Package software.amazon.awscdk.services.cognito

Class CfnUserPoolRiskConfigurationAttachment

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.cognito.CfnUserPoolRiskConfigurationAttachment

All Implemented Interfaces:

IEnvironmentAware, IInspectable, IUserPoolRiskConfigurationAttachmentRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)",
           date="2025-11-10T13:40:01.221Z")
@Stability(Stable)
public class CfnUserPoolRiskConfigurationAttachment
extends CfnResource
implements IInspectable, IUserPoolRiskConfigurationAttachmentRef

The AWS::Cognito::UserPoolRiskConfigurationAttachment resource sets the risk configuration that is used for Amazon Cognito advanced security features.

You can specify risk configuration for a single client (with a specific clientId ) or for all clients (by setting the clientId to ALL ). If you specify ALL , the default configuration is used for every client that has had no risk configuration set previously. If you specify risk configuration for a particular client, it no longer falls back to the ALL configuration.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.cognito.*;
 CfnUserPoolRiskConfigurationAttachment cfnUserPoolRiskConfigurationAttachment = CfnUserPoolRiskConfigurationAttachment.Builder.create(this, "MyCfnUserPoolRiskConfigurationAttachment")
         .clientId("clientId")
         .userPoolId("userPoolId")
         // the properties below are optional
         .accountTakeoverRiskConfiguration(AccountTakeoverRiskConfigurationTypeProperty.builder()
                 .actions(AccountTakeoverActionsTypeProperty.builder()
                         .highAction(AccountTakeoverActionTypeProperty.builder()
                                 .eventAction("eventAction")
                                 .notify(false)
                                 .build())
                         .lowAction(AccountTakeoverActionTypeProperty.builder()
                                 .eventAction("eventAction")
                                 .notify(false)
                                 .build())
                         .mediumAction(AccountTakeoverActionTypeProperty.builder()
                                 .eventAction("eventAction")
                                 .notify(false)
                                 .build())
                         .build())
                 // the properties below are optional
                 .notifyConfiguration(NotifyConfigurationTypeProperty.builder()
                         .sourceArn("sourceArn")
                         // the properties below are optional
                         .blockEmail(NotifyEmailTypeProperty.builder()
                                 .subject("subject")
                                 // the properties below are optional
                                 .htmlBody("htmlBody")
                                 .textBody("textBody")
                                 .build())
                         .from("from")
                         .mfaEmail(NotifyEmailTypeProperty.builder()
                                 .subject("subject")
                                 // the properties below are optional
                                 .htmlBody("htmlBody")
                                 .textBody("textBody")
                                 .build())
                         .noActionEmail(NotifyEmailTypeProperty.builder()
                                 .subject("subject")
                                 // the properties below are optional
                                 .htmlBody("htmlBody")
                                 .textBody("textBody")
                                 .build())
                         .replyTo("replyTo")
                         .build())
                 .build())
         .compromisedCredentialsRiskConfiguration(CompromisedCredentialsRiskConfigurationTypeProperty.builder()
                 .actions(CompromisedCredentialsActionsTypeProperty.builder()
                         .eventAction("eventAction")
                         .build())
                 // the properties below are optional
                 .eventFilter(List.of("eventFilter"))
                 .build())
         .riskExceptionConfiguration(RiskExceptionConfigurationTypeProperty.builder()
                 .blockedIpRangeList(List.of("blockedIpRangeList"))
                 .skippedIpRangeList(List.of("skippedIpRangeList"))
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	CfnUserPoolRiskConfigurationAttachment.AccountTakeoverActionsTypeProperty	A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features.
static interface	CfnUserPoolRiskConfigurationAttachment.AccountTakeoverActionTypeProperty	The automated response to a risk level for adaptive authentication in full-function, or ENFORCED , mode.
static interface	CfnUserPoolRiskConfigurationAttachment.AccountTakeoverRiskConfigurationTypeProperty	The settings for automated responses and notification templates for adaptive authentication with advanced security features.
static final class	CfnUserPoolRiskConfigurationAttachment.Builder	A fluent builder for CfnUserPoolRiskConfigurationAttachment.
static interface	CfnUserPoolRiskConfigurationAttachment.CompromisedCredentialsActionsTypeProperty	Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function ENFORCED mode.
static interface	CfnUserPoolRiskConfigurationAttachment.CompromisedCredentialsRiskConfigurationTypeProperty	Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function ENFORCED mode.
static interface	CfnUserPoolRiskConfigurationAttachment.NotifyConfigurationTypeProperty	The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a Notify action.
static interface	CfnUserPoolRiskConfigurationAttachment.NotifyEmailTypeProperty	The template for email messages that advanced security features sends to a user when your threat protection automated response has a Notify action.
static interface	CfnUserPoolRiskConfigurationAttachment.RiskExceptionConfigurationTypeProperty	Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.cognito.IUserPoolRiskConfigurationAttachmentRef

IUserPoolRiskConfigurationAttachmentRef.Jsii$Default, IUserPoolRiskConfigurationAttachmentRef.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CfnUserPoolRiskConfigurationAttachment(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnUserPoolRiskConfigurationAttachment(software.amazon.jsii.JsiiObjectRef objRef)
	CfnUserPoolRiskConfigurationAttachment(software.constructs.Construct scope, String id, CfnUserPoolRiskConfigurationAttachmentProps props)

Method Summary

Modifier and Type	Method	Description
Object	getAccountTakeoverRiskConfiguration()	The settings for automated responses and notification templates for adaptive authentication with threat protection.
protected Map<String,Object>	getCfnProperties()
String	getClientId()	The app client where this configuration is applied.
Object	getCompromisedCredentialsRiskConfiguration()	Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.
Object	getRiskExceptionConfiguration()	Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.
String	getUserPoolId()	The ID of the user pool that has the risk configuration applied.
UserPoolRiskConfigurationAttachmentReference	getUserPoolRiskConfigurationAttachmentRef()	A reference to a UserPoolRiskConfigurationAttachment resource.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setAccountTakeoverRiskConfiguration(IResolvable value)	The settings for automated responses and notification templates for adaptive authentication with threat protection.
void	setAccountTakeoverRiskConfiguration(CfnUserPoolRiskConfigurationAttachment.AccountTakeoverRiskConfigurationTypeProperty value)	The settings for automated responses and notification templates for adaptive authentication with threat protection.
void	setClientId(String value)	The app client where this configuration is applied.
void	setCompromisedCredentialsRiskConfiguration(IResolvable value)	Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.
void	setCompromisedCredentialsRiskConfiguration(CfnUserPoolRiskConfigurationAttachment.CompromisedCredentialsRiskConfigurationTypeProperty value)	Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.
void	setRiskExceptionConfiguration(IResolvable value)	Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.
void	setRiskExceptionConfiguration(CfnUserPoolRiskConfigurationAttachment.RiskExceptionConfigurationTypeProperty value)	Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.
void	setUserPoolId(String value)	The ID of the user pool that has the risk configuration applied.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getEnv, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.IEnvironmentAware

getEnv

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnUserPoolRiskConfigurationAttachment

protected CfnUserPoolRiskConfigurationAttachment(software.amazon.jsii.JsiiObjectRef objRef)

CfnUserPoolRiskConfigurationAttachment

protected CfnUserPoolRiskConfigurationAttachment(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnUserPoolRiskConfigurationAttachment

@Stability(Stable)
public CfnUserPoolRiskConfigurationAttachment(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnUserPoolRiskConfigurationAttachmentProps props)

Parameters:

scope - Scope in which this resource is defined. This parameter is required.

id - Construct identifier for this resource (unique in its scope). This parameter is required.

props - Resource properties. This parameter is required.

Method Details

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getUserPoolRiskConfigurationAttachmentRef

@Stability(Stable)
@NotNull
public UserPoolRiskConfigurationAttachmentReference getUserPoolRiskConfigurationAttachmentRef()

A reference to a UserPoolRiskConfigurationAttachment resource.

Specified by:

getUserPoolRiskConfigurationAttachmentRef in interface IUserPoolRiskConfigurationAttachmentRef

getClientId

@Stability(Stable)
@NotNull
public String getClientId()

The app client where this configuration is applied.

setClientId

@Stability(Stable)
public void setClientId(@NotNull
 String value)

The app client where this configuration is applied.

getUserPoolId

@Stability(Stable)
@NotNull
public String getUserPoolId()

The ID of the user pool that has the risk configuration applied.

setUserPoolId

@Stability(Stable)
public void setUserPoolId(@NotNull
 String value)

The ID of the user pool that has the risk configuration applied.

getAccountTakeoverRiskConfiguration

@Stability(Stable)
@Nullable
public Object getAccountTakeoverRiskConfiguration()

The settings for automated responses and notification templates for adaptive authentication with threat protection.

Returns union: either IResolvable or CfnUserPoolRiskConfigurationAttachment.AccountTakeoverRiskConfigurationTypeProperty

setAccountTakeoverRiskConfiguration

@Stability(Stable)
public void setAccountTakeoverRiskConfiguration(@Nullable
 IResolvable value)

The settings for automated responses and notification templates for adaptive authentication with threat protection.

setAccountTakeoverRiskConfiguration

@Stability(Stable)
public void setAccountTakeoverRiskConfiguration(@Nullable
 CfnUserPoolRiskConfigurationAttachment.AccountTakeoverRiskConfigurationTypeProperty value)

The settings for automated responses and notification templates for adaptive authentication with threat protection.

getCompromisedCredentialsRiskConfiguration

@Stability(Stable)
@Nullable
public Object getCompromisedCredentialsRiskConfiguration()

Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.

Returns union: either IResolvable or CfnUserPoolRiskConfigurationAttachment.CompromisedCredentialsRiskConfigurationTypeProperty

setCompromisedCredentialsRiskConfiguration

@Stability(Stable)
public void setCompromisedCredentialsRiskConfiguration(@Nullable
 IResolvable value)

Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.

setCompromisedCredentialsRiskConfiguration

@Stability(Stable)
public void setCompromisedCredentialsRiskConfiguration(@Nullable
 CfnUserPoolRiskConfigurationAttachment.CompromisedCredentialsRiskConfigurationTypeProperty value)

Settings for compromised-credentials actions and authentication types with threat protection in full-function ENFORCED mode.

getRiskExceptionConfiguration

@Stability(Stable)
@Nullable
public Object getRiskExceptionConfiguration()

Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.

Returns union: either IResolvable or CfnUserPoolRiskConfigurationAttachment.RiskExceptionConfigurationTypeProperty

setRiskExceptionConfiguration

@Stability(Stable)
public void setRiskExceptionConfiguration(@Nullable
 IResolvable value)

Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.

setRiskExceptionConfiguration

@Stability(Stable)
public void setRiskExceptionConfiguration(@Nullable
 CfnUserPoolRiskConfigurationAttachment.RiskExceptionConfigurationTypeProperty value)

Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges.