Resource: aws_cognito_user_pool

Provides a Cognito User Pool resource.

Example Usage

Basic configuration

resource "aws_cognito_user_pool" "pool" {
  name = "mypool"
}

Enabling SMS and Software Token Multi-Factor Authentication

resource "aws_cognito_user_pool" "example" {
  # ... other configuration ...

  mfa_configuration          = "ON"
  sms_authentication_message = "Your code is {####}"

  sms_configuration {
    external_id    = "example"
    sns_caller_arn = aws_iam_role.example.arn
    sns_region     = "us-east-1"
  }

  software_token_mfa_configuration {
    enabled = true
  }
}

Using Account Recovery Setting

resource "aws_cognito_user_pool" "test" {
  name = "mypool"

  account_recovery_setting {
    recovery_mechanism {
      name     = "verified_email"
      priority = 1
    }

    recovery_mechanism {
      name     = "verified_phone_number"
      priority = 2
    }
  }
}

Argument Reference

The following argument is required:

The following arguments are optional:

account_recovery_setting

admin_create_user_config

invite_message_template

device_configuration

email_configuration

lambda_config

custom_email_sender

custom_sms_sender

pre_token_configuration_type

password_policy

schema

schema: Defaults for Standard Attributes

The standard attributes have the following defaults. Note that attributes which match the default values are not stored in Terraform state when importing.

resource "aws_cognito_user_pool" "example" {
  # ... other configuration ...

  schema {
    name                     = "<name>"
    attribute_data_type      = "<appropriate type>"
    developer_only_attribute = false
    mutable                  = true  # false for "sub"
    required                 = false # true for "sub"
    string_attribute_constraints {   # if it is a string
      min_length = 0                 # 10 for "birthdate"
      max_length = 2048              # 10 for "birthdate"
    }
  }
}

number_attribute_constraints

string_attribute_constraints

sms_configuration

software_token_mfa_configuration

The following arguments are required in the software_token_mfa_configuration configuration block:

user_attribute_update_settings

user_pool_add_ons

username_configuration

verification_message_template

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Cognito User Pools using the id. For example:

import {
  to = aws_cognito_user_pool.pool
  id = "us-west-2_abc123"
}

Using terraform import, import Cognito User Pools using the id. For example:

% terraform import aws_cognito_user_pool.pool us-west-2_abc123