User
Provides a Cognito User Pool resource.
Example Usage
Basic configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const pool = new aws.cognito.UserPool("pool", {name: "mypool"});import pulumi
import pulumi_aws as aws
pool = aws.cognito.UserPool("pool", name="mypool")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var pool = new Aws.Cognito.UserPool("pool", new()
{
Name = "mypool",
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "pool", &cognito.UserPoolArgs{
Name: pulumi.String("mypool"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pool = new UserPool("pool", UserPoolArgs.builder()
.name("mypool")
.build());
}
}resources:
pool:
type: aws:cognito:UserPool
properties:
name: mypoolEnabling SMS and Software Token Multi-Factor Authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.cognito.UserPool("example", {
mfaConfiguration: "ON",
smsAuthenticationMessage: "Your code is {####}",
smsConfiguration: {
externalId: "example",
snsCallerArn: exampleAwsIamRole.arn,
snsRegion: "us-east-1",
},
softwareTokenMfaConfiguration: {
enabled: true,
},
});import pulumi
import pulumi_aws as aws
example = aws.cognito.UserPool("example",
mfa_configuration="ON",
sms_authentication_message="Your code is {####}",
sms_configuration={
"external_id": "example",
"sns_caller_arn": example_aws_iam_role["arn"],
"sns_region": "us-east-1",
},
software_token_mfa_configuration={
"enabled": True,
})using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Cognito.UserPool("example", new()
{
MfaConfiguration = "ON",
SmsAuthenticationMessage = "Your code is {####}",
SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs
{
ExternalId = "example",
SnsCallerArn = exampleAwsIamRole.Arn,
SnsRegion = "us-east-1",
},
SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs
{
Enabled = true,
},
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
MfaConfiguration: pulumi.String("ON"),
SmsAuthenticationMessage: pulumi.String("Your code is {####}"),
SmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{
ExternalId: pulumi.String("example"),
SnsCallerArn: pulumi.Any(exampleAwsIamRole.Arn),
SnsRegion: pulumi.String("us-east-1"),
},
SoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{
Enabled: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new UserPool("example", UserPoolArgs.builder()
.mfaConfiguration("ON")
.smsAuthenticationMessage("Your code is {####}")
.smsConfiguration(UserPoolSmsConfigurationArgs.builder()
.externalId("example")
.snsCallerArn(exampleAwsIamRole.arn())
.snsRegion("us-east-1")
.build())
.softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()
.enabled(true)
.build())
.build());
}
}resources:
example:
type: aws:cognito:UserPool
properties:
mfaConfiguration: ON
smsAuthenticationMessage: Your code is {####}
smsConfiguration:
externalId: example
snsCallerArn: ${exampleAwsIamRole.arn}
snsRegion: us-east-1
softwareTokenMfaConfiguration:
enabled: trueUsing Account Recovery Setting
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.cognito.UserPool("test", {
name: "mypool",
accountRecoverySetting: {
recoveryMechanisms: [
{
name: "verified_email",
priority: 1,
},
{
name: "verified_phone_number",
priority: 2,
},
],
},
});import pulumi
import pulumi_aws as aws
test = aws.cognito.UserPool("test",
name="mypool",
account_recovery_setting={
"recovery_mechanisms": [
{
"name": "verified_email",
"priority": 1,
},
{
"name": "verified_phone_number",
"priority": 2,
},
],
})using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.Cognito.UserPool("test", new()
{
Name = "mypool",
AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs
{
RecoveryMechanisms = new[]
{
new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
{
Name = "verified_email",
Priority = 1,
},
new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs
{
Name = "verified_phone_number",
Priority = 2,
},
},
},
});
});package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cognito.NewUserPool(ctx, "test", &cognito.UserPoolArgs{
Name: pulumi.String("mypool"),
AccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{
RecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{
&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
Name: pulumi.String("verified_email"),
Priority: pulumi.Int(1),
},
&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{
Name: pulumi.String("verified_phone_number"),
Priority: pulumi.Int(2),
},
},
},
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new UserPool("test", UserPoolArgs.builder()
.name("mypool")
.accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()
.recoveryMechanisms(
UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
.name("verified_email")
.priority(1)
.build(),
UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()
.name("verified_phone_number")
.priority(2)
.build())
.build())
.build());
}
}resources:
test:
type: aws:cognito:UserPool
properties:
name: mypool
accountRecoverySetting:
recoveryMechanisms:
- name: verified_email
priority: 1
- name: verified_phone_number
priority: 2Import
Using pulumi import, import Cognito User Pools using the id. For example:
$ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123Constructors
Properties
Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.
Configuration block for creating a new user profile. Detailed below.
Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes.
Attributes to be auto-verified. Valid values: email, phone_number.
When active, DeletionProtection prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. Valid values are ACTIVE and INACTIVE, Default value is INACTIVE.
Configuration block for the user pool's device tracking. Detailed below.
Configuration block for configuring email. Detailed below.
Configuration block for configuring email Multi-Factor Authentication (MFA); requires at least 2 account_recovery_setting entries; requires an email_configuration configuration block. Detailed below.
String representing the email verification message. Conflicts with verification_message_template configuration block email_message argument.
String representing the email verification subject. Conflicts with verification_message_template configuration block email_subject argument.
Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.
Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF (MFA Tokens are not required), ON (MFA is required for all users to sign in; requires at least one of sms_configuration or software_token_mfa_configuration to be configured), or OPTIONAL (MFA Will be required only for individual users who have MFA Enabled; requires at least one of sms_configuration or software_token_mfa_configuration to be configured).
Configuration block for information about the user pool password policy. Detailed below.
Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.
Configuration block for information about the user pool sign in policy. Detailed below.
String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code.
Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the taint command.
String representing the SMS verification message. Conflicts with verification_message_template configuration block sms_message argument.
Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.
Configuration block for user attribute update settings. Detailed below.
Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
Configuration block for username configuration. Detailed below.
Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.
The user pool feature plan, or tier. Valid values: LITE, ESSENTIALS, PLUS.
Configuration block for verification message templates. Detailed below.
Configuration block for web authn configuration. Detailed below.