CfnUserPoolPropsMixin
- class aws_cdk.mixins_preview.aws_cognito.mixins.CfnUserPoolPropsMixin(props, *, strategy=None)
Bases:
MixinThe
AWS::Cognito::UserPoolresource creates an Amazon Cognito user pool.For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool . .. epigraph:
If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
- CloudformationResource:
AWS::Cognito::UserPool
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins # user_pool_tags: Any cfn_user_pool_props_mixin = cognito_mixins.CfnUserPoolPropsMixin(cognito_mixins.CfnUserPoolMixinProps( account_recovery_setting=cognito_mixins.CfnUserPoolPropsMixin.AccountRecoverySettingProperty( recovery_mechanisms=[cognito_mixins.CfnUserPoolPropsMixin.RecoveryOptionProperty( name="name", priority=123 )] ), admin_create_user_config=cognito_mixins.CfnUserPoolPropsMixin.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito_mixins.CfnUserPoolPropsMixin.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 ), alias_attributes=["aliasAttributes"], auto_verified_attributes=["autoVerifiedAttributes"], deletion_protection="deletionProtection", device_configuration=cognito_mixins.CfnUserPoolPropsMixin.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False ), email_authentication_message="emailAuthenticationMessage", email_authentication_subject="emailAuthenticationSubject", email_configuration=cognito_mixins.CfnUserPoolPropsMixin.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" ), email_verification_message="emailVerificationMessage", email_verification_subject="emailVerificationSubject", enabled_mfas=["enabledMfas"], lambda_config=cognito_mixins.CfnUserPoolPropsMixin.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito_mixins.CfnUserPoolPropsMixin.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito_mixins.CfnUserPoolPropsMixin.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", pre_token_generation_config=cognito_mixins.CfnUserPoolPropsMixin.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" ), mfa_configuration="mfaConfiguration", policies=cognito_mixins.CfnUserPoolPropsMixin.PoliciesProperty( password_policy=cognito_mixins.CfnUserPoolPropsMixin.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ), sign_in_policy=cognito_mixins.CfnUserPoolPropsMixin.SignInPolicyProperty( allowed_first_auth_factors=["allowedFirstAuthFactors"] ) ), schema=[cognito_mixins.CfnUserPoolPropsMixin.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito_mixins.CfnUserPoolPropsMixin.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito_mixins.CfnUserPoolPropsMixin.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )], sms_authentication_message="smsAuthenticationMessage", sms_configuration=cognito_mixins.CfnUserPoolPropsMixin.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" ), sms_verification_message="smsVerificationMessage", user_attribute_update_settings=cognito_mixins.CfnUserPoolPropsMixin.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] ), username_attributes=["usernameAttributes"], username_configuration=cognito_mixins.CfnUserPoolPropsMixin.UsernameConfigurationProperty( case_sensitive=False ), user_pool_add_ons=cognito_mixins.CfnUserPoolPropsMixin.UserPoolAddOnsProperty( advanced_security_additional_flows=cognito_mixins.CfnUserPoolPropsMixin.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" ), advanced_security_mode="advancedSecurityMode" ), user_pool_name="userPoolName", user_pool_tags=user_pool_tags, user_pool_tier="userPoolTier", verification_message_template=cognito_mixins.CfnUserPoolPropsMixin.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" ), web_authn_relying_party_id="webAuthnRelyingPartyId", web_authn_user_verification="webAuthnUserVerification" ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::Cognito::UserPool.- Parameters:
props (
Union[CfnUserPoolMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['accountRecoverySetting', 'adminCreateUserConfig', 'aliasAttributes', 'autoVerifiedAttributes', 'deletionProtection', 'deviceConfiguration', 'emailAuthenticationMessage', 'emailAuthenticationSubject', 'emailConfiguration', 'emailVerificationMessage', 'emailVerificationSubject', 'enabledMfas', 'lambdaConfig', 'mfaConfiguration', 'policies', 'schema', 'smsAuthenticationMessage', 'smsConfiguration', 'smsVerificationMessage', 'userAttributeUpdateSettings', 'usernameAttributes', 'usernameConfiguration', 'userPoolAddOns', 'userPoolName', 'userPoolTags', 'userPoolTier', 'verificationMessageTemplate', 'webAuthnRelyingPartyId', 'webAuthnUserVerification']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
AccountRecoverySettingProperty
- class CfnUserPoolPropsMixin.AccountRecoverySettingProperty(*, recovery_mechanisms=None)
Bases:
objectThe available verified method a user can use to recover their password when they call
ForgotPassword.You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
- Parameters:
recovery_mechanisms (
Union[IResolvable,Sequence[Union[IResolvable,RecoveryOptionProperty,Dict[str,Any]]],None]) – The list of options and priorities for user message delivery in forgot-password operations. Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins account_recovery_setting_property = cognito_mixins.CfnUserPoolPropsMixin.AccountRecoverySettingProperty( recovery_mechanisms=[cognito_mixins.CfnUserPoolPropsMixin.RecoveryOptionProperty( name="name", priority=123 )] )
Attributes
- recovery_mechanisms
The list of options and priorities for user message delivery in forgot-password operations.
Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators.
AdminCreateUserConfigProperty
- class CfnUserPoolPropsMixin.AdminCreateUserConfigProperty(*, allow_admin_create_user_only=None, invite_message_template=None, unused_account_validity_days=None)
Bases:
objectThe settings for administrator creation of users in a user pool.
Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.
- Parameters:
allow_admin_create_user_only (
Union[bool,IResolvable,None]) – The setting for allowing self-service sign-up. Whentrue, only administrators can create new user profiles. Whenfalse, users can register themselves and create a new user profile with theSignUpoperation.invite_message_template (
Union[IResolvable,InviteMessageTemplateProperty,Dict[str,Any],None]) – The template for the welcome message to new users. This template must include the{####}temporary password placeholder if you are creating users with passwords. If your users don’t have passwords, you can omit the placeholder. See also Customizing User Invitation Messages .unused_account_validity_days (
Union[int,float,None]) – This parameter is no longer in use. The password expiration limit in days for administrator-created users. When this time expires, the user can’t sign in with their temporary password. To reset the account after that time limit, you must callAdminCreateUseragain, specifyingRESENDfor theMessageActionparameter. The default value for this parameter is 7.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins admin_create_user_config_property = cognito_mixins.CfnUserPoolPropsMixin.AdminCreateUserConfigProperty( allow_admin_create_user_only=False, invite_message_template=cognito_mixins.CfnUserPoolPropsMixin.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" ), unused_account_validity_days=123 )
Attributes
- allow_admin_create_user_only
The setting for allowing self-service sign-up.
When
true, only administrators can create new user profiles. Whenfalse, users can register themselves and create a new user profile with theSignUpoperation.
- invite_message_template
The template for the welcome message to new users.
This template must include the
{####}temporary password placeholder if you are creating users with passwords. If your users don’t have passwords, you can omit the placeholder.See also Customizing User Invitation Messages .
- unused_account_validity_days
This parameter is no longer in use.
The password expiration limit in days for administrator-created users. When this time expires, the user can’t sign in with their temporary password. To reset the account after that time limit, you must call
AdminCreateUseragain, specifyingRESENDfor theMessageActionparameter.The default value for this parameter is 7.
AdvancedSecurityAdditionalFlowsProperty
- class CfnUserPoolPropsMixin.AdvancedSecurityAdditionalFlowsProperty(*, custom_auth_mode=None)
Bases:
objectThreat protection configuration options for additional authentication types in your user pool, including custom authentication.
- Parameters:
custom_auth_mode (
Optional[str]) – The operating mode of threat protection in custom authentication with Custom authentication challenge Lambda triggers .- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins advanced_security_additional_flows_property = cognito_mixins.CfnUserPoolPropsMixin.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" )
Attributes
- custom_auth_mode
The operating mode of threat protection in custom authentication with Custom authentication challenge Lambda triggers .
CustomEmailSenderProperty
- class CfnUserPoolPropsMixin.CustomEmailSenderProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe configuration of a custom email sender Lambda trigger.
This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use aLambdaVersionofV1_0with a custom sender function.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins custom_email_sender_property = cognito_mixins.CfnUserPoolPropsMixin.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
You must use a
LambdaVersionofV1_0with a custom sender function.
CustomSMSSenderProperty
- class CfnUserPoolPropsMixin.CustomSMSSenderProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe configuration of a custom SMS sender Lambda trigger.
This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features. You must use aLambdaVersionofV1_0with a custom sender function.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins custom_sMSSender_property = cognito_mixins.CfnUserPoolPropsMixin.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
You must use a
LambdaVersionofV1_0with a custom sender function.
DeviceConfigurationProperty
- class CfnUserPoolPropsMixin.DeviceConfigurationProperty(*, challenge_required_on_new_device=None, device_only_remembered_on_user_prompt=None)
Bases:
objectThe device-remembering configuration for a user pool.
- Parameters:
challenge_required_on_new_device (
Union[bool,IResolvable,None]) – When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). .. epigraph:: Whether or notChallengeRequiredOnNewDeviceis true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.device_only_remembered_on_user_prompt (
Union[bool,IResolvable,None]) – When true, Amazon Cognito doesn’t automatically remember a user’s device when your app sends aConfirmDeviceAPI request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user’s choice in anUpdateDeviceStatusAPI request. WhenDeviceOnlyRememberedOnUserPromptisfalse, Amazon Cognito immediately remembers devices that you register in aConfirmDeviceAPI request.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins device_configuration_property = cognito_mixins.CfnUserPoolPropsMixin.DeviceConfigurationProperty( challenge_required_on_new_device=False, device_only_remembered_on_user_prompt=False )
Attributes
- challenge_required_on_new_device
When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
Whether or not
ChallengeRequiredOnNewDeviceis true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.
- device_only_remembered_on_user_prompt
When true, Amazon Cognito doesn’t automatically remember a user’s device when your app sends a
ConfirmDeviceAPI request.In your app, create a prompt for your user to choose whether they want to remember their device. Return the user’s choice in an
UpdateDeviceStatusAPI request.When
DeviceOnlyRememberedOnUserPromptisfalse, Amazon Cognito immediately remembers devices that you register in aConfirmDeviceAPI request.
EmailConfigurationProperty
- class CfnUserPoolPropsMixin.EmailConfigurationProperty(*, configuration_set=None, email_sending_account=None, from_=None, reply_to_email_address=None, source_arn=None)
Bases:
objectThe email configuration of your user pool.
The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
- Parameters:
configuration_set (
Optional[str]) – The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails: - Event publishing - Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as and Amazon CloudWatch - IP pool management - When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.email_sending_account (
Optional[str]) – Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values: - COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration. To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide . The default FROM address isno-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter. - DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account . If you use this option, provide the ARN of an Amazon SES verified email address for theSourceArnparameter. Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role in your AWS account . This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .from – Either the sender’s email address or the sender’s name with their email address. For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.reply_to_email_address (
Optional[str]) – The destination to which the receiver of the email should reply.source_arn (
Optional[str]) – The ARN of a verified email address or an address from a verified domain in Amazon SES. You can set aSourceArnemail from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for theEmailSendingAccountparameter: - If you specifyCOGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account. - If you specifyDEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf. The Region value of theSourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins email_configuration_property = cognito_mixins.CfnUserPoolPropsMixin.EmailConfigurationProperty( configuration_set="configurationSet", email_sending_account="emailSendingAccount", from="from", reply_to_email_address="replyToEmailAddress", source_arn="sourceArn" )
Attributes
- configuration_set
The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service.
A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
Event publishing - Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as and Amazon CloudWatch
IP pool management - When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
- email_sending_account
Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration.
Specify one of the following values:
COGNITO_DEFAULT - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.
To look up the email delivery limit for the default option, see Limits in the Amazon Cognito Developer Guide .
The default FROM address is
no-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for theSourceArnparameter.DEVELOPER - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .
If you use this option, provide the ARN of an Amazon SES verified email address for the
SourceArnparameter.Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role , which is a type of role in your AWS account . This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide .
- from_
Either the sender’s email address or the sender’s name with their email address.
For example,
testuser@example.comorTest User <testuser@example.com>. This address appears before the body of the email.
- reply_to_email_address
The destination to which the receiver of the email should reply.
- source_arn
The ARN of a verified email address or an address from a verified domain in Amazon SES.
You can set a
SourceArnemail from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for theEmailSendingAccountparameter:If you specify
COGNITO_DEFAULT, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.If you specify
DEVELOPER, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
The Region value of the
SourceArnparameter must indicate a supported AWS Region of your user pool. Typically, the Region in theSourceArnand the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide .
InviteMessageTemplateProperty
- class CfnUserPoolPropsMixin.InviteMessageTemplateProperty(*, email_message=None, email_subject=None, sms_message=None)
Bases:
objectThe template for the welcome message to new users.
This template must include the
{####}temporary password placeholder if you are creating users with passwords. If your users don’t have passwords, you can omit the placeholder.See also Customizing User Invitation Messages .
- Parameters:
email_message (
Optional[str]) – The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.email_subject (
Optional[str]) –The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
sms_message (
Optional[str]) – The message template for SMS messages.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins invite_message_template_property = cognito_mixins.CfnUserPoolPropsMixin.InviteMessageTemplateProperty( email_message="emailMessage", email_subject="emailSubject", sms_message="smsMessage" )
Attributes
- email_message
The message template for email messages.
EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.
- email_subject
The subject line for email messages.
EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.
- sms_message
The message template for SMS messages.
LambdaConfigProperty
- class CfnUserPoolPropsMixin.LambdaConfigProperty(*, create_auth_challenge=None, custom_email_sender=None, custom_message=None, custom_sms_sender=None, define_auth_challenge=None, kms_key_id=None, post_authentication=None, post_confirmation=None, pre_authentication=None, pre_sign_up=None, pre_token_generation=None, pre_token_generation_config=None, user_migration=None, verify_auth_challenge_response=None)
Bases:
objectA collection of user pool Lambda triggers.
Amazon Cognito invokes triggers at several possible stages of user pool operations. Triggers can modify the outcome of the operations that invoked them.
- Parameters:
create_auth_challenge (
Optional[str]) – The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .custom_email_sender (
Union[IResolvable,CustomEmailSenderProperty,Dict[str,Any],None]) – The configuration of a custom email sender Lambda trigger. This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.custom_message (
Optional[str]) – A custom message Lambda trigger. This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user.custom_sms_sender (
Union[IResolvable,CustomSMSSenderProperty,Dict[str,Any],None]) – The configuration of a custom SMS sender Lambda trigger. This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.define_auth_challenge (
Optional[str]) –The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
kms_key_id (
Optional[str]) – The ARN of an KMS key . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.post_authentication (
Optional[str]) – The configuration of a post authentication Lambda trigger in a user pool. This trigger can take custom actions after a user signs in.post_confirmation (
Optional[str]) – The configuration of a post confirmation Lambda trigger in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number.pre_authentication (
Optional[str]) – The configuration of a pre authentication trigger in a user pool. This trigger can evaluate and modify user sign-in events.pre_sign_up (
Optional[str]) – The configuration of a pre sign-up Lambda trigger in a user pool. This trigger evaluates new users and can bypass confirmation, link a federated user profile , or block sign-up requests.pre_token_generation (
Optional[str]) – The legacy configuration of a pre token generation Lambda trigger in a user pool. Set this parameter for legacy purposes. If you also set an ARN inPreTokenGenerationConfig, its value must be identical toPreTokenGeneration. For new instances of pre token generation triggers, set theLambdaArnofPreTokenGenerationConfig.pre_token_generation_config (
Union[IResolvable,PreTokenGenerationConfigProperty,Dict[str,Any],None]) –The detailed configuration of a pre token generation Lambda trigger in a user pool. If you also set an ARN in
PreTokenGeneration, its value must be identical toPreTokenGenerationConfig.user_migration (
Optional[str]) – The configuration of a migrate user Lambda trigger in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don’t exist yet.verify_auth_challenge_response (
Optional[str]) –The configuration of a verify auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins lambda_config_property = cognito_mixins.CfnUserPoolPropsMixin.LambdaConfigProperty( create_auth_challenge="createAuthChallenge", custom_email_sender=cognito_mixins.CfnUserPoolPropsMixin.CustomEmailSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), custom_message="customMessage", custom_sms_sender=cognito_mixins.CfnUserPoolPropsMixin.CustomSMSSenderProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), define_auth_challenge="defineAuthChallenge", kms_key_id="kmsKeyId", post_authentication="postAuthentication", post_confirmation="postConfirmation", pre_authentication="preAuthentication", pre_sign_up="preSignUp", pre_token_generation="preTokenGeneration", pre_token_generation_config=cognito_mixins.CfnUserPoolPropsMixin.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" ), user_migration="userMigration", verify_auth_challenge_response="verifyAuthChallengeResponse" )
Attributes
- create_auth_challenge
The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
- custom_email_sender
The configuration of a custom email sender Lambda trigger.
This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic.
- custom_message
A custom message Lambda trigger.
This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user.
- custom_sms_sender
The configuration of a custom SMS sender Lambda trigger.
This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic.
- define_auth_challenge
The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
- kms_key_id
The ARN of an KMS key . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers.
- post_authentication
The configuration of a post authentication Lambda trigger in a user pool. This trigger can take custom actions after a user signs in.
- post_confirmation
The configuration of a post confirmation Lambda trigger in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number.
- pre_authentication
The configuration of a pre authentication trigger in a user pool. This trigger can evaluate and modify user sign-in events.
- pre_sign_up
The configuration of a pre sign-up Lambda trigger in a user pool. This trigger evaluates new users and can bypass confirmation, link a federated user profile , or block sign-up requests.
- pre_token_generation
The legacy configuration of a pre token generation Lambda trigger in a user pool.
Set this parameter for legacy purposes. If you also set an ARN in
PreTokenGenerationConfig, its value must be identical toPreTokenGeneration. For new instances of pre token generation triggers, set theLambdaArnofPreTokenGenerationConfig.
- pre_token_generation_config
The detailed configuration of a pre token generation Lambda trigger in a user pool. If you also set an ARN in
PreTokenGeneration, its value must be identical toPreTokenGenerationConfig.
- user_migration
The configuration of a migrate user Lambda trigger in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don’t exist yet.
- verify_auth_challenge_response
The configuration of a verify auth challenge Lambda trigger, one of three triggers in the sequence of the custom authentication challenge triggers .
NumberAttributeConstraintsProperty
- class CfnUserPoolPropsMixin.NumberAttributeConstraintsProperty(*, max_value=None, min_value=None)
Bases:
objectThe minimum and maximum values of an attribute that is of the number type, for example
custom:age.- Parameters:
max_value (
Optional[str]) – The maximum length of a number attribute value. Must be a number less than or equal to2^1023, represented as a string with a length of 131072 characters or fewer.min_value (
Optional[str]) – The minimum value of an attribute that is of the number data type.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins number_attribute_constraints_property = cognito_mixins.CfnUserPoolPropsMixin.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" )
Attributes
- max_value
The maximum length of a number attribute value.
Must be a number less than or equal to
2^1023, represented as a string with a length of 131072 characters or fewer.
- min_value
The minimum value of an attribute that is of the number data type.
PasswordPolicyProperty
- class CfnUserPoolPropsMixin.PasswordPolicyProperty(*, minimum_length=None, password_history_size=None, require_lowercase=None, require_numbers=None, require_symbols=None, require_uppercase=None, temporary_password_validity_days=None)
Bases:
objectThe password policy settings for a user pool, including complexity, history, and length requirements.
- Parameters:
minimum_length (
Union[int,float,None]) – The minimum length of the password in the policy that you have set. This value can’t be less than 6.password_history_size (
Union[int,float,None]) – The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can’t set a password that matches any ofnprevious passwords, wherenis the value ofPasswordHistorySize.require_lowercase (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one lowercase letter in their password.require_numbers (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one number in their password.require_symbols (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one symbol in their password.require_uppercase (
Union[bool,IResolvable,None]) – The requirement in a password policy that users must include at least one uppercase letter in their password.temporary_password_validity_days (
Union[int,float,None]) – The number of days a temporary password is valid in the password policy. If the user doesn’t sign in during this time, an administrator must reset their password. Defaults to7. If you submit a value of0, Amazon Cognito treats it as a null value and setsTemporaryPasswordValidityDaysto its default value. .. epigraph:: When you setTemporaryPasswordValidityDaysfor a user pool, you can no longer set a value for the legacyUnusedAccountValidityDaysparameter in that user pool.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins password_policy_property = cognito_mixins.CfnUserPoolPropsMixin.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 )
Attributes
- minimum_length
The minimum length of the password in the policy that you have set.
This value can’t be less than 6.
- password_history_size
The number of previous passwords that you want Amazon Cognito to restrict each user from reusing.
Users can’t set a password that matches any of
nprevious passwords, wherenis the value ofPasswordHistorySize.
- require_lowercase
The requirement in a password policy that users must include at least one lowercase letter in their password.
- require_numbers
The requirement in a password policy that users must include at least one number in their password.
- require_symbols
The requirement in a password policy that users must include at least one symbol in their password.
- require_uppercase
The requirement in a password policy that users must include at least one uppercase letter in their password.
- temporary_password_validity_days
The number of days a temporary password is valid in the password policy.
If the user doesn’t sign in during this time, an administrator must reset their password. Defaults to
7. If you submit a value of0, Amazon Cognito treats it as a null value and setsTemporaryPasswordValidityDaysto its default value. .. epigraph:When you set ``TemporaryPasswordValidityDays`` for a user pool, you can no longer set a value for the legacy ``UnusedAccountValidityDays`` parameter in that user pool.
PoliciesProperty
- class CfnUserPoolPropsMixin.PoliciesProperty(*, password_policy=None, sign_in_policy=None)
Bases:
objectA list of user pool policies.
Contains the policy that sets password-complexity requirements.
- Parameters:
password_policy (
Union[IResolvable,PasswordPolicyProperty,Dict[str,Any],None]) – The password policy settings for a user pool, including complexity, history, and length requirements.sign_in_policy (
Union[IResolvable,SignInPolicyProperty,Dict[str,Any],None]) – The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the Essentials tier or higher.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins policies_property = cognito_mixins.CfnUserPoolPropsMixin.PoliciesProperty( password_policy=cognito_mixins.CfnUserPoolPropsMixin.PasswordPolicyProperty( minimum_length=123, password_history_size=123, require_lowercase=False, require_numbers=False, require_symbols=False, require_uppercase=False, temporary_password_validity_days=123 ), sign_in_policy=cognito_mixins.CfnUserPoolPropsMixin.SignInPolicyProperty( allowed_first_auth_factors=["allowedFirstAuthFactors"] ) )
Attributes
- password_policy
The password policy settings for a user pool, including complexity, history, and length requirements.
- sign_in_policy
The policy for allowed types of authentication in a user pool.
To activate this setting, your user pool must be in the Essentials tier or higher.
PreTokenGenerationConfigProperty
- class CfnUserPoolPropsMixin.PreTokenGenerationConfigProperty(*, lambda_arn=None, lambda_version=None)
Bases:
objectThe properties of a pre token generation Lambda trigger.
- Parameters:
lambda_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger. This parameter and thePreTokenGenerationproperty ofLambdaConfighave the same value. For new instances of pre token generation triggers, setLambdaArn.lambda_version (
Optional[str]) – The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins pre_token_generation_config_property = cognito_mixins.CfnUserPoolPropsMixin.PreTokenGenerationConfigProperty( lambda_arn="lambdaArn", lambda_version="lambdaVersion" )
Attributes
- lambda_arn
The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
This parameter and the
PreTokenGenerationproperty ofLambdaConfighave the same value. For new instances of pre token generation triggers, setLambdaArn.
- lambda_version
The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
Higher-numbered versions add fields that support new features.
RecoveryOptionProperty
- class CfnUserPoolPropsMixin.RecoveryOptionProperty(*, name=None, priority=None)
Bases:
objectA recovery option for a user.
The
AccountRecoverySettingTypedata type is an array of this object. EachRecoveryOptionTypehas a priority property that determines whether it is a primary or secondary option.For example, if
verified_emailhas a priority of1andverified_phone_numberhas a priority of2, your user pool sends account-recovery messages to a verified email address but falls back to an SMS message if the user has a verified phone number. Theadmin_onlyoption prevents self-service account recovery.- Parameters:
name (
Optional[str]) – The recovery method that this object sets a recovery option for.priority (
Union[int,float,None]) – Your priority preference for using the specified attribute in account recovery. The highest priority is1.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins recovery_option_property = cognito_mixins.CfnUserPoolPropsMixin.RecoveryOptionProperty( name="name", priority=123 )
Attributes
- name
The recovery method that this object sets a recovery option for.
- priority
Your priority preference for using the specified attribute in account recovery.
The highest priority is
1.
SchemaAttributeProperty
- class CfnUserPoolPropsMixin.SchemaAttributeProperty(*, attribute_data_type=None, developer_only_attribute=None, mutable=None, name=None, number_attribute_constraints=None, required=None, string_attribute_constraints=None)
Bases:
objectA list of the user attributes and their properties in your user pool.
The attribute schema contains standard attributes, custom attributes with a
custom:prefix, and developer attributes with adev:prefix. For more information, see User pool attributes .Developer-only
dev:attributes are a legacy feature of user pools, and are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.- Parameters:
attribute_data_type (
Optional[str]) – The data format of the values for your attribute. When you choose anAttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user’s ID token is always a string, for example"custom:isMember" : "true"or"custom:YearsAsMember" : "12".developer_only_attribute (
Union[bool,IResolvable,None]) –You should use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute. Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won’t be able to modify this attribute using their access token. For example,DeveloperOnlyAttributecan be modified using AdminUpdateUserAttributes but can’t be updated using UpdateUserAttributes.mutable (
Union[bool,IResolvable,None]) – Specifies whether the value of the attribute can be changed. Any user pool attribute whose value you map from an IdP attribute must be mutable, with a parameter value oftrue. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .name (
Optional[str]) – The name of your user pool attribute. When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with aNamevalue ofMyAttribute, Amazon Cognito creates the custom attributecustom:MyAttribute. WhenDeveloperOnlyAttributeistrue, Amazon Cognito creates your attribute asdev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value asvaluefor standard attributes,custom:valuefor custom attributes, anddev:valuefor developer-only attributes..number_attribute_constraints (
Union[IResolvable,NumberAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the number type.required (
Union[bool,IResolvable,None]) – Specifies whether a user pool attribute is required. If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.string_attribute_constraints (
Union[IResolvable,StringAttributeConstraintsProperty,Dict[str,Any],None]) – Specifies the constraints for an attribute of the string type.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins schema_attribute_property = cognito_mixins.CfnUserPoolPropsMixin.SchemaAttributeProperty( attribute_data_type="attributeDataType", developer_only_attribute=False, mutable=False, name="name", number_attribute_constraints=cognito_mixins.CfnUserPoolPropsMixin.NumberAttributeConstraintsProperty( max_value="maxValue", min_value="minValue" ), required=False, string_attribute_constraints=cognito_mixins.CfnUserPoolPropsMixin.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" ) )
Attributes
- attribute_data_type
The data format of the values for your attribute.
When you choose an
AttributeDataType, Amazon Cognito validates the input against the data type. A custom attribute value in your user’s ID token is always a string, for example"custom:isMember" : "true"or"custom:YearsAsMember" : "12".
- developer_only_attribute
You should use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using
DeveloperOnlyAttribute.Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won’t be able to modify this attribute using their access token. For example,
DeveloperOnlyAttributecan be modified using AdminUpdateUserAttributes but can’t be updated using UpdateUserAttributes.
- mutable
Specifies whether the value of the attribute can be changed.
Any user pool attribute whose value you map from an IdP attribute must be mutable, with a parameter value of
true. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool .
- name
The name of your user pool attribute.
When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with a
Namevalue ofMyAttribute, Amazon Cognito creates the custom attributecustom:MyAttribute. WhenDeveloperOnlyAttributeistrue, Amazon Cognito creates your attribute asdev:MyAttribute. In an operation that describes a user pool, Amazon Cognito returns this value asvaluefor standard attributes,custom:valuefor custom attributes, anddev:valuefor developer-only attributes..
- number_attribute_constraints
Specifies the constraints for an attribute of the number type.
- required
Specifies whether a user pool attribute is required.
If the attribute is required and the user doesn’t provide a value, registration or sign-in will fail.
- string_attribute_constraints
Specifies the constraints for an attribute of the string type.
SignInPolicyProperty
- class CfnUserPoolPropsMixin.SignInPolicyProperty(*, allowed_first_auth_factors=None)
Bases:
objectThe policy for allowed types of authentication in a user pool.
To activate this setting, your user pool must be in the Essentials tier or higher.
- Parameters:
allowed_first_auth_factors (
Optional[Sequence[str]]) – The sign-in methods that a user pool supports as the first factor. You can permit users to start authentication with a standard username and password, or with other one-time password and hardware factors. Supports values ofEMAIL_OTP,SMS_OTP,WEB_AUTHNandPASSWORD,- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins sign_in_policy_property = cognito_mixins.CfnUserPoolPropsMixin.SignInPolicyProperty( allowed_first_auth_factors=["allowedFirstAuthFactors"] )
Attributes
- allowed_first_auth_factors
The sign-in methods that a user pool supports as the first factor.
You can permit users to start authentication with a standard username and password, or with other one-time password and hardware factors.
Supports values of
EMAIL_OTP,SMS_OTP,WEB_AUTHNandPASSWORD,
SmsConfigurationProperty
- class CfnUserPoolPropsMixin.SmsConfigurationProperty(*, external_id=None, sns_caller_arn=None, sns_region=None)
Bases:
objectUser pool configuration for delivery of SMS messages with Amazon Simple Notification Service.
To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
- Parameters:
external_id (
Optional[str]) – The external ID provides additional security for your IAM role. You can use anExternalIdwith the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide theExternalID. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of theExternalId. For more information about theExternalIdof a role, see How to use an external ID when granting access to your AWS resources to a third party .sns_caller_arn (
Optional[str]) – The Amazon Resource Name (ARN) of the Amazon SNS caller. This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .sns_region (
Optional[str]) – The AWS Region to use with Amazon SNS integration. You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region . Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins sms_configuration_property = cognito_mixins.CfnUserPoolPropsMixin.SmsConfigurationProperty( external_id="externalId", sns_caller_arn="snsCallerArn", sns_region="snsRegion" )
Attributes
- external_id
The external ID provides additional security for your IAM role.
You can use an
ExternalIdwith the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide anExternalId, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide theExternalID. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of theExternalId.For more information about the
ExternalIdof a role, see How to use an external ID when granting access to your AWS resources to a third party .
- sns_caller_arn
The Amazon Resource Name (ARN) of the Amazon SNS caller.
This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a spending limit .
- sns_region
The AWS Region to use with Amazon SNS integration.
You can choose the same Region as your user pool, or a supported Legacy Amazon SNS alternate Region .
Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see SMS message settings for Amazon Cognito user pools .
StringAttributeConstraintsProperty
- class CfnUserPoolPropsMixin.StringAttributeConstraintsProperty(*, max_length=None, min_length=None)
Bases:
objectThe minimum and maximum length values of an attribute that is of the string type, for example
custom:department.- Parameters:
max_length (
Optional[str]) – The maximum length of a string attribute value. Must be a number less than or equal to2^1023, represented as a string with a length of 131072 characters or fewer.min_length (
Optional[str]) – The minimum length of a string attribute value.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins string_attribute_constraints_property = cognito_mixins.CfnUserPoolPropsMixin.StringAttributeConstraintsProperty( max_length="maxLength", min_length="minLength" )
Attributes
- max_length
The maximum length of a string attribute value.
Must be a number less than or equal to
2^1023, represented as a string with a length of 131072 characters or fewer.
- min_length
The minimum length of a string attribute value.
UserAttributeUpdateSettingsProperty
- class CfnUserPoolPropsMixin.UserAttributeUpdateSettingsProperty(*, attributes_require_verification_before_update=None)
Bases:
objectThe settings for updates to user attributes.
These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .- Parameters:
attributes_require_verification_before_update (
Optional[Sequence[str]]) – Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. WhenAttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins user_attribute_update_settings_property = cognito_mixins.CfnUserPoolPropsMixin.UserAttributeUpdateSettingsProperty( attributes_require_verification_before_update=["attributesRequireVerificationBeforeUpdate"] )
Attributes
- attributes_require_verification_before_update
Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute.
When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
When
AttributesRequireVerificationBeforeUpdateis false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool whereAttributesRequireVerificationBeforeUpdateis false, API operations that change attribute values can immediately update a user’semailorphone_numberattribute.
UserPoolAddOnsProperty
- class CfnUserPoolPropsMixin.UserPoolAddOnsProperty(*, advanced_security_additional_flows=None, advanced_security_mode=None)
Bases:
objectUser pool add-ons.
Contains settings for activation of threat protection. To log user security information but take no action, set to
AUDIT. To configure automatic security responses to risky traffic to your user pool, set toENFORCED.For more information, see Adding advanced security to a user pool . To activate this setting, your user pool must be on the Plus tier .
- Parameters:
advanced_security_additional_flows (
Union[IResolvable,AdvancedSecurityAdditionalFlowsProperty,Dict[str,Any],None]) – Threat protection configuration options for additional authentication types in your user pool, including custom authentication.advanced_security_mode (
Optional[str]) – The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins user_pool_add_ons_property = cognito_mixins.CfnUserPoolPropsMixin.UserPoolAddOnsProperty( advanced_security_additional_flows=cognito_mixins.CfnUserPoolPropsMixin.AdvancedSecurityAdditionalFlowsProperty( custom_auth_mode="customAuthMode" ), advanced_security_mode="advancedSecurityMode" )
Attributes
- advanced_security_additional_flows
Threat protection configuration options for additional authentication types in your user pool, including custom authentication.
- advanced_security_mode
The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication.
UsernameConfigurationProperty
- class CfnUserPoolPropsMixin.UsernameConfigurationProperty(*, case_sensitive=None)
Bases:
objectCase sensitivity of the username input for the selected sign-in option.
When case sensitivity is set to
False(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username,USERNAME, orUserName, or for email,email@example.comorEMaiL@eXamplE.Com. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.- Parameters:
case_sensitive (
Union[bool,IResolvable,None]) – Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity toFalse(case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name. Valid values include: - true - Enables case sensitivity for all username input. When this option is set totrue, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value. - false - Enables case insensitivity for all username input. For example, when this option is set tofalse, users can sign in usingusername,USERNAME, orUserName. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins username_configuration_property = cognito_mixins.CfnUserPoolPropsMixin.UsernameConfigurationProperty( case_sensitive=False )
Attributes
- case_sensitive
Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
For most use cases, set case sensitivity to
False(case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.Valid values include:
true - Enables case sensitivity for all username input. When this option is set to
true, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.false - Enables case insensitivity for all username input. For example, when this option is set to
false, users can sign in usingusername,USERNAME, orUserName. This option also enables bothpreferred_usernameandemailalias to be case insensitive, in addition to theusernameattribute.
VerificationMessageTemplateProperty
- class CfnUserPoolPropsMixin.VerificationMessageTemplateProperty(*, default_email_option=None, email_message=None, email_message_by_link=None, email_subject=None, email_subject_by_link=None, sms_message=None)
Bases:
objectThe template for the verification message that your user pool delivers to users who set an email address or phone number attribute.
- Parameters:
default_email_option (
Optional[str]) – The configuration of verification emails to contain a clickable link or a verification code. For link, your template body must contain link text in the format{##Click here##}. “Click here” in the example is a customizable string. For code, your template body must contain a code placeholder in the format{####}.email_message (
Optional[str]) –The template for email messages that Amazon Cognito sends to your users. You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_message_by_link (
Optional[str]) –The email message template for sending a confirmation link to the user. You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject (
Optional[str]) –The subject line for the email message template. You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.email_subject_by_link (
Optional[str]) –The subject line for the email message template for sending a confirmation link to the user. You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.sms_message (
Optional[str]) – The template for SMS messages that Amazon Cognito sends to your users.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins verification_message_template_property = cognito_mixins.CfnUserPoolPropsMixin.VerificationMessageTemplateProperty( default_email_option="defaultEmailOption", email_message="emailMessage", email_message_by_link="emailMessageByLink", email_subject="emailSubject", email_subject_by_link="emailSubjectByLink", sms_message="smsMessage" )
Attributes
- default_email_option
The configuration of verification emails to contain a clickable link or a verification code.
For link, your template body must contain link text in the format
{##Click here##}. “Click here” in the example is a customizable string. For code, your template body must contain a code placeholder in the format{####}.
- email_message
The template for email messages that Amazon Cognito sends to your users.
You can set an
EmailMessagetemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_message_by_link
The email message template for sending a confirmation link to the user.
You can set an
EmailMessageByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_subject
The subject line for the email message template.
You can set an
EmailSubjecttemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- email_subject_by_link
The subject line for the email message template for sending a confirmation link to the user.
You can set an
EmailSubjectByLinktemplate only if the value of EmailSendingAccount isDEVELOPER. When your EmailSendingAccount isDEVELOPER, your user pool sends email messages with your own Amazon SES configuration.
- sms_message
The template for SMS messages that Amazon Cognito sends to your users.