aws-cdk-lib.aws_cognito.AccountRecovery

enum AccountRecovery

LanguageType name
.NETAmazon.CDK.AWS.Cognito.AccountRecovery
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscognito#AccountRecovery
Javasoftware.amazon.awscdk.services.cognito.AccountRecovery
Pythonaws_cdk.aws_cognito.AccountRecovery
TypeScript (source)aws-cdk-lib » aws_cognito » AccountRecovery

How will a user be able to recover their account?

When a user forgets their password, they can have a code sent to their verified email or verified phone to recover their account. You can choose the preferred way to send codes below. We recommend not allowing phone to be used for both password resets and multi-factor authentication (MFA).

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html

Example

new cognito.UserPool(this, 'UserPool', {
  // ...
  accountRecovery: cognito.AccountRecovery.EMAIL_ONLY,
})

Members

NameDescription
EMAIL_AND_PHONE_WITHOUT_MFAEmail if available, otherwise phone, but don’t allow a user to reset their password via phone if they are also using it for MFA.
PHONE_WITHOUT_MFA_AND_EMAILPhone if available, otherwise email, but don’t allow a user to reset their password via phone if they are also using it for MFA.
EMAIL_ONLYEmail only.
PHONE_ONLY_WITHOUT_MFAPhone only, but don’t allow a user to reset their password via phone if they are also using it for MFA.
PHONE_AND_EMAIL(Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.
NONENone – users will have to contact an administrator to reset their passwords.

EMAIL_AND_PHONE_WITHOUT_MFA

Email if available, otherwise phone, but don’t allow a user to reset their password via phone if they are also using it for MFA.


PHONE_WITHOUT_MFA_AND_EMAIL

Phone if available, otherwise email, but don’t allow a user to reset their password via phone if they are also using it for MFA.


EMAIL_ONLY

Email only.


PHONE_ONLY_WITHOUT_MFA

Phone only, but don’t allow a user to reset their password via phone if they are also using it for MFA.


PHONE_AND_EMAIL

(Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.


NONE

None – users will have to contact an administrator to reset their passwords.