User
Provides a Cognito User Pool Client resource. To manage a User Pool Client created by another service, such as when configuring an OpenSearch Domain to use Cognito authentication, use the aws.cognito.ManagedUserPoolClient resource instead.
Example Usage
Create a basic user pool client
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const pool = new aws.cognito.UserPool("pool", {name: "pool"});
const client = new aws.cognito.UserPoolClient("client", {
name: "client",
userPoolId: pool.id,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
pool = aws.cognito.UserPool("pool", name="pool")
client = aws.cognito.UserPoolClient("client",
name="client",
user_pool_id=pool.id)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var pool = new Aws.Cognito.UserPool("pool", new()
{
Name = "pool",
});
var client = new Aws.Cognito.UserPoolClient("client", new()
{
Name = "client",
UserPoolId = pool.Id,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
Name: pulumi.String("pool"),
})
if err != nil {
return err
}
_, err = cognito.NewUserPoolClient(ctx, "client", &cognito.UserPoolClientArgs{
Name: pulumi.String("client"),
UserPoolId: pool.ID(),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new UserPool("pool", UserPoolArgs.builder()
.name("pool")
.build());
var client = new UserPoolClient("client", UserPoolClientArgs.builder()
.name("client")
.userPoolId(pool.id())
.build());
}
}Content copied to clipboard
resources:
client:
type: aws:cognito:UserPoolClient
properties:
name: client
userPoolId: ${pool.id}
pool:
type: aws:cognito:UserPool
properties:
name: poolContent copied to clipboard
Create a user pool client with no SRP authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const pool = new aws.cognito.UserPool("pool", {name: "pool"});
const client = new aws.cognito.UserPoolClient("client", {
name: "client",
userPoolId: pool.id,
generateSecret: true,
explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
pool = aws.cognito.UserPool("pool", name="pool")
client = aws.cognito.UserPoolClient("client",
name="client",
user_pool_id=pool.id,
generate_secret=True,
explicit_auth_flows=["ADMIN_NO_SRP_AUTH"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var pool = new Aws.Cognito.UserPool("pool", new()
{
Name = "pool",
});
var client = new Aws.Cognito.UserPoolClient("client", new()
{
Name = "client",
UserPoolId = pool.Id,
GenerateSecret = true,
ExplicitAuthFlows = new[]
{
"ADMIN_NO_SRP_AUTH",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
Name: pulumi.String("pool"),
})
if err != nil {
return err
}
_, err = cognito.NewUserPoolClient(ctx, "client", &cognito.UserPoolClientArgs{
Name: pulumi.String("client"),
UserPoolId: pool.ID(),
GenerateSecret: pulumi.Bool(true),
ExplicitAuthFlows: pulumi.StringArray{
pulumi.String("ADMIN_NO_SRP_AUTH"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new UserPool("pool", UserPoolArgs.builder()
.name("pool")
.build());
var client = new UserPoolClient("client", UserPoolClientArgs.builder()
.name("client")
.userPoolId(pool.id())
.generateSecret(true)
.explicitAuthFlows("ADMIN_NO_SRP_AUTH")
.build());
}
}Content copied to clipboard
resources:
client:
type: aws:cognito:UserPoolClient
properties:
name: client
userPoolId: ${pool.id}
generateSecret: true
explicitAuthFlows:
- ADMIN_NO_SRP_AUTH
pool:
type: aws:cognito:UserPool
properties:
name: poolContent copied to clipboard
Create a user pool client with pinpoint analytics
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testUserPool = new aws.cognito.UserPool("test", {name: "pool"});
const testApp = new aws.pinpoint.App("test", {name: "pinpoint"});
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["cognito-idp.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const testRole = new aws.iam.Role("test", {
name: "role",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const testUserPoolClient = new aws.cognito.UserPoolClient("test", {
name: "pool_client",
userPoolId: testUserPool.id,
analyticsConfiguration: {
applicationId: testApp.applicationId,
externalId: "some_id",
roleArn: testRole.arn,
userDataShared: true,
},
});
const current = aws.getCallerIdentity({});
const test = aws.iam.getPolicyDocumentOutput({
statements: [{
effect: "Allow",
actions: [
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:PutEvents",
],
resources: [pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) => `arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*`)],
}],
});
const testRolePolicy = new aws.iam.RolePolicy("test", {
name: "role_policy",
role: testRole.id,
policy: test.apply(test => test.json),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
test_user_pool = aws.cognito.UserPool("test", name="pool")
test_app = aws.pinpoint.App("test", name="pinpoint")
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="Service",
identifiers=["cognito-idp.amazonaws.com"],
)],
actions=["sts:AssumeRole"],
)])
test_role = aws.iam.Role("test",
name="role",
assume_role_policy=assume_role.json)
test_user_pool_client = aws.cognito.UserPoolClient("test",
name="pool_client",
user_pool_id=test_user_pool.id,
analytics_configuration=aws.cognito.UserPoolClientAnalyticsConfigurationArgs(
application_id=test_app.application_id,
external_id="some_id",
role_arn=test_role.arn,
user_data_shared=True,
))
current = aws.get_caller_identity()
test = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
actions=[
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:PutEvents",
],
resources=[test_app.application_id.apply(lambda application_id: f"arn:aws:mobiletargeting:*:{current.account_id}:apps/{application_id}*")],
)])
test_role_policy = aws.iam.RolePolicy("test",
name="role_policy",
role=test_role.id,
policy=test.json)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var testUserPool = new Aws.Cognito.UserPool("test", new()
{
Name = "pool",
});
var testApp = new Aws.Pinpoint.App("test", new()
{
Name = "pinpoint",
});
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"cognito-idp.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var testRole = new Aws.Iam.Role("test", new()
{
Name = "role",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var testUserPoolClient = new Aws.Cognito.UserPoolClient("test", new()
{
Name = "pool_client",
UserPoolId = testUserPool.Id,
AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs
{
ApplicationId = testApp.ApplicationId,
ExternalId = "some_id",
RoleArn = testRole.Arn,
UserDataShared = true,
},
});
var current = Aws.GetCallerIdentity.Invoke();
var test = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:PutEvents",
},
Resources = new[]
{
$"arn:aws:mobiletargeting:*:{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:apps/{testApp.ApplicationId}*",
},
},
},
});
var testRolePolicy = new Aws.Iam.RolePolicy("test", new()
{
Name = "role_policy",
Role = testRole.Id,
Policy = test.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testUserPool, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
Name: pulumi.String("pool"),
})
if err != nil {
return err
}
testApp, err := pinpoint.NewApp(ctx, "test", &pinpoint.AppArgs{
Name: pulumi.String("pinpoint"),
})
if err != nil {
return err
}
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"cognito-idp.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
testRole, err := iam.NewRole(ctx, "test", &iam.RoleArgs{
Name: pulumi.String("role"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
_, err = cognito.NewUserPoolClient(ctx, "test", &cognito.UserPoolClientArgs{
Name: pulumi.String("pool_client"),
UserPoolId: testUserPool.ID(),
AnalyticsConfiguration: &cognito.UserPoolClientAnalyticsConfigurationArgs{
ApplicationId: testApp.ApplicationId,
ExternalId: pulumi.String("some_id"),
RoleArn: testRole.Arn,
UserDataShared: pulumi.Bool(true),
},
})
if err != nil {
return err
}
current, err := aws.GetCallerIdentity(ctx, nil, nil)
if err != nil {
return err
}
test := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Effect: pulumi.String("Allow"),
Actions: pulumi.StringArray{
pulumi.String("mobiletargeting:UpdateEndpoint"),
pulumi.String("mobiletargeting:PutEvents"),
},
Resources: pulumi.StringArray{
testApp.ApplicationId.ApplyT(func(applicationId string) (string, error) {
return fmt.Sprintf("arn:aws:mobiletargeting:*:%v:apps/%v*", current.AccountId, applicationId), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
_, err = iam.NewRolePolicy(ctx, "test", &iam.RolePolicyArgs{
Name: pulumi.String("role_policy"),
Role: testRole.ID(),
Policy: test.ApplyT(func(test iam.GetPolicyDocumentResult) (*string, error) {
return &test.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.pinpoint.App;
import com.pulumi.aws.pinpoint.AppArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import com.pulumi.aws.cognito.inputs.UserPoolClientAnalyticsConfigurationArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testUserPool = new UserPool("testUserPool", UserPoolArgs.builder()
.name("pool")
.build());
var testApp = new App("testApp", AppArgs.builder()
.name("pinpoint")
.build());
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("cognito-idp.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var testRole = new Role("testRole", RoleArgs.builder()
.name("role")
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var testUserPoolClient = new UserPoolClient("testUserPoolClient", UserPoolClientArgs.builder()
.name("pool_client")
.userPoolId(testUserPool.id())
.analyticsConfiguration(UserPoolClientAnalyticsConfigurationArgs.builder()
.applicationId(testApp.applicationId())
.externalId("some_id")
.roleArn(testRole.arn())
.userDataShared(true)
.build())
.build());
final var current = AwsFunctions.getCallerIdentity();
final var test = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions(
"mobiletargeting:UpdateEndpoint",
"mobiletargeting:PutEvents")
.resources(testApp.applicationId().applyValue(applicationId -> String.format("arn:aws:mobiletargeting:*:%s:apps/%s*", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),applicationId)))
.build())
.build());
var testRolePolicy = new RolePolicy("testRolePolicy", RolePolicyArgs.builder()
.name("role_policy")
.role(testRole.id())
.policy(test.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(test -> test.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
resources:
testUserPoolClient:
type: aws:cognito:UserPoolClient
name: test
properties:
name: pool_client
userPoolId: ${testUserPool.id}
analyticsConfiguration:
applicationId: ${testApp.applicationId}
externalId: some_id
roleArn: ${testRole.arn}
userDataShared: true
testUserPool:
type: aws:cognito:UserPool
name: test
properties:
name: pool
testApp:
type: aws:pinpoint:App
name: test
properties:
name: pinpoint
testRole:
type: aws:iam:Role
name: test
properties:
name: role
assumeRolePolicy: ${assumeRole.json}
testRolePolicy:
type: aws:iam:RolePolicy
name: test
properties:
name: role_policy
role: ${testRole.id}
policy: ${test.json}
variables:
current:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- cognito-idp.amazonaws.com
actions:
- sts:AssumeRole
test:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- mobiletargeting:UpdateEndpoint
- mobiletargeting:PutEvents
resources:
- arn:aws:mobiletargeting:*:${current.accountId}:apps/${testApp.applicationId}*Content copied to clipboard
Create a user pool client with Cognito as the identity provider
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const pool = new aws.cognito.UserPool("pool", {name: "pool"});
const userpoolClient = new aws.cognito.UserPoolClient("userpool_client", {
name: "client",
userPoolId: pool.id,
callbackUrls: ["https://example.com"],
allowedOauthFlowsUserPoolClient: true,
allowedOauthFlows: [
"code",
"implicit",
],
allowedOauthScopes: [
"email",
"openid",
],
supportedIdentityProviders: ["COGNITO"],
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
pool = aws.cognito.UserPool("pool", name="pool")
userpool_client = aws.cognito.UserPoolClient("userpool_client",
name="client",
user_pool_id=pool.id,
callback_urls=["https://example.com"],
allowed_oauth_flows_user_pool_client=True,
allowed_oauth_flows=[
"code",
"implicit",
],
allowed_oauth_scopes=[
"email",
"openid",
],
supported_identity_providers=["COGNITO"])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var pool = new Aws.Cognito.UserPool("pool", new()
{
Name = "pool",
});
var userpoolClient = new Aws.Cognito.UserPoolClient("userpool_client", new()
{
Name = "client",
UserPoolId = pool.Id,
CallbackUrls = new[]
{
"https://example.com",
},
AllowedOauthFlowsUserPoolClient = true,
AllowedOauthFlows = new[]
{
"code",
"implicit",
},
AllowedOauthScopes = new[]
{
"email",
"openid",
},
SupportedIdentityProviders = new[]
{
"COGNITO",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
pool, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
Name: pulumi.String("pool"),
})
if err != nil {
return err
}
_, err = cognito.NewUserPoolClient(ctx, "userpool_client", &cognito.UserPoolClientArgs{
Name: pulumi.String("client"),
UserPoolId: pool.ID(),
CallbackUrls: pulumi.StringArray{
pulumi.String("https://example.com"),
},
AllowedOauthFlowsUserPoolClient: pulumi.Bool(true),
AllowedOauthFlows: pulumi.StringArray{
pulumi.String("code"),
pulumi.String("implicit"),
},
AllowedOauthScopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("openid"),
},
SupportedIdentityProviders: pulumi.StringArray{
pulumi.String("COGNITO"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new UserPool("pool", UserPoolArgs.builder()
.name("pool")
.build());
var userpoolClient = new UserPoolClient("userpoolClient", UserPoolClientArgs.builder()
.name("client")
.userPoolId(pool.id())
.callbackUrls("https://example.com")
.allowedOauthFlowsUserPoolClient(true)
.allowedOauthFlows(
"code",
"implicit")
.allowedOauthScopes(
"email",
"openid")
.supportedIdentityProviders("COGNITO")
.build());
}
}Content copied to clipboard
resources:
userpoolClient:
type: aws:cognito:UserPoolClient
name: userpool_client
properties:
name: client
userPoolId: ${pool.id}
callbackUrls:
- https://example.com
allowedOauthFlowsUserPoolClient: true
allowedOauthFlows:
- code
- implicit
allowedOauthScopes:
- email
- openid
supportedIdentityProviders:
- COGNITO
pool:
type: aws:cognito:UserPool
properties:
name: poolContent copied to clipboard
Import
Using pulumi import, import Cognito User Pool Clients using the id of the Cognito User Pool, and the id of the Cognito User Pool Client. For example:
$ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpkoContent copied to clipboard
Properties
Link copied to clipboard
Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.