Edit This Page

Module cognito

@pulumi/aws > cognito

Index ▾

cognito/getUserPools.ts cognito/identityPool.ts cognito/identityPoolRoleAttachment.ts cognito/identityProvider.ts cognito/resourceServer.ts cognito/userGroup.ts cognito/userPool.ts cognito/userPoolClient.ts cognito/userPoolDomain.ts

class IdentityPool 

extends CustomResource

Provides an AWS Cognito Identity Pool.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const defaultSamlProvider = new aws.iam.SamlProvider("default", {
    samlMetadataDocument: fs.readFileSync("saml-metadata.xml", "utf-8"),
});
const main = new aws.cognito.IdentityPool("main", {
    allowUnauthenticatedIdentities: false,
    cognitoIdentityProviders: [
        {
            clientId: "6lhlkkfbfb4q5kpp90urffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
            serverSideTokenCheck: false,
        },
        {
            clientId: "7kodkvfqfb4qfkp39eurffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
            serverSideTokenCheck: false,
        },
    ],
    identityPoolName: "identity pool",
    openidConnectProviderArns: ["arn:aws:iam::123456789012:oidc-provider/foo.example.com"],
    samlProviderArns: [defaultSamlProvider.arn],
    supportedLoginProviders: {
        "accounts.google.com": "123456789012.apps.googleusercontent.com",
        "graph.facebook.com": "7346241598935552",
    },
});

constructor 

new IdentityPool(name: string, args: IdentityPoolArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityPool resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityPoolState, opts?: pulumi.CustomResourceOptions): IdentityPool

Get an existing IdentityPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowUnauthenticatedIdentities 

public allowUnauthenticatedIdentities: pulumi.Output<boolean | undefined>;

Whether the identity pool supports unauthenticated logins or not.

property arn 

public arn: pulumi.Output<string>;

The ARN of the identity pool.

property cognitoIdentityProviders 

public cognitoIdentityProviders: pulumi.Output<{
    clientId: string;
    providerName: string;
    serverSideTokenCheck: boolean;
}[] | undefined>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName 

public developerProviderName: pulumi.Output<string | undefined>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityPoolName 

public identityPoolName: pulumi.Output<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns 

public openidConnectProviderArns: pulumi.Output<string[] | undefined>;

A list of OpendID Connect provider ARNs.

property samlProviderArns 

public samlProviderArns: pulumi.Output<string[] | undefined>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders 

public supportedLoginProviders: pulumi.Output<{[key: string]: string} | undefined>;

Key-Value pairs mapping provider names to provider app IDs.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IdentityPoolRoleAttachment 

extends CustomResource

Provides an AWS Cognito Identity Pool Roles Attachment.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainIdentityPool = new aws.cognito.IdentityPool("main", {
    allowUnauthenticatedIdentities: false,
    identityPoolName: "identity pool",
    supportedLoginProviders: {
        "graph.facebook.com": "7346241598935555",
    },
});
const authenticatedRole = new aws.iam.Role("authenticated", {
    assumeRolePolicy: mainIdentityPool.id.apply(id => `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "${id}"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}
`),
});
const mainIdentityPoolRoleAttachment = new aws.cognito.IdentityPoolRoleAttachment("main", {
    identityPoolId: mainIdentityPool.id,
    roleMappings: [{
        ambiguousRoleResolution: "AuthenticatedRole",
        identityProvider: "graph.facebook.com",
        mappingRules: [{
            claim: "isAdmin",
            matchType: "Equals",
            roleArn: authenticatedRole.arn,
            value: "paid",
        }],
        type: "Rules",
    }],
    roles: {
        authenticated: authenticatedRole.arn,
    },
});
const authenticatedRolePolicy = new aws.iam.RolePolicy("authenticated", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "mobileanalytics:PutEvents",
        "cognito-sync:*",
        "cognito-identity:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
`,
    role: authenticatedRole.id,
});

constructor 

new IdentityPoolRoleAttachment(name: string, args: IdentityPoolRoleAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityPoolRoleAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityPoolRoleAttachmentState, opts?: pulumi.CustomResourceOptions): IdentityPoolRoleAttachment

Get an existing IdentityPoolRoleAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityPoolId 

public identityPoolId: pulumi.Output<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings 

public roleMappings: pulumi.Output<{
    ambiguousRoleResolution: string;
    identityProvider: string;
    mappingRules: {
        claim: string;
        matchType: string;
        roleArn: string;
        value: string;
    }[];
    type: string;
}[] | undefined>;

A List of Role Mapping.

property roles 

public roles: pulumi.Output<{
    authenticated: string;
    unauthenticated: string;
}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class IdentityProvider 

extends CustomResource

Provides a Cognito User Identity Provider resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {
    autoVerifiedAttributes: ["email"],
});
const exampleProvider = new aws.cognito.IdentityProvider("example_provider", {
    attributeMapping: {
        email: "email",
        username: "sub",
    },
    providerDetails: {
        authorize_scopes: "email",
        client_id: "your client_id",
        client_secret: "your client_secret",
    },
    providerName: "Google",
    providerType: "Google",
    userPoolId: example.id,
});

constructor 

new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityProviderState, opts?: pulumi.CustomResourceOptions): IdentityProvider

Get an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributeMapping 

public attributeMapping: pulumi.Output<{[key: string]: any} | undefined>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property idpIdentifiers 

public idpIdentifiers: pulumi.Output<string[] | undefined>;

The list of identity providers.

property providerDetails 

public providerDetails: pulumi.Output<{[key: string]: any}>;

The map of identity details, such as access token

property providerName 

public providerName: pulumi.Output<string>;

The provider name

property providerType 

public providerType: pulumi.Output<string>;

The provider type. See AWS API for valid values

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId 

public userPoolId: pulumi.Output<string>;

The user pool id

class ResourceServer 

extends CustomResource

Provides a Cognito Resource Server.

Example Usage

Create a basic resource server

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const resource = new aws.cognito.ResourceServer("resource", {
    identifier: "https://example.com",
    userPoolId: pool.id,
});

Create a resource server with sample-scope

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const resource = new aws.cognito.ResourceServer("resource", {
    identifier: "https://example.com",
    scopes: [{
        scopeDescription: "a Sample Scope Description",
        scopeName: "sample-scope",
    }],
    userPoolId: pool.id,
});

constructor 

new ResourceServer(name: string, args: ResourceServerArgs, opts?: pulumi.CustomResourceOptions)

Create a ResourceServer resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ResourceServerState, opts?: pulumi.CustomResourceOptions): ResourceServer

Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identifier 

public identifier: pulumi.Output<string>;

An identifier for the resource server.

property name 

public name: pulumi.Output<string>;

A name for the resource server.

property scopeIdentifiers 

public scopeIdentifiers: pulumi.Output<string[]>;

A list of all scopes configured for this resource server in the format identifier/scope_name.

property scopes 

public scopes: pulumi.Output<{
    scopeDescription: string;
    scopeName: string;
}[] | undefined>;

A list of Authorization Scope.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId 

public userPoolId: pulumi.Output<string>;

class UserGroup 

extends CustomResource

Provides a Cognito User Group resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainUserPool = new aws.cognito.UserPool("main", {});
const groupRole = new aws.iam.Role("group_role", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:12345678-dead-beef-cafe-123456790ab"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}
`,
});
const mainUserGroup = new aws.cognito.UserGroup("main", {
    description: "Managed by Terraform",
    precedence: 42,
    roleArn: groupRole.arn,
    userPoolId: mainUserPool.id,
});

constructor 

new UserGroup(name: string, args: UserGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a UserGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupState, opts?: pulumi.CustomResourceOptions): UserGroup

Get an existing UserGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description 

public description: pulumi.Output<string | undefined>;

The description of the user group.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name 

public name: pulumi.Output<string>;

The name of the user group.

property precedence 

public precedence: pulumi.Output<number | undefined>;

The precedence of the user group.

property roleArn 

public roleArn: pulumi.Output<string | undefined>;

The ARN of the IAM role to be associated with the user group.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId 

public userPoolId: pulumi.Output<string>;

The user pool ID.

class UserPool 

extends CustomResource

Provides a Cognito User Pool resource.

Example Usage

Basic configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});

constructor 

new UserPool(name: string, args?: UserPoolArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPool resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolState, opts?: pulumi.CustomResourceOptions): UserPool

Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminCreateUserConfig 

public adminCreateUserConfig: pulumi.Output<{
    allowAdminCreateUserOnly: boolean;
    inviteMessageTemplate: {
        emailMessage: string;
        emailSubject: string;
        smsMessage: string;
    };
    unusedAccountValidityDays: number;
}>;

The configuration for AdminCreateUser requests.

property aliasAttributes 

public aliasAttributes: pulumi.Output<string[] | undefined>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with username_attributes.

property arn 

public arn: pulumi.Output<string>;

The ARN of the user pool.

property autoVerifiedAttributes 

public autoVerifiedAttributes: pulumi.Output<string[] | undefined>;

The attributes to be auto-verified. Possible values: email, phone_number.

property creationDate 

public creationDate: pulumi.Output<string>;

The date the user pool was created.

property deviceConfiguration 

public deviceConfiguration: pulumi.Output<{
    challengeRequiredOnNewDevice: boolean;
    deviceOnlyRememberedOnUserPrompt: boolean;
} | undefined>;

The configuration for the user pool’s device tracking.

property emailConfiguration 

public emailConfiguration: pulumi.Output<{
    replyToEmailAddress: string;
    sourceArn: string;
} | undefined>;

The Email Configuration.

property emailVerificationMessage 

public emailVerificationMessage: pulumi.Output<string>;

A string representing the email verification message. Must contain the {####} placeholder. NOTE: - If email_verification_message and verification_message_template.email_message are specified and the values are different, either one is prioritized and updated.

property emailVerificationSubject 

public emailVerificationSubject: pulumi.Output<string>;

A string representing the email verification subject. NOTE: - If email_verification_subject and verification_message_template.email_subject are specified and the values are different, either one is prioritized and updated.

property endpoint 

public endpoint: pulumi.Output<string>;

The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lambdaConfig 

public lambdaConfig: pulumi.Output<{
    createAuthChallenge: string;
    customMessage: string;
    defineAuthChallenge: string;
    postAuthentication: string;
    postConfirmation: string;
    preAuthentication: string;
    preSignUp: string;
    preTokenGeneration: string;
    userMigration: string;
    verifyAuthChallengeResponse: string;
}>;

A container for the AWS Lambda triggers associated with the user pool.

property lastModifiedDate 

public lastModifiedDate: pulumi.Output<string>;

The date the user pool was last modified.

property mfaConfiguration 

public mfaConfiguration: pulumi.Output<string | undefined>;

Set to enable multi-factor authentication. Must be one of the following values (ON, OFF, OPTIONAL)

property name 

public name: pulumi.Output<string>;

The name of the attribute.

property passwordPolicy 

public passwordPolicy: pulumi.Output<{
    minimumLength: number;
    requireLowercase: boolean;
    requireNumbers: boolean;
    requireSymbols: boolean;
    requireUppercase: boolean;
}>;

A container for information about the user pool password policy.

property schemas 

public schemas: pulumi.Output<{
    attributeDataType: string;
    developerOnlyAttribute: boolean;
    mutable: boolean;
    name: string;
    numberAttributeConstraints: {
        maxValue: string;
        minValue: string;
    };
    required: boolean;
    stringAttributeConstraints: {
        maxLength: string;
        minLength: string;
    };
}[] | undefined>;

A container with the schema attributes of a user pool. Maximum of 50 attributes.

property smsAuthenticationMessage 

public smsAuthenticationMessage: pulumi.Output<string | undefined>;

A string representing the SMS authentication message.

property smsConfiguration 

public smsConfiguration: pulumi.Output<{
    externalId: string;
    snsCallerArn: string;
} | undefined>;

The SMS Configuration.

property smsVerificationMessage 

public smsVerificationMessage: pulumi.Output<string | undefined>;

A string representing the SMS verification message.

property tags 

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the User Pool.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolAddOns 

public userPoolAddOns: pulumi.Output<{
    advancedSecurityMode: string;
} | undefined>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes 

public usernameAttributes: pulumi.Output<string[] | undefined>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

property verificationMessageTemplate 

public verificationMessageTemplate: pulumi.Output<{
    defaultEmailOption: string;
    emailMessage: string;
    emailMessageByLink: string;
    emailSubject: string;
    emailSubjectByLink: string;
    smsMessage: string;
}>;

The verification message templates configuration.

class UserPoolClient 

extends CustomResource

Provides a Cognito User Pool Client resource.

Example Usage

Create a basic user pool client

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {
    userPoolId: pool.id,
});

Create a user pool client with no SRP authentication

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {
    explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
    generateSecret: true,
    userPoolId: pool.id,
});

constructor 

new UserPoolClient(name: string, args: UserPoolClientArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPoolClient resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolClientState, opts?: pulumi.CustomResourceOptions): UserPoolClient

Get an existing UserPoolClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedOauthFlows 

public allowedOauthFlows: pulumi.Output<string[] | undefined>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient 

public allowedOauthFlowsUserPoolClient: pulumi.Output<boolean | undefined>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes 

public allowedOauthScopes: pulumi.Output<string[] | undefined>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property callbackUrls 

public callbackUrls: pulumi.Output<string[] | undefined>;

List of allowed callback URLs for the identity providers.

property clientSecret 

public clientSecret: pulumi.Output<string>;

The client secret of the user pool client.

property defaultRedirectUri 

public defaultRedirectUri: pulumi.Output<string | undefined>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows 

public explicitAuthFlows: pulumi.Output<string[] | undefined>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).

property generateSecret 

public generateSecret: pulumi.Output<boolean | undefined>;

Should an application secret be generated.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logoutUrls 

public logoutUrls: pulumi.Output<string[] | undefined>;

List of allowed logout URLs for the identity providers.

property name 

public name: pulumi.Output<string>;

The name of the application client.

property readAttributes 

public readAttributes: pulumi.Output<string[] | undefined>;

List of user pool attributes the application client can read from.

property refreshTokenValidity 

public refreshTokenValidity: pulumi.Output<number | undefined>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders 

public supportedIdentityProviders: pulumi.Output<string[] | undefined>;

List of provider names for the identity providers that are supported on this client.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId 

public userPoolId: pulumi.Output<string>;

The user pool the client belongs to.

property writeAttributes 

public writeAttributes: pulumi.Output<string[] | undefined>;

List of user pool attributes the application client can write to.

class UserPoolDomain 

extends CustomResource

Provides a Cognito User Pool Domain resource.

Example Usage

Amazon Cognito domain

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {});
const main = new aws.cognito.UserPoolDomain("main", {
    domain: "example-domain",
    userPoolId: example.id,
});

Custom Cognito domain

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {});
const main = new aws.cognito.UserPoolDomain("main", {
    certificateArn: aws_acm_certificate_cert.arn,
    domain: "example-domain.example.com",
    userPoolId: example.id,
});

constructor 

new UserPoolDomain(name: string, args: UserPoolDomainArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPoolDomain resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get 

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolDomainState, opts?: pulumi.CustomResourceOptions): UserPoolDomain

Get an existing UserPoolDomain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider 

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance 

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property awsAccountId 

public awsAccountId: pulumi.Output<string>;

The AWS account ID for the user pool owner.

property certificateArn 

public certificateArn: pulumi.Output<string | undefined>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property cloudfrontDistributionArn 

public cloudfrontDistributionArn: pulumi.Output<string>;

The ARN of the CloudFront distribution.

property domain 

public domain: pulumi.Output<string>;

The domain string.

property id 

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property s3Bucket 

public s3Bucket: pulumi.Output<string>;

The S3 bucket where the static files for this domain are stored.

property urn 

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId 

public userPoolId: pulumi.Output<string>;

The user pool ID.

property version 

public version: pulumi.Output<string>;

The app version.

function getUserPools 

getUserPools(args: GetUserPoolsArgs, opts?: pulumi.InvokeOptions): Promise<GetUserPoolsResult>

Use this data source to get a list of cognito user pools.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const selectedRestApi = pulumi.output(aws.apigateway.getRestApi({
    name: var_api_gateway_name,
}));
const selectedUserPools = pulumi.output(aws.cognito.getUserPools({
    name: var_cognito_user_pool_name,
}));
const cognito = new aws.apigateway.Authorizer("cognito", {
    providerArns: selectedUserPools.apply(selectedUserPools => selectedUserPools.arns),
    restApi: selectedRestApi.apply(selectedRestApi => selectedRestApi.id),
    type: "COGNITO_USER_POOLS",
});

interface GetUserPoolsArgs

A collection of arguments for invoking getUserPools.

property name 

name: string;

Name of the cognito user pools. Name is not a unique attribute for cognito user pool, so multiple pools might be returned with given name.

interface GetUserPoolsResult

A collection of values returned by getUserPools.

property arns 

arns: string[];

property id 

id: string;

id is the provider-assigned unique ID for this managed resource.

property ids 

ids: string[];

The list of cognito user pool ids.

interface IdentityPoolArgs

The set of arguments for constructing a IdentityPool resource.

property allowUnauthenticatedIdentities 

allowUnauthenticatedIdentities?: pulumi.Input<boolean>;

Whether the identity pool supports unauthenticated logins or not.

property cognitoIdentityProviders 

cognitoIdentityProviders?: pulumi.Input<pulumi.Input<{
    clientId: pulumi.Input<string>;
    providerName: pulumi.Input<string>;
    serverSideTokenCheck: pulumi.Input<boolean>;
}>[]>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName 

developerProviderName?: pulumi.Input<string>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property identityPoolName 

identityPoolName: pulumi.Input<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns 

openidConnectProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

A list of OpendID Connect provider ARNs.

property samlProviderArns 

samlProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders 

supportedLoginProviders?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Key-Value pairs mapping provider names to provider app IDs.

interface IdentityPoolRoleAttachmentArgs

The set of arguments for constructing a IdentityPoolRoleAttachment resource.

property identityPoolId 

identityPoolId: pulumi.Input<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings 

roleMappings?: pulumi.Input<pulumi.Input<{
    ambiguousRoleResolution: pulumi.Input<string>;
    identityProvider: pulumi.Input<string>;
    mappingRules: pulumi.Input<pulumi.Input<{
        claim: pulumi.Input<string>;
        matchType: pulumi.Input<string>;
        roleArn: pulumi.Input<string>;
        value: pulumi.Input<string>;
    }>[]>;
    type: pulumi.Input<string>;
}>[]>;

A List of Role Mapping.

property roles 

roles: pulumi.Input<{
    authenticated: pulumi.Input<string>;
    unauthenticated: pulumi.Input<string>;
}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

interface IdentityPoolRoleAttachmentState

Input properties used for looking up and filtering IdentityPoolRoleAttachment resources.

property identityPoolId 

identityPoolId?: pulumi.Input<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings 

roleMappings?: pulumi.Input<pulumi.Input<{
    ambiguousRoleResolution: pulumi.Input<string>;
    identityProvider: pulumi.Input<string>;
    mappingRules: pulumi.Input<pulumi.Input<{
        claim: pulumi.Input<string>;
        matchType: pulumi.Input<string>;
        roleArn: pulumi.Input<string>;
        value: pulumi.Input<string>;
    }>[]>;
    type: pulumi.Input<string>;
}>[]>;

A List of Role Mapping.

property roles 

roles?: pulumi.Input<{
    authenticated: pulumi.Input<string>;
    unauthenticated: pulumi.Input<string>;
}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

interface IdentityPoolState

Input properties used for looking up and filtering IdentityPool resources.

property allowUnauthenticatedIdentities 

allowUnauthenticatedIdentities?: pulumi.Input<boolean>;

Whether the identity pool supports unauthenticated logins or not.

property arn 

arn?: pulumi.Input<string>;

The ARN of the identity pool.

property cognitoIdentityProviders 

cognitoIdentityProviders?: pulumi.Input<pulumi.Input<{
    clientId: pulumi.Input<string>;
    providerName: pulumi.Input<string>;
    serverSideTokenCheck: pulumi.Input<boolean>;
}>[]>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName 

developerProviderName?: pulumi.Input<string>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property identityPoolName 

identityPoolName?: pulumi.Input<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns 

openidConnectProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

A list of OpendID Connect provider ARNs.

property samlProviderArns 

samlProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders 

supportedLoginProviders?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Key-Value pairs mapping provider names to provider app IDs.

interface IdentityProviderArgs

The set of arguments for constructing a IdentityProvider resource.

property attributeMapping 

attributeMapping?: pulumi.Input<{[key: string]: any}>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property idpIdentifiers 

idpIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

The list of identity providers.

property providerDetails 

providerDetails: pulumi.Input<{[key: string]: any}>;

The map of identity details, such as access token

property providerName 

providerName: pulumi.Input<string>;

The provider name

property providerType 

providerType: pulumi.Input<string>;

The provider type. See AWS API for valid values

property userPoolId 

userPoolId: pulumi.Input<string>;

The user pool id

interface IdentityProviderState

Input properties used for looking up and filtering IdentityProvider resources.

property attributeMapping 

attributeMapping?: pulumi.Input<{[key: string]: any}>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property idpIdentifiers 

idpIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

The list of identity providers.

property providerDetails 

providerDetails?: pulumi.Input<{[key: string]: any}>;

The map of identity details, such as access token

property providerName 

providerName?: pulumi.Input<string>;

The provider name

property providerType 

providerType?: pulumi.Input<string>;

The provider type. See AWS API for valid values

property userPoolId 

userPoolId?: pulumi.Input<string>;

The user pool id

interface ResourceServerArgs

The set of arguments for constructing a ResourceServer resource.

property identifier 

identifier: pulumi.Input<string>;

An identifier for the resource server.

property name 

name?: pulumi.Input<string>;

A name for the resource server.

property scopes 

scopes?: pulumi.Input<pulumi.Input<{
    scopeDescription: pulumi.Input<string>;
    scopeName: pulumi.Input<string>;
}>[]>;

A list of Authorization Scope.

property userPoolId 

userPoolId: pulumi.Input<string>;

interface ResourceServerState

Input properties used for looking up and filtering ResourceServer resources.

property identifier 

identifier?: pulumi.Input<string>;

An identifier for the resource server.

property name 

name?: pulumi.Input<string>;

A name for the resource server.

property scopeIdentifiers 

scopeIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

A list of all scopes configured for this resource server in the format identifier/scope_name.

property scopes 

scopes?: pulumi.Input<pulumi.Input<{
    scopeDescription: pulumi.Input<string>;
    scopeName: pulumi.Input<string>;
}>[]>;

A list of Authorization Scope.

property userPoolId 

userPoolId?: pulumi.Input<string>;

interface UserGroupArgs

The set of arguments for constructing a UserGroup resource.

property description 

description?: pulumi.Input<string>;

The description of the user group.

property name 

name?: pulumi.Input<string>;

The name of the user group.

property precedence 

precedence?: pulumi.Input<number>;

The precedence of the user group.

property roleArn 

roleArn?: pulumi.Input<string>;

The ARN of the IAM role to be associated with the user group.

property userPoolId 

userPoolId: pulumi.Input<string>;

The user pool ID.

interface UserGroupState

Input properties used for looking up and filtering UserGroup resources.

property description 

description?: pulumi.Input<string>;

The description of the user group.

property name 

name?: pulumi.Input<string>;

The name of the user group.

property precedence 

precedence?: pulumi.Input<number>;

The precedence of the user group.

property roleArn 

roleArn?: pulumi.Input<string>;

The ARN of the IAM role to be associated with the user group.

property userPoolId 

userPoolId?: pulumi.Input<string>;

The user pool ID.

interface UserPoolArgs

The set of arguments for constructing a UserPool resource.

property adminCreateUserConfig 

adminCreateUserConfig?: pulumi.Input<{
    allowAdminCreateUserOnly: pulumi.Input<boolean>;
    inviteMessageTemplate: pulumi.Input<{
        emailMessage: pulumi.Input<string>;
        emailSubject: pulumi.Input<string>;
        smsMessage: pulumi.Input<string>;
    }>;
    unusedAccountValidityDays: pulumi.Input<number>;
}>;

The configuration for AdminCreateUser requests.

property aliasAttributes 

aliasAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with username_attributes.

property autoVerifiedAttributes 

autoVerifiedAttributes?: pulumi.Input<pulumi.Input<string>[]>;

The attributes to be auto-verified. Possible values: email, phone_number.

property deviceConfiguration 

deviceConfiguration?: pulumi.Input<{
    challengeRequiredOnNewDevice: pulumi.Input<boolean>;
    deviceOnlyRememberedOnUserPrompt: pulumi.Input<boolean>;
}>;

The configuration for the user pool’s device tracking.

property emailConfiguration 

emailConfiguration?: pulumi.Input<{
    replyToEmailAddress: pulumi.Input<string>;
    sourceArn: pulumi.Input<string>;
}>;

The Email Configuration.

property emailVerificationMessage 

emailVerificationMessage?: pulumi.Input<string>;

A string representing the email verification message. Must contain the {####} placeholder. NOTE: - If email_verification_message and verification_message_template.email_message are specified and the values are different, either one is prioritized and updated.

property emailVerificationSubject 

emailVerificationSubject?: pulumi.Input<string>;

A string representing the email verification subject. NOTE: - If email_verification_subject and verification_message_template.email_subject are specified and the values are different, either one is prioritized and updated.

property lambdaConfig 

lambdaConfig?: pulumi.Input<{
    createAuthChallenge: pulumi.Input<string>;
    customMessage: pulumi.Input<string>;
    defineAuthChallenge: pulumi.Input<string>;
    postAuthentication: pulumi.Input<string>;
    postConfirmation: pulumi.Input<string>;
    preAuthentication: pulumi.Input<string>;
    preSignUp: pulumi.Input<string>;
    preTokenGeneration: pulumi.Input<string>;
    userMigration: pulumi.Input<string>;
    verifyAuthChallengeResponse: pulumi.Input<string>;
}>;

A container for the AWS Lambda triggers associated with the user pool.

property mfaConfiguration 

mfaConfiguration?: pulumi.Input<string>;

Set to enable multi-factor authentication. Must be one of the following values (ON, OFF, OPTIONAL)

property name 

name?: pulumi.Input<string>;

The name of the attribute.

property passwordPolicy 

passwordPolicy?: pulumi.Input<{
    minimumLength: pulumi.Input<number>;
    requireLowercase: pulumi.Input<boolean>;
    requireNumbers: pulumi.Input<boolean>;
    requireSymbols: pulumi.Input<boolean>;
    requireUppercase: pulumi.Input<boolean>;
}>;

A container for information about the user pool password policy.

property schemas 

schemas?: pulumi.Input<pulumi.Input<{
    attributeDataType: pulumi.Input<string>;
    developerOnlyAttribute: pulumi.Input<boolean>;
    mutable: pulumi.Input<boolean>;
    name: pulumi.Input<string>;
    numberAttributeConstraints: pulumi.Input<{
        maxValue: pulumi.Input<string>;
        minValue: pulumi.Input<string>;
    }>;
    required: pulumi.Input<boolean>;
    stringAttributeConstraints: pulumi.Input<{
        maxLength: pulumi.Input<string>;
        minLength: pulumi.Input<string>;
    }>;
}>[]>;

A container with the schema attributes of a user pool. Maximum of 50 attributes.

property smsAuthenticationMessage 

smsAuthenticationMessage?: pulumi.Input<string>;

A string representing the SMS authentication message.

property smsConfiguration 

smsConfiguration?: pulumi.Input<{
    externalId: pulumi.Input<string>;
    snsCallerArn: pulumi.Input<string>;
}>;

The SMS Configuration.

property smsVerificationMessage 

smsVerificationMessage?: pulumi.Input<string>;

A string representing the SMS verification message.

property tags 

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the User Pool.

property userPoolAddOns 

userPoolAddOns?: pulumi.Input<{
    advancedSecurityMode: pulumi.Input<string>;
}>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes 

usernameAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

property verificationMessageTemplate 

verificationMessageTemplate?: pulumi.Input<{
    defaultEmailOption: pulumi.Input<string>;
    emailMessage: pulumi.Input<string>;
    emailMessageByLink: pulumi.Input<string>;
    emailSubject: pulumi.Input<string>;
    emailSubjectByLink: pulumi.Input<string>;
    smsMessage: pulumi.Input<string>;
}>;

The verification message templates configuration.

interface UserPoolClientArgs

The set of arguments for constructing a UserPoolClient resource.

property allowedOauthFlows 

allowedOauthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient 

allowedOauthFlowsUserPoolClient?: pulumi.Input<boolean>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes 

allowedOauthScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property callbackUrls 

callbackUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed callback URLs for the identity providers.

property defaultRedirectUri 

defaultRedirectUri?: pulumi.Input<string>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows 

explicitAuthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).

property generateSecret 

generateSecret?: pulumi.Input<boolean>;

Should an application secret be generated.

property logoutUrls 

logoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed logout URLs for the identity providers.

property name 

name?: pulumi.Input<string>;

The name of the application client.

property readAttributes 

readAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can read from.

property refreshTokenValidity 

refreshTokenValidity?: pulumi.Input<number>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders 

supportedIdentityProviders?: pulumi.Input<pulumi.Input<string>[]>;

List of provider names for the identity providers that are supported on this client.

property userPoolId 

userPoolId: pulumi.Input<string>;

The user pool the client belongs to.

property writeAttributes 

writeAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can write to.

interface UserPoolClientState

Input properties used for looking up and filtering UserPoolClient resources.

property allowedOauthFlows 

allowedOauthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient 

allowedOauthFlowsUserPoolClient?: pulumi.Input<boolean>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes 

allowedOauthScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property callbackUrls 

callbackUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed callback URLs for the identity providers.

property clientSecret 

clientSecret?: pulumi.Input<string>;

The client secret of the user pool client.

property defaultRedirectUri 

defaultRedirectUri?: pulumi.Input<string>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows 

explicitAuthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).

property generateSecret 

generateSecret?: pulumi.Input<boolean>;

Should an application secret be generated.

property logoutUrls 

logoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed logout URLs for the identity providers.

property name 

name?: pulumi.Input<string>;

The name of the application client.

property readAttributes 

readAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can read from.

property refreshTokenValidity 

refreshTokenValidity?: pulumi.Input<number>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders 

supportedIdentityProviders?: pulumi.Input<pulumi.Input<string>[]>;

List of provider names for the identity providers that are supported on this client.

property userPoolId 

userPoolId?: pulumi.Input<string>;

The user pool the client belongs to.

property writeAttributes 

writeAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can write to.

interface UserPoolDomainArgs

The set of arguments for constructing a UserPoolDomain resource.

property certificateArn 

certificateArn?: pulumi.Input<string>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property domain 

domain: pulumi.Input<string>;

The domain string.

property userPoolId 

userPoolId: pulumi.Input<string>;

The user pool ID.

interface UserPoolDomainState

Input properties used for looking up and filtering UserPoolDomain resources.

property awsAccountId 

awsAccountId?: pulumi.Input<string>;

The AWS account ID for the user pool owner.

property certificateArn 

certificateArn?: pulumi.Input<string>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property cloudfrontDistributionArn 

cloudfrontDistributionArn?: pulumi.Input<string>;

The ARN of the CloudFront distribution.

property domain 

domain?: pulumi.Input<string>;

The domain string.

property s3Bucket 

s3Bucket?: pulumi.Input<string>;

The S3 bucket where the static files for this domain are stored.

property userPoolId 

userPoolId?: pulumi.Input<string>;

The user pool ID.

property version 

version?: pulumi.Input<string>;

The app version.

interface UserPoolState

Input properties used for looking up and filtering UserPool resources.

property adminCreateUserConfig 

adminCreateUserConfig?: pulumi.Input<{
    allowAdminCreateUserOnly: pulumi.Input<boolean>;
    inviteMessageTemplate: pulumi.Input<{
        emailMessage: pulumi.Input<string>;
        emailSubject: pulumi.Input<string>;
        smsMessage: pulumi.Input<string>;
    }>;
    unusedAccountValidityDays: pulumi.Input<number>;
}>;

The configuration for AdminCreateUser requests.

property aliasAttributes 

aliasAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with username_attributes.

property arn 

arn?: pulumi.Input<string>;

The ARN of the user pool.

property autoVerifiedAttributes 

autoVerifiedAttributes?: pulumi.Input<pulumi.Input<string>[]>;

The attributes to be auto-verified. Possible values: email, phone_number.

property creationDate 

creationDate?: pulumi.Input<string>;

The date the user pool was created.

property deviceConfiguration 

deviceConfiguration?: pulumi.Input<{
    challengeRequiredOnNewDevice: pulumi.Input<boolean>;
    deviceOnlyRememberedOnUserPrompt: pulumi.Input<boolean>;
}>;

The configuration for the user pool’s device tracking.

property emailConfiguration 

emailConfiguration?: pulumi.Input<{
    replyToEmailAddress: pulumi.Input<string>;
    sourceArn: pulumi.Input<string>;
}>;

The Email Configuration.

property emailVerificationMessage 

emailVerificationMessage?: pulumi.Input<string>;

A string representing the email verification message. Must contain the {####} placeholder. NOTE: - If email_verification_message and verification_message_template.email_message are specified and the values are different, either one is prioritized and updated.

property emailVerificationSubject 

emailVerificationSubject?: pulumi.Input<string>;

A string representing the email verification subject. NOTE: - If email_verification_subject and verification_message_template.email_subject are specified and the values are different, either one is prioritized and updated.

property endpoint 

endpoint?: pulumi.Input<string>;

The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

property lambdaConfig 

lambdaConfig?: pulumi.Input<{
    createAuthChallenge: pulumi.Input<string>;
    customMessage: pulumi.Input<string>;
    defineAuthChallenge: pulumi.Input<string>;
    postAuthentication: pulumi.Input<string>;
    postConfirmation: pulumi.Input<string>;
    preAuthentication: pulumi.Input<string>;
    preSignUp: pulumi.Input<string>;
    preTokenGeneration: pulumi.Input<string>;
    userMigration: pulumi.Input<string>;
    verifyAuthChallengeResponse: pulumi.Input<string>;
}>;

A container for the AWS Lambda triggers associated with the user pool.

property lastModifiedDate 

lastModifiedDate?: pulumi.Input<string>;

The date the user pool was last modified.

property mfaConfiguration 

mfaConfiguration?: pulumi.Input<string>;

Set to enable multi-factor authentication. Must be one of the following values (ON, OFF, OPTIONAL)

property name 

name?: pulumi.Input<string>;

The name of the attribute.

property passwordPolicy 

passwordPolicy?: pulumi.Input<{
    minimumLength: pulumi.Input<number>;
    requireLowercase: pulumi.Input<boolean>;
    requireNumbers: pulumi.Input<boolean>;
    requireSymbols: pulumi.Input<boolean>;
    requireUppercase: pulumi.Input<boolean>;
}>;

A container for information about the user pool password policy.

property schemas 

schemas?: pulumi.Input<pulumi.Input<{
    attributeDataType: pulumi.Input<string>;
    developerOnlyAttribute: pulumi.Input<boolean>;
    mutable: pulumi.Input<boolean>;
    name: pulumi.Input<string>;
    numberAttributeConstraints: pulumi.Input<{
        maxValue: pulumi.Input<string>;
        minValue: pulumi.Input<string>;
    }>;
    required: pulumi.Input<boolean>;
    stringAttributeConstraints: pulumi.Input<{
        maxLength: pulumi.Input<string>;
        minLength: pulumi.Input<string>;
    }>;
}>[]>;

A container with the schema attributes of a user pool. Maximum of 50 attributes.

property smsAuthenticationMessage 

smsAuthenticationMessage?: pulumi.Input<string>;

A string representing the SMS authentication message.

property smsConfiguration 

smsConfiguration?: pulumi.Input<{
    externalId: pulumi.Input<string>;
    snsCallerArn: pulumi.Input<string>;
}>;

The SMS Configuration.

property smsVerificationMessage 

smsVerificationMessage?: pulumi.Input<string>;

A string representing the SMS verification message.

property tags 

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the User Pool.

property userPoolAddOns 

userPoolAddOns?: pulumi.Input<{
    advancedSecurityMode: pulumi.Input<string>;
}>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes 

usernameAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

property verificationMessageTemplate 

verificationMessageTemplate?: pulumi.Input<{
    defaultEmailOption: pulumi.Input<string>;
    emailMessage: pulumi.Input<string>;
    emailMessageByLink: pulumi.Input<string>;
    emailSubject: pulumi.Input<string>;
    emailSubjectByLink: pulumi.Input<string>;
    smsMessage: pulumi.Input<string>;
}>;

The verification message templates configuration.