This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Cognito::UserPoolRiskConfigurationAttachment The `AWS::Cognito::UserPoolRiskConfigurationAttachment` resource sets the risk configuration that is used for Amazon Cognito advanced security features. You can specify risk configuration for a single client (with a specific `clientId`) or for all clients (by setting the `clientId` to `ALL`). If you specify `ALL`, the default configuration is used for every client that has had no risk configuration set previously. If you specify risk configuration for a particular client, it no longer falls back to the `ALL` configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Cognito::UserPoolRiskConfigurationAttachment", "Properties" : { "[AccountTakeoverRiskConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfiguration)" : AccountTakeoverRiskConfigurationType, "[ClientId](#cfn-cognito-userpoolriskconfigurationattachment-clientid)" : String, "[CompromisedCredentialsRiskConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfiguration)" : CompromisedCredentialsRiskConfigurationType, "[RiskExceptionConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfiguration)" : RiskExceptionConfigurationType, "[UserPoolId](#cfn-cognito-userpoolriskconfigurationattachment-userpoolid)" : String } } ``` ### YAML ``` Type: AWS::Cognito::UserPoolRiskConfigurationAttachment Properties: [AccountTakeoverRiskConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfiguration): AccountTakeoverRiskConfigurationType [ClientId](#cfn-cognito-userpoolriskconfigurationattachment-clientid): String [CompromisedCredentialsRiskConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfiguration): CompromisedCredentialsRiskConfigurationType [RiskExceptionConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfiguration): RiskExceptionConfigurationType [UserPoolId](#cfn-cognito-userpoolriskconfigurationattachment-userpoolid): String ``` ## Properties `AccountTakeoverRiskConfiguration` The settings for automated responses and notification templates for adaptive authentication with threat protection. *Required*: No *Type*: [AccountTakeoverRiskConfigurationType](aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ClientId` The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. *Required*: Yes *Type*: String *Pattern*: `[\w+]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CompromisedCredentialsRiskConfiguration` Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. *Required*: No *Type*: [CompromisedCredentialsRiskConfigurationType](aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RiskExceptionConfiguration` Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. *Required*: No *Type*: [RiskExceptionConfigurationType](aws-properties-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `UserPoolId` The ID of the user pool that has the risk configuration applied. *Required*: Yes *Type*: String *Pattern*: `[\w-]+_[0-9a-zA-Z]+` *Minimum*: `1` *Maximum*: `55` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the physicalResourceId, which is “UserPoolRiskConfigurationAttachment-UserPoolId-ClientId". For example: `{ "Ref": “UserPoolRiskConfigurationAttachment-us-east-1_FAKEPOOLID-2asc123fakeclientidajjulj6bh” }` For the Amazon Cognito risk configuration attachment `UserPoolRiskConfigurationAttachment-us-east-1_FAKEPOOLID-2asc123fakeclientidajjulj6bh`, Ref returns the name of the risk configuration attachment. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ## Examples ### Creating a new risk configuration attachment for a user pool The following example sets risk configurations in the referenced user pool and client. #### JSON ``` { "UserPoolRiskConfiguration":{ "Type":"AWS::Cognito::UserPoolRiskConfigurationAttachment", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "ClientId":{ "Ref":"Client" }, "AccountTakeoverRiskConfiguration":{ "Actions":{ "HighAction":{ "EventAction":"MFA_REQUIRED", "Notify":true, }, "MediumAction":{ "EventAction":"MFA_IF_CONFIGURED", "Notify":true }, "LowAction":{ "EventAction":{ "Ref":"EventAction" }, "Notify":false } }, "NotifyConfiguration":{ "BlockEmail":{ "HtmlBody":"html body", "Subject":"Your account got blocked", "TextBody":"Your account got blocked" }, "MfaEmail":{ "HtmlBody":"html body", "Subject":"Your account needs MFA verification", "TextBody":"Your account needs MFA verification" }, "NoActionEmail":{ "HtmlBody":{ "Ref":"HtmlBody" }, "Subject":{ "Ref":"Subject" }, "TextBody":{ "Ref":"TextBody" }, }, "From":"your-from-email@amazon.com", "SourceArn":{ "Ref":"SourceArn" }, "ReplyTo":"your-reply-to@amazon.com" } }, "CompromisedCredentialsRiskConfiguration":{ "Actions":{ "EventAction":"BLOCK" }, "EventFilter":[ { "Ref":"EventFilter" }, ] }, "RiskExceptionConfiguration":{ "BlockedIPRangeList":[ "198.0.0.1" ], "SkippedIPRangeList":[ "198.0.0.1" ] } } } } ``` #### YAML ``` UserPoolRiskConfiguration: Type: AWS::Cognito::UserPoolRiskConfigurationAttachment Properties: UserPoolId: !Ref UserPool ClientId: !Ref Client AccountTakeoverRiskConfiguration: Actions: HighAction: EventAction: "MFA_REQUIRED" Notify: True MediumAction: EventAction: "MFA_IF_CONFIGURED" Notify: True LowAction: EventAction: !Ref LowEventAction Notify: False NotifyConfiguration: BlockEmail: HtmlBody: "html body" Subject: "Your account got blocked" TextBody: "Your account got blocked" MfaEmail: HtmlBody: "html body" Subject: "Your account needs MFA verification" TextBody: "Your account needs MFA verification" NoActionEmail: HtmlBody: !Ref HtmlBody Subject: !Ref Subject TextBody: !Ref TextBody From: "your-from-email@amazon.com" SourceArn: !Ref SourceArn ReplyTo: "your-reply-to@amazon.com" CompromisedCredentialsRiskConfiguration: Actions: EventAction: "BLOCK" EventFilter: - !Ref EventFilter RiskExceptionConfiguration: BlockedIPRangeList: - "198.0.0.1" SkippedIPRangeList: - "198.0.0.1" ``` # AWS::Cognito::UserPoolRiskConfigurationAttachment AccountTakeoverActionsType A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[HighAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-highaction)" : AccountTakeoverActionType, "[LowAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-lowaction)" : AccountTakeoverActionType, "[MediumAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-mediumaction)" : AccountTakeoverActionType } ``` ### YAML ``` [HighAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-highaction): AccountTakeoverActionType [LowAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-lowaction): AccountTakeoverActionType [MediumAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-mediumaction): AccountTakeoverActionType ``` ## Properties `HighAction` The action that you assign to a high-risk assessment by threat protection. *Required*: No *Type*: [AccountTakeoverActionType](aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LowAction` The action that you assign to a low-risk assessment by threat protection. *Required*: No *Type*: [AccountTakeoverActionType](aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MediumAction` The action that you assign to a medium-risk assessment by threat protection. *Required*: No *Type*: [AccountTakeoverActionType](aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment AccountTakeoverActionType The automated response to a risk level for adaptive authentication in full-function, or `ENFORCED`, mode. You can assign an action to each risk level that advanced security features evaluates. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EventAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-eventaction)" : String, "[Notify](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-notify)" : Boolean } ``` ### YAML ``` [EventAction](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-eventaction): String [Notify](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-notify): Boolean ``` ## Properties `EventAction` The action to take for the attempted account takeover action for the associated risk level. Valid values are as follows: + `BLOCK`: Block the request. + `MFA_IF_CONFIGURED`: Present an MFA challenge if possible. MFA is possible if the user pool has active MFA methods that the user can set up. For example, if the user pool only supports SMS message MFA but the user doesn't have a phone number attribute, MFA setup isn't possible. If MFA setup isn't possible, allow the request. + `MFA_REQUIRED`: Present an MFA challenge if possible. Block the request if a user hasn't set up MFA. To sign in with required MFA, users must have an email address or phone number attribute, or a registered TOTP factor. + `NO_ACTION`: Take no action. Permit sign-in. *Required*: Yes *Type*: String *Allowed values*: `BLOCK | MFA_IF_CONFIGURED | MFA_REQUIRED | NO_ACTION` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Notify` Determines whether Amazon Cognito sends a user a notification message when your user pools assesses a user's session at the associated risk level. *Required*: Yes *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment AccountTakeoverRiskConfigurationType The settings for automated responses and notification templates for adaptive authentication with advanced security features. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Actions](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-actions)" : AccountTakeoverActionsType, "[NotifyConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-notifyconfiguration)" : NotifyConfigurationType } ``` ### YAML ``` [Actions](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-actions): AccountTakeoverActionsType [NotifyConfiguration](#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-notifyconfiguration): NotifyConfigurationType ``` ## Properties `Actions` A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. *Required*: Yes *Type*: [AccountTakeoverActionsType](aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NotifyConfiguration` The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration`, Amazon Cognito sends an email message using the method and template that you set with this data type. *Required*: No *Type*: [NotifyConfigurationType](aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment CompromisedCredentialsActionsType Settings for user pool actions when Amazon Cognito detects compromised credentials with advanced security features in full-function `ENFORCED` mode. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EventAction](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype-eventaction)" : String } ``` ### YAML ``` [EventAction](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype-eventaction): String ``` ## Properties `EventAction` The action that Amazon Cognito takes when it detects compromised credentials. *Required*: Yes *Type*: String *Allowed values*: `BLOCK | NO_ACTION` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment CompromisedCredentialsRiskConfigurationType Settings for compromised-credentials actions and authentication-event sources with advanced security features in full-function `ENFORCED` mode. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Actions](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-actions)" : CompromisedCredentialsActionsType, "[EventFilter](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-eventfilter)" : [ String, ... ] } ``` ### YAML ``` [Actions](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-actions): CompromisedCredentialsActionsType [EventFilter](#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-eventfilter): - String ``` ## Properties `Actions` Settings for the actions that you want your user pool to take when Amazon Cognito detects compromised credentials. *Required*: Yes *Type*: [CompromisedCredentialsActionsType](aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EventFilter` Settings for the sign-in activity where you want to configure compromised-credentials actions. Defaults to all events. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment NotifyConfigurationType The configuration for Amazon SES email messages that advanced security features sends to a user when your adaptive authentication automated response has a *Notify* action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BlockEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-blockemail)" : NotifyEmailType, "[From](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-from)" : String, "[MfaEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-mfaemail)" : NotifyEmailType, "[NoActionEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-noactionemail)" : NotifyEmailType, "[ReplyTo](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-replyto)" : String, "[SourceArn](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-sourcearn)" : String } ``` ### YAML ``` [BlockEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-blockemail): NotifyEmailType [From](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-from): String [MfaEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-mfaemail): NotifyEmailType [NoActionEmail](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-noactionemail): NotifyEmailType [ReplyTo](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-replyto): String [SourceArn](#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-sourcearn): String ``` ## Properties `BlockEmail` The template for the email message that your user pool sends when a detected risk event is blocked. *Required*: No *Type*: [NotifyEmailType](aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `From` The email address that sends the email message. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `131072` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MfaEmail` The template for the email message that your user pool sends when MFA is challenged in response to a detected risk. *Required*: No *Type*: [NotifyEmailType](aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NoActionEmail` The template for the email message that your user pool sends when no action is taken in response to a detected risk. *Required*: No *Type*: [NotifyEmailType](aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ReplyTo` The reply-to email address of an email template. Can be an email address in the format `admin@example.com` or `Administrator `. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `131072` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SourceArn` The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy. This identity permits Amazon Cognito to send for the email address specified in the `From` parameter. *Required*: Yes *Type*: String *Pattern*: `arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?` *Minimum*: `20` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment NotifyEmailType The template for email messages that advanced security features sends to a user when your threat protection automated response has a *Notify* action. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[HtmlBody](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-htmlbody)" : String, "[Subject](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-subject)" : String, "[TextBody](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-textbody)" : String } ``` ### YAML ``` [HtmlBody](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-htmlbody): String [Subject](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-subject): String [TextBody](#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-textbody): String ``` ## Properties `HtmlBody` The body of an email notification formatted in HTML. Choose an `HtmlBody` or a `TextBody` to send an HTML-formatted or plaintext message, respectively. *Required*: No *Type*: String *Pattern*: `[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+` *Minimum*: `6` *Maximum*: `20000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Subject` The subject of the threat protection email notification. *Required*: Yes *Type*: String *Pattern*: `[\p{L}\p{M}\p{S}\p{N}\p{P}\s]+` *Minimum*: `1` *Maximum*: `140` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TextBody` The body of an email notification formatted in plaintext. Choose an `HtmlBody` or a `TextBody` to send an HTML-formatted or plaintext message, respectively. *Required*: No *Type*: String *Pattern*: `[\p{L}\p{M}\p{S}\p{N}\p{P}\s*]+` *Minimum*: `6` *Maximum*: `20000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::Cognito::UserPoolRiskConfigurationAttachment RiskExceptionConfigurationType Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BlockedIPRangeList](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-blockediprangelist)" : [ String, ... ], "[SkippedIPRangeList](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-skippediprangelist)" : [ String, ... ] } ``` ### YAML ``` [BlockedIPRangeList](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-blockediprangelist): - String [SkippedIPRangeList](#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-skippediprangelist): - String ``` ## Properties `BlockedIPRangeList` An always-block IP address list. Overrides the risk decision and always blocks authentication requests. This parameter is displayed and set in CIDR notation. *Required*: No *Type*: Array of String *Maximum*: `200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SkippedIPRangeList` An always-allow IP address list. Risk detection isn't performed on the IP addresses in this range list. This parameter is displayed and set in CIDR notation. *Required*: No *Type*: Array of String *Maximum*: `200` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)