cognito

class pulumi_aws.cognito.GetUserPoolsResult(arns=None, ids=None, id=None)

A collection of values returned by getUserPools.

ids = None

The list of cognito user pool ids.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_aws.cognito.IdentityPool(resource_name, opts=None, allow_unauthenticated_identities=None, cognito_identity_providers=None, developer_provider_name=None, identity_pool_name=None, openid_connect_provider_arns=None, saml_provider_arns=None, supported_login_providers=None, __name__=None, __opts__=None)

Provides an AWS Cognito Identity Pool.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • allow_unauthenticated_identities (pulumi.Input[bool]) – Whether the identity pool supports unauthenticated logins or not.
  • cognito_identity_providers (pulumi.Input[list]) – An array of Amazon Cognito Identity user pools and their client IDs.
  • developer_provider_name (pulumi.Input[str]) – The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.
  • identity_pool_name (pulumi.Input[str]) – The Cognito Identity Pool name.
  • openid_connect_provider_arns (pulumi.Input[list]) – A list of OpendID Connect provider ARNs.
  • saml_provider_arns (pulumi.Input[list]) – An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.
  • supported_login_providers (pulumi.Input[dict]) – Key-Value pairs mapping provider names to provider app IDs.
allow_unauthenticated_identities = None

Whether the identity pool supports unauthenticated logins or not.

arn = None

The ARN of the identity pool.

cognito_identity_providers = None

An array of Amazon Cognito Identity user pools and their client IDs.

developer_provider_name = None

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

identity_pool_name = None

The Cognito Identity Pool name.

openid_connect_provider_arns = None

A list of OpendID Connect provider ARNs.

saml_provider_arns = None

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

supported_login_providers = None

Key-Value pairs mapping provider names to provider app IDs.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.IdentityPoolRoleAttachment(resource_name, opts=None, identity_pool_id=None, role_mappings=None, roles=None, __name__=None, __opts__=None)

Provides an AWS Cognito Identity Pool Roles Attachment.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • identity_pool_id (pulumi.Input[str]) – An identity pool ID in the format REGION:GUID.
  • role_mappings (pulumi.Input[list]) – A List of Role Mapping.
  • roles (pulumi.Input[dict]) – The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.
identity_pool_id = None

An identity pool ID in the format REGION:GUID.

role_mappings = None

A List of Role Mapping.

roles = None

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.IdentityProvider(resource_name, opts=None, attribute_mapping=None, idp_identifiers=None, provider_details=None, provider_name=None, provider_type=None, user_pool_id=None, __name__=None, __opts__=None)

Provides a Cognito User Identity Provider resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • attribute_mapping (pulumi.Input[dict]) – The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation
  • idp_identifiers (pulumi.Input[list]) – The list of identity providers.
  • provider_details (pulumi.Input[dict]) – The map of identity details, such as access token
  • provider_name (pulumi.Input[str]) – The provider name
  • provider_type (pulumi.Input[str]) – The provider type. See AWS API for valid values
  • user_pool_id (pulumi.Input[str]) – The user pool id
attribute_mapping = None

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

idp_identifiers = None

The list of identity providers.

provider_details = None

The map of identity details, such as access token

provider_name = None

The provider name

provider_type = None

The provider type. See AWS API for valid values

user_pool_id = None

The user pool id

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.ResourceServer(resource_name, opts=None, identifier=None, name=None, scopes=None, user_pool_id=None, __name__=None, __opts__=None)

Provides a Cognito Resource Server.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • identifier (pulumi.Input[str]) – An identifier for the resource server.
  • name (pulumi.Input[str]) – A name for the resource server.
  • scopes (pulumi.Input[list]) – A list of Authorization Scope.

:param pulumi.Input[str] user_pool_id

identifier = None

An identifier for the resource server.

name = None

A name for the resource server.

scopes = None

A list of Authorization Scope.

scope_identifiers = None

A list of all scopes configured for this resource server in the format identifier/scope_name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.UserGroup(resource_name, opts=None, description=None, name=None, precedence=None, role_arn=None, user_pool_id=None, __name__=None, __opts__=None)

Provides a Cognito User Group resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – The description of the user group.
  • name (pulumi.Input[str]) – The name of the user group.
  • precedence (pulumi.Input[int]) – The precedence of the user group.
  • role_arn (pulumi.Input[str]) – The ARN of the IAM role to be associated with the user group.
  • user_pool_id (pulumi.Input[str]) – The user pool ID.
description = None

The description of the user group.

name = None

The name of the user group.

precedence = None

The precedence of the user group.

role_arn = None

The ARN of the IAM role to be associated with the user group.

user_pool_id = None

The user pool ID.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.UserPool(resource_name, opts=None, admin_create_user_config=None, alias_attributes=None, auto_verified_attributes=None, device_configuration=None, email_configuration=None, email_verification_message=None, email_verification_subject=None, lambda_config=None, mfa_configuration=None, name=None, password_policy=None, schemas=None, sms_authentication_message=None, sms_configuration=None, sms_verification_message=None, tags=None, username_attributes=None, verification_message_template=None, __name__=None, __opts__=None)

Provides a Cognito User Pool resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • admin_create_user_config (pulumi.Input[dict]) – The configuration for AdminCreateUser requests.
  • alias_attributes (pulumi.Input[list]) – Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with username_attributes.
  • auto_verified_attributes (pulumi.Input[list]) – The attributes to be auto-verified. Possible values: email, phone_number.
  • device_configuration (pulumi.Input[dict]) – The configuration for the user pool’s device tracking.
  • email_configuration (pulumi.Input[dict]) – The Email Configuration.
  • email_verification_message (pulumi.Input[str]) – A string representing the email verification message. Must contain the {####} placeholder. NOTE: - If email_verification_message and verification_message_template.email_message are specified and the values are different, either one is prioritized and updated.
  • email_verification_subject (pulumi.Input[str]) – A string representing the email verification subject. NOTE: - If email_verification_subject and verification_message_template.email_subject are specified and the values are different, either one is prioritized and updated.
  • lambda_config (pulumi.Input[dict]) – A container for the AWS Lambda triggers associated with the user pool.
  • mfa_configuration (pulumi.Input[str]) – Set to enable multi-factor authentication. Must be one of the following values (ON, OFF, OPTIONAL)
  • name (pulumi.Input[str]) – The name of the attribute.
  • password_policy (pulumi.Input[dict]) – A container for information about the user pool password policy.
  • schemas (pulumi.Input[list]) – A container with the schema attributes of a user pool. Maximum of 50 attributes.
  • sms_authentication_message (pulumi.Input[str]) – A string representing the SMS authentication message.
  • sms_configuration (pulumi.Input[dict]) – The SMS Configuration.
  • sms_verification_message (pulumi.Input[str]) – A string representing the SMS verification message.
  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the User Pool.
  • username_attributes (pulumi.Input[list]) – Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.
  • verification_message_template (pulumi.Input[dict]) – The verification message templates configuration.
admin_create_user_config = None

The configuration for AdminCreateUser requests.

alias_attributes = None

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with username_attributes.

arn = None

The ARN of the user pool.

auto_verified_attributes = None

The attributes to be auto-verified. Possible values: email, phone_number.

creation_date = None

The date the user pool was created.

device_configuration = None

The configuration for the user pool’s device tracking.

email_configuration = None

The Email Configuration.

email_verification_message = None

A string representing the email verification message. Must contain the {####} placeholder. NOTE: - If email_verification_message and verification_message_template.email_message are specified and the values are different, either one is prioritized and updated.

email_verification_subject = None

A string representing the email verification subject. NOTE: - If email_verification_subject and verification_message_template.email_subject are specified and the values are different, either one is prioritized and updated.

endpoint = None

The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

lambda_config = None

A container for the AWS Lambda triggers associated with the user pool.

last_modified_date = None

The date the user pool was last modified.

mfa_configuration = None

Set to enable multi-factor authentication. Must be one of the following values (ON, OFF, OPTIONAL)

name = None

The name of the attribute.

password_policy = None

A container for information about the user pool password policy.

schemas = None

A container with the schema attributes of a user pool. Maximum of 50 attributes.

sms_authentication_message = None

A string representing the SMS authentication message.

sms_configuration = None

The SMS Configuration.

sms_verification_message = None

A string representing the SMS verification message.

tags = None

A mapping of tags to assign to the User Pool.

username_attributes = None

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes.

verification_message_template = None

The verification message templates configuration.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.UserPoolClient(resource_name, opts=None, allowed_oauth_flows=None, allowed_oauth_flows_user_pool_client=None, allowed_oauth_scopes=None, callback_urls=None, default_redirect_uri=None, explicit_auth_flows=None, generate_secret=None, logout_urls=None, name=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_id=None, write_attributes=None, __name__=None, __opts__=None)

Provides a Cognito User Pool Client resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • allowed_oauth_flows (pulumi.Input[list]) – List of allowed OAuth flows (code, implicit, client_credentials).
  • allowed_oauth_flows_user_pool_client (pulumi.Input[bool]) – Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.
  • allowed_oauth_scopes (pulumi.Input[list]) – List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).
  • callback_urls (pulumi.Input[list]) – List of allowed callback URLs for the identity providers.
  • default_redirect_uri (pulumi.Input[str]) – The default redirect URI. Must be in the list of callback URLs.
  • explicit_auth_flows (pulumi.Input[list]) – List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).
  • generate_secret (pulumi.Input[bool]) – Should an application secret be generated. AWS JavaScript SDK requires this to be false.
  • logout_urls (pulumi.Input[list]) – List of allowed logout URLs for the identity providers.
  • name (pulumi.Input[str]) – The name of the application client.
  • read_attributes (pulumi.Input[list]) – List of user pool attributes the application client can read from.
  • refresh_token_validity (pulumi.Input[int]) – The time limit in days refresh tokens are valid for.
  • supported_identity_providers (pulumi.Input[list]) – List of provider names for the identity providers that are supported on this client.
  • user_pool_id (pulumi.Input[str]) – The user pool the client belongs to.
  • write_attributes (pulumi.Input[list]) – List of user pool attributes the application client can write to.
allowed_oauth_flows = None

List of allowed OAuth flows (code, implicit, client_credentials).

allowed_oauth_flows_user_pool_client = None

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

allowed_oauth_scopes = None

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

callback_urls = None

List of allowed callback URLs for the identity providers.

client_secret = None

The client secret of the user pool client.

default_redirect_uri = None

The default redirect URI. Must be in the list of callback URLs.

explicit_auth_flows = None

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).

generate_secret = None

Should an application secret be generated. AWS JavaScript SDK requires this to be false.

logout_urls = None

List of allowed logout URLs for the identity providers.

name = None

The name of the application client.

read_attributes = None

List of user pool attributes the application client can read from.

refresh_token_validity = None

The time limit in days refresh tokens are valid for.

supported_identity_providers = None

List of provider names for the identity providers that are supported on this client.

user_pool_id = None

The user pool the client belongs to.

write_attributes = None

List of user pool attributes the application client can write to.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.cognito.UserPoolDomain(resource_name, opts=None, certificate_arn=None, domain=None, user_pool_id=None, __name__=None, __opts__=None)

Provides a Cognito User Pool Domain resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • certificate_arn (pulumi.Input[str]) – The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.
  • domain (pulumi.Input[str]) – The domain string.
  • user_pool_id (pulumi.Input[str]) – The user pool ID.
aws_account_id = None

The AWS account ID for the user pool owner.

certificate_arn = None

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

cloudfront_distribution_arn = None

The ARN of the CloudFront distribution.

domain = None

The domain string.

s3_bucket = None

The S3 bucket where the static files for this domain are stored.

user_pool_id = None

The user pool ID.

version = None

The app version.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_aws.cognito.get_user_pools(name=None)

Use this data source to get a list of cognito user pools.