aws-cdk-lib.aws_cognito.UserPoolProps

interface UserPoolProps

LanguageType name
.NETAmazon.CDK.AWS.Cognito.UserPoolProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscognito#UserPoolProps
Javasoftware.amazon.awscdk.services.cognito.UserPoolProps
Pythonaws_cdk.aws_cognito.UserPoolProps
TypeScript (source)aws-cdk-lib » aws_cognito » UserPoolProps

Props for the UserPool construct.

Example

new cognito.UserPool(this, 'myuserpool', {
  // ...
  selfSignUpEnabled: true,
  userVerification: {
    emailSubject: 'Verify your email for our awesome app!',
    emailBody: 'Thanks for signing up to our awesome app! Your verification code is {####}',
    emailStyle: cognito.VerificationEmailStyle.CODE,
    smsMessage: 'Thanks for signing up to our awesome app! Your verification code is {####}',
  },
});

Properties

NameTypeDescription
accountRecovery?AccountRecoveryHow will a user be able to recover their account?
advancedSecurityMode?AdvancedSecurityModeThe user pool's Advanced Security Mode.
autoVerify?AutoVerifiedAttrsAttributes which Cognito will look to verify automatically upon user sign up.
customAttributes?{ [string]: ICustomAttribute }Define a set of custom attributes that can be configured for each user in the user pool.
customSenderKmsKey?IKeyThis key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
deletionProtection?booleanIndicates whether the user pool should have deletion protection enabled.
deviceTracking?DeviceTrackingDevice tracking settings.
email?UserPoolEmailEmail settings for a user pool.
enableSmsRole?booleanSetting this would explicitly enable or disable SMS role creation.
keepOriginal?KeepOriginalAttrsAttributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
lambdaTriggers?UserPoolTriggersLambda functions to use for supported Cognito triggers.
mfa?MfaConfigure whether users of this user pool can or are required use MFA to sign in.
mfaMessage?stringThe SMS message template sent during MFA verification.
mfaSecondFactor?MfaSecondFactorConfigure the MFA types that users can use in this user pool.
passwordPolicy?PasswordPolicyPassword policy for this user pool.
removalPolicy?RemovalPolicyPolicy to apply when the user pool is removed from the stack.
selfSignUpEnabled?booleanWhether self sign up should be enabled.
signInAliases?SignInAliasesMethods in which a user registers or signs in to a user pool.
signInCaseSensitive?booleanWhether sign-in aliases should be evaluated with case sensitivity.
smsRole?IRoleThe IAM role that Cognito will assume while sending SMS messages.
smsRoleExternalId?stringThe 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.
snsRegion?stringThe region to integrate with SNS to send SMS messages.
standardAttributes?StandardAttributesThe set of attributes that are required for every user in the user pool.
userInvitation?UserInvitationConfigConfiguration around admins signing up users into a user pool.
userPoolName?stringName of the user pool.
userVerification?UserVerificationConfigConfiguration around users signing themselves up to the user pool.

accountRecovery?

Type: AccountRecovery (optional, default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL)

How will a user be able to recover their account?


advancedSecurityMode?

Type: AdvancedSecurityMode (optional, default: no value)

The user pool's Advanced Security Mode.


autoVerify?

Type: AutoVerifiedAttrs (optional, default: If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.)

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.


customAttributes?

Type: { [string]: ICustomAttribute } (optional, default: No custom attributes.)

Define a set of custom attributes that can be configured for each user in the user pool.


customSenderKmsKey?

Type: IKey (optional, default: no key ID configured)

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html


deletionProtection?

Type: boolean (optional, default: false)

Indicates whether the user pool should have deletion protection enabled.


deviceTracking?

Type: DeviceTracking (optional, default: see defaults on each property of DeviceTracking.)

Device tracking settings.


email?

Type: UserPoolEmail (optional, default: cognito will use the default email configuration)

Email settings for a user pool.


enableSmsRole?

Type: boolean (optional, default: CDK will determine based on other properties of the user pool if an SMS role should be created or not.)

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.


keepOriginal?

Type: KeepOriginalAttrs (optional, default: Nothing is kept.)

Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

EMAIL and PHONE are the only available options.


lambdaTriggers?

Type: UserPoolTriggers (optional, default: No Lambda triggers.)

Lambda functions to use for supported Cognito triggers.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html


mfa?

Type: Mfa (optional, default: Mfa.OFF)

Configure whether users of this user pool can or are required use MFA to sign in.


mfaMessage?

Type: string (optional, default: 'Your authentication code is {####}.')

The SMS message template sent during MFA verification.

Use '{####}' in the template where Cognito should insert the verification code.


mfaSecondFactor?

Type: MfaSecondFactor (optional, default: { sms: true, otp: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false }, otherwise)

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.


passwordPolicy?

Type: PasswordPolicy (optional, default: see defaults on each property of PasswordPolicy.)

Password policy for this user pool.


removalPolicy?

Type: RemovalPolicy (optional, default: RemovalPolicy.RETAIN)

Policy to apply when the user pool is removed from the stack.


selfSignUpEnabled?

Type: boolean (optional, default: false)

Whether self sign up should be enabled.

This can be further configured via the selfSignUp property.


signInAliases?

Type: SignInAliases (optional, default: { username: true })

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.


signInCaseSensitive?

Type: boolean (optional, default: true)

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.


smsRole?

Type: IRole (optional, default: a new IAM role is created)

The IAM role that Cognito will assume while sending SMS messages.


smsRoleExternalId?

Type: string (optional, default: No external id will be configured)

The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.


snsRegion?

Type: string (optional, default: The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time)

The region to integrate with SNS to send SMS messages.

This property will do nothing if SMS configuration is not configured


standardAttributes?

Type: StandardAttributes (optional, default: All standard attributes are optional and mutable.)

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html


userInvitation?

Type: UserInvitationConfig (optional, default: see defaults in UserInvitationConfig)

Configuration around admins signing up users into a user pool.


userPoolName?

Type: string (optional, default: automatically generated name by CloudFormation at deploy time)

Name of the user pool.


userVerification?

Type: UserVerificationConfig (optional, default: see defaults in UserVerificationConfig)

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.