User
Definition of AWS::Cognito::UserPool Resource Type
Constructors
Properties
Use this setting to define which verified available method a user can use to recover their password when they call ForgotPassword . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
Attributes supported as an alias for this user pool. Possible values: phone_number , email , or preferred_username .
The attributes to be auto-verified. Possible values: email , phone_number .
When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. When you try to delete a protected user pool in a DeleteUserPool API request, Amazon Cognito returns an InvalidParameterException error. To delete a protected user pool, send a new DeleteUserPool request after you deactivate deletion protection in an UpdateUserPool API request.
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
This parameter is no longer used. See VerificationMessageTemplateType .
This parameter is no longer used. See VerificationMessageTemplateType .
Enables MFA on a specified user pool. To disable all MFAs after it has been enabled, set MfaConfiguration to "OFF" and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to "OFF". Can be one of the following values:
A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them.
The multi-factor authentication (MFA) configuration. Valid values include:
A list of user pool policies. Contains the policy that sets password-complexity requirements. This data type is a request and response parameter of CreateUserPool and UpdateUserPool , and a response parameter of DescribeUserPool .
The schema attributes for the new user pool. These attributes can be standard or custom attributes.
A string representing the SMS authentication message.
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
This parameter is no longer used. See VerificationMessageTemplateType .
The settings for updates to user attributes. These settings include the property AttributesRequireVerificationBeforeUpdate , a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers .
Determines whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values: phone_number or email . This user pool property cannot be updated.
You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to False , users will be able to sign in using either "username" or "Username". This configuration is immutable once it has been set.
User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT . To configure automatic security responses to risky traffic to your user pool, set to ENFORCED . For more information, see Adding advanced security to a user pool .
A string used to name the user pool.
The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. Set the email message type that corresponds to your DefaultEmailOption selection. For CONFIRM_WITH_LINK , specify an EmailMessageByLink and leave EmailMessage blank. For CONFIRM_WITH_CODE , specify an EmailMessage and leave EmailMessageByLink blank. When you supply both parameters with either choice, Amazon Cognito returns an error.