bool

    Whether you have required users to use at least one number in their password.

    RequireSymbols bool

    Whether you have required users to use at least one symbol in their password.

    RequireUppercase bool

    Whether you have required users to use at least one uppercase letter in their password.

    TemporaryPasswordValidityDays int

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    MinimumLength int

    Minimum length of the password policy that you have set.

    RequireLowercase bool

    Whether you have required users to use at least one lowercase letter in their password.

    RequireNumbers bool

    Whether you have required users to use at least one number in their password.

    RequireSymbols bool

    Whether you have required users to use at least one symbol in their password.

    RequireUppercase bool

    Whether you have required users to use at least one uppercase letter in their password.

    TemporaryPasswordValidityDays int

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    minimumLength Integer

    Minimum length of the password policy that you have set.

    requireLowercase Boolean

    Whether you have required users to use at least one lowercase letter in their password.

    requireNumbers Boolean

    Whether you have required users to use at least one number in their password.

    requireSymbols Boolean

    Whether you have required users to use at least one symbol in their password.

    requireUppercase Boolean

    Whether you have required users to use at least one uppercase letter in their password.

    temporaryPasswordValidityDays Integer

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    minimumLength number

    Minimum length of the password policy that you have set.

    requireLowercase boolean

    Whether you have required users to use at least one lowercase letter in their password.

    requireNumbers boolean

    Whether you have required users to use at least one number in their password.

    requireSymbols boolean

    Whether you have required users to use at least one symbol in their password.

    requireUppercase boolean

    Whether you have required users to use at least one uppercase letter in their password.

    temporaryPasswordValidityDays number

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    minimum_length int

    Minimum length of the password policy that you have set.

    require_lowercase bool

    Whether you have required users to use at least one lowercase letter in their password.

    require_numbers bool

    Whether you have required users to use at least one number in their password.

    require_symbols bool

    Whether you have required users to use at least one symbol in their password.

    require_uppercase bool

    Whether you have required users to use at least one uppercase letter in their password.

    temporary_password_validity_days int

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    minimumLength Number

    Minimum length of the password policy that you have set.

    requireLowercase Boolean

    Whether you have required users to use at least one lowercase letter in their password.

    requireNumbers Boolean

    Whether you have required users to use at least one number in their password.

    requireSymbols Boolean

    Whether you have required users to use at least one symbol in their password.

    requireUppercase Boolean

    Whether you have required users to use at least one uppercase letter in their password.

    temporaryPasswordValidityDays Number

    In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

    UserPoolSchema, UserPoolSchemaArgs

    AttributeDataType string

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    Name string

    Name of the attribute.

    DeveloperOnlyAttribute bool

    Whether the attribute type is developer only.

    Mutable bool

    Whether the attribute can be changed once it has been created.

    NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    Required bool

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    StringAttributeConstraints UserPoolSchemaStringAttributeConstraints

    Constraints for an attribute of the string type. Detailed below.

    AttributeDataType string

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    Name string

    Name of the attribute.

    DeveloperOnlyAttribute bool

    Whether the attribute type is developer only.

    Mutable bool

    Whether the attribute can be changed once it has been created.

    NumberAttributeConstraints UserPoolSchemaNumberAttributeConstraints

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    Required bool

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    StringAttributeConstraints UserPoolSchemaStringAttributeConstraints

    Constraints for an attribute of the string type. Detailed below.

    attributeDataType String

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    name String

    Name of the attribute.

    developerOnlyAttribute Boolean

    Whether the attribute type is developer only.

    mutable Boolean

    Whether the attribute can be changed once it has been created.

    numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    required Boolean

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    stringAttributeConstraints UserPoolSchemaStringAttributeConstraints

    Constraints for an attribute of the string type. Detailed below.

    attributeDataType string

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    name string

    Name of the attribute.

    developerOnlyAttribute boolean

    Whether the attribute type is developer only.

    mutable boolean

    Whether the attribute can be changed once it has been created.

    numberAttributeConstraints UserPoolSchemaNumberAttributeConstraints

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    required boolean

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    stringAttributeConstraints UserPoolSchemaStringAttributeConstraints

    Constraints for an attribute of the string type. Detailed below.

    attribute_data_type str

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    name str

    Name of the attribute.

    developer_only_attribute bool

    Whether the attribute type is developer only.

    mutable bool

    Whether the attribute can be changed once it has been created.

    number_attribute_constraints UserPoolSchemaNumberAttributeConstraints

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    required bool

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    string_attribute_constraints UserPoolSchemaStringAttributeConstraints

    Constraints for an attribute of the string type. Detailed below.

    attributeDataType String

    Attribute data type. Must be one of Boolean, Number, String, DateTime.

    name String

    Name of the attribute.

    developerOnlyAttribute Boolean

    Whether the attribute type is developer only.

    mutable Boolean

    Whether the attribute can be changed once it has been created.

    numberAttributeConstraints Property Map

    Configuration block for the constraints for an attribute of the number type. Detailed below.

    required Boolean

    Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.

    stringAttributeConstraints Property Map

    Constraints for an attribute of the string type. Detailed below.

    UserPoolSchemaNumberAttributeConstraints, UserPoolSchemaNumberAttributeConstraintsArgs

    MaxValue string

    Maximum value of an attribute that is of the number data type.

    MinValue string

    Minimum value of an attribute that is of the number data type.

    MaxValue string

    Maximum value of an attribute that is of the number data type.

    MinValue string

    Minimum value of an attribute that is of the number data type.

    maxValue String

    Maximum value of an attribute that is of the number data type.

    minValue String

    Minimum value of an attribute that is of the number data type.

    maxValue string

    Maximum value of an attribute that is of the number data type.

    minValue string

    Minimum value of an attribute that is of the number data type.

    max_value str

    Maximum value of an attribute that is of the number data type.

    min_value str

    Minimum value of an attribute that is of the number data type.

    maxValue String

    Maximum value of an attribute that is of the number data type.

    minValue String

    Minimum value of an attribute that is of the number data type.

    UserPoolSchemaStringAttributeConstraints, UserPoolSchemaStringAttributeConstraintsArgs

    MaxLength string

    Maximum length of an attribute value of the string type.

    MinLength string

    Minimum length of an attribute value of the string type.

    MaxLength string

    Maximum length of an attribute value of the string type.

    MinLength string

    Minimum length of an attribute value of the string type.

    maxLength String

    Maximum length of an attribute value of the string type.

    minLength String

    Minimum length of an attribute value of the string type.

    maxLength string

    Maximum length of an attribute value of the string type.

    minLength string

    Minimum length of an attribute value of the string type.

    max_length str

    Maximum length of an attribute value of the string type.

    min_length str

    Minimum length of an attribute value of the string type.

    maxLength String

    Maximum length of an attribute value of the string type.

    minLength String

    Minimum length of an attribute value of the string type.

    UserPoolSmsConfiguration, UserPoolSmsConfigurationArgs

    ExternalId string

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    SnsCallerArn string

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    SnsRegion string

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    ExternalId string

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    SnsCallerArn string

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    SnsRegion string

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    externalId String

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    snsCallerArn String

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    snsRegion String

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    externalId string

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    snsCallerArn string

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    snsRegion string

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    external_id str

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    sns_caller_arn str

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    sns_region str

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    externalId String

    External ID used in IAM role trust relationships. For more information about using external IDs, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party.

    snsCallerArn String

    ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.

    snsRegion String

    The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region. Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools.

    UserPoolSoftwareTokenMfaConfiguration, UserPoolSoftwareTokenMfaConfigurationArgs

    Enabled bool

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    Enabled bool

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    enabled Boolean

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    enabled boolean

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    enabled bool

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    enabled Boolean

    Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When sms_configuration is not present, the mfa_configuration argument must be set to OFF and the software_token_mfa_configuration configuration block must be fully removed.

    UserPoolUserAttributeUpdateSettings, UserPoolUserAttributeUpdateSettingsArgs

    AttributesRequireVerificationBeforeUpdates List<string>

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    AttributesRequireVerificationBeforeUpdates []string

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    attributesRequireVerificationBeforeUpdates List<String>

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    attributesRequireVerificationBeforeUpdates string[]

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    attributes_require_verification_before_updates Sequence[str]

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    attributesRequireVerificationBeforeUpdates List<String>

    A list of attributes requiring verification before update. If set, the provided value(s) must also be set in auto_verified_attributes. Valid values: email, phone_number.

    UserPoolUserPoolAddOns, UserPoolUserPoolAddOnsArgs

    AdvancedSecurityMode string

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    AdvancedSecurityMode string

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    advancedSecurityMode String

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    advancedSecurityMode string

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    advanced_security_mode str

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    advancedSecurityMode String

    Mode for advanced security, must be one of OFF, AUDIT or ENFORCED.

    UserPoolUsernameConfiguration, UserPoolUsernameConfigurationArgs

    CaseSensitive bool

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    CaseSensitive bool

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    caseSensitive Boolean

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    caseSensitive boolean

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    case_sensitive bool

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    caseSensitive Boolean

    Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.

    UserPoolVerificationMessageTemplate, UserPoolVerificationMessageTemplateArgs

    DefaultEmailOption string

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    EmailMessage string

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    EmailMessageByLink string

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    EmailSubject string

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    EmailSubjectByLink string

    Subject line for the email message template for sending a confirmation link to the user.

    SmsMessage string

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    DefaultEmailOption string

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    EmailMessage string

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    EmailMessageByLink string

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    EmailSubject string

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    EmailSubjectByLink string

    Subject line for the email message template for sending a confirmation link to the user.

    SmsMessage string

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    defaultEmailOption String

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    emailMessage String

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    emailMessageByLink String

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    emailSubject String

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    emailSubjectByLink String

    Subject line for the email message template for sending a confirmation link to the user.

    smsMessage String

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    defaultEmailOption string

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    emailMessage string

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    emailMessageByLink string

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    emailSubject string

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    emailSubjectByLink string

    Subject line for the email message template for sending a confirmation link to the user.

    smsMessage string

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    default_email_option str

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    email_message str

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    email_message_by_link str

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    email_subject str

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    email_subject_by_link str

    Subject line for the email message template for sending a confirmation link to the user.

    sms_message str

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    defaultEmailOption String

    Default email option. Must be either CONFIRM_WITH_CODE or CONFIRM_WITH_LINK. Defaults to CONFIRM_WITH_CODE.

    emailMessage String

    Email message template. Must contain the {####} placeholder. Conflicts with email_verification_message argument.

    emailMessageByLink String

    Email message template for sending a confirmation link to the user, it must contain the {##Click Here##} placeholder.

    emailSubject String

    Subject line for the email message template. Conflicts with email_verification_subject argument.

    emailSubjectByLink String

    Subject line for the email message template for sending a confirmation link to the user.

    smsMessage String

    SMS message template. Must contain the {####} placeholder. Conflicts with sms_verification_message argument.

    Import

    Using pulumi import, import Cognito User Pools using the id. For example:

     $ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi