1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. cognito

Module cognito

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource IdentityPool

class IdentityPool extends CustomResource

Provides an AWS Cognito Identity Pool.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";

const defaultSamlProvider = new aws.iam.SamlProvider("default", {
    samlMetadataDocument: fs.readFileSync("saml-metadata.xml", "utf-8"),
});
const main = new aws.cognito.IdentityPool("main", {
    allowUnauthenticatedIdentities: false,
    cognitoIdentityProviders: [
        {
            clientId: "6lhlkkfbfb4q5kpp90urffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
            serverSideTokenCheck: false,
        },
        {
            clientId: "7kodkvfqfb4qfkp39eurffae",
            providerName: "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
            serverSideTokenCheck: false,
        },
    ],
    identityPoolName: "identity pool",
    openidConnectProviderArns: ["arn:aws:iam::123456789012:oidc-provider/foo.example.com"],
    samlProviderArns: [defaultSamlProvider.arn],
    supportedLoginProviders: {
        "accounts.google.com": "123456789012.apps.googleusercontent.com",
        "graph.facebook.com": "7346241598935552",
    },
});

constructor

new IdentityPool(name: string, args: IdentityPoolArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityPool resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityPoolState, opts?: pulumi.CustomResourceOptions): IdentityPool

Get an existing IdentityPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IdentityPool

Returns true if the given object is an instance of IdentityPool. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowUnauthenticatedIdentities

public allowUnauthenticatedIdentities: pulumi.Output<boolean | undefined>;

Whether the identity pool supports unauthenticated logins or not.

property arn

public arn: pulumi.Output<string>;

The ARN of the identity pool.

property cognitoIdentityProviders

public cognitoIdentityProviders: pulumi.Output<IdentityPoolCognitoIdentityProvider[] | undefined>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName

public developerProviderName: pulumi.Output<string | undefined>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityPoolName

public identityPoolName: pulumi.Output<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns

public openidConnectProviderArns: pulumi.Output<string[] | undefined>;

A list of OpendID Connect provider ARNs.

property samlProviderArns

public samlProviderArns: pulumi.Output<string[] | undefined>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders

public supportedLoginProviders: pulumi.Output<{[key: string]: string} | undefined>;

Key-Value pairs mapping provider names to provider app IDs.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the Identity Pool.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IdentityPoolRoleAttachment

class IdentityPoolRoleAttachment extends CustomResource

Provides an AWS Cognito Identity Pool Roles Attachment.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainIdentityPool = new aws.cognito.IdentityPool("main", {
    allowUnauthenticatedIdentities: false,
    identityPoolName: "identity pool",
    supportedLoginProviders: {
        "graph.facebook.com": "7346241598935555",
    },
});
const authenticatedRole = new aws.iam.Role("authenticated", {
    assumeRolePolicy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "${mainIdentityPool.id}"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}
`,
});
const authenticatedRolePolicy = new aws.iam.RolePolicy("authenticated", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "mobileanalytics:PutEvents",
        "cognito-sync:*",
        "cognito-identity:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
`,
    role: authenticatedRole.id,
});
const mainIdentityPoolRoleAttachment = new aws.cognito.IdentityPoolRoleAttachment("main", {
    identityPoolId: mainIdentityPool.id,
    roleMappings: [{
        ambiguousRoleResolution: "AuthenticatedRole",
        identityProvider: "graph.facebook.com",
        mappingRules: [{
            claim: "isAdmin",
            matchType: "Equals",
            roleArn: authenticatedRole.arn,
            value: "paid",
        }],
        type: "Rules",
    }],
    roles: {
        authenticated: authenticatedRole.arn,
    },
});

constructor

new IdentityPoolRoleAttachment(name: string, args: IdentityPoolRoleAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityPoolRoleAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityPoolRoleAttachmentState, opts?: pulumi.CustomResourceOptions): IdentityPoolRoleAttachment

Get an existing IdentityPoolRoleAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IdentityPoolRoleAttachment

Returns true if the given object is an instance of IdentityPoolRoleAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityPoolId

public identityPoolId: pulumi.Output<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings

public roleMappings: pulumi.Output<IdentityPoolRoleAttachmentRoleMapping[] | undefined>;

A List of Role Mapping.

property roles

public roles: pulumi.Output<{[key: string]: string}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource IdentityProvider

class IdentityProvider extends CustomResource

Provides a Cognito User Identity Provider resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {
    autoVerifiedAttributes: ["email"],
});
const exampleProvider = new aws.cognito.IdentityProvider("example_provider", {
    attributeMapping: {
        email: "email",
        username: "sub",
    },
    providerDetails: {
        authorize_scopes: "email",
        client_id: "your client_id",
        client_secret: "your client_secret",
    },
    providerName: "Google",
    providerType: "Google",
    userPoolId: example.id,
});

constructor

new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityProviderState, opts?: pulumi.CustomResourceOptions): IdentityProvider

Get an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IdentityProvider

Returns true if the given object is an instance of IdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributeMapping

public attributeMapping: pulumi.Output<{[key: string]: string}>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property idpIdentifiers

public idpIdentifiers: pulumi.Output<string[] | undefined>;

The list of identity providers.

property providerDetails

public providerDetails: pulumi.Output<{[key: string]: any}>;

The map of identity details, such as access token

property providerName

public providerName: pulumi.Output<string>;

The provider name

property providerType

public providerType: pulumi.Output<string>;

The provider type. See AWS API for valid values

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId

public userPoolId: pulumi.Output<string>;

The user pool id

Resource ResourceServer

class ResourceServer extends CustomResource

Provides a Cognito Resource Server.

Example Usage

Create a basic resource server
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const resource = new aws.cognito.ResourceServer("resource", {
    identifier: "https://example.com",
    userPoolId: pool.id,
});
Create a resource server with sample-scope
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const resource = new aws.cognito.ResourceServer("resource", {
    identifier: "https://example.com",
    scopes: [{
        scopeDescription: "a Sample Scope Description",
        scopeName: "sample-scope",
    }],
    userPoolId: pool.id,
});

constructor

new ResourceServer(name: string, args: ResourceServerArgs, opts?: pulumi.CustomResourceOptions)

Create a ResourceServer resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ResourceServerState, opts?: pulumi.CustomResourceOptions): ResourceServer

Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ResourceServer

Returns true if the given object is an instance of ResourceServer. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identifier

public identifier: pulumi.Output<string>;

An identifier for the resource server.

property name

public name: pulumi.Output<string>;

A name for the resource server.

property scopeIdentifiers

public scopeIdentifiers: pulumi.Output<string[]>;

A list of all scopes configured for this resource server in the format identifier/scope_name.

property scopes

public scopes: pulumi.Output<ResourceServerScope[] | undefined>;

A list of Authorization Scope.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId

public userPoolId: pulumi.Output<string>;

Resource UserGroup

class UserGroup extends CustomResource

Provides a Cognito User Group resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainUserPool = new aws.cognito.UserPool("main", {});
const groupRole = new aws.iam.Role("group_role", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "cognito-identity.amazonaws.com"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "cognito-identity.amazonaws.com:aud": "us-east-1:12345678-dead-beef-cafe-123456790ab"
        },
        "ForAnyValue:StringLike": {
          "cognito-identity.amazonaws.com:amr": "authenticated"
        }
      }
    }
  ]
}
`,
});
const mainUserGroup = new aws.cognito.UserGroup("main", {
    description: "Managed by Pulumi",
    precedence: 42,
    roleArn: groupRole.arn,
    userPoolId: mainUserPool.id,
});

constructor

new UserGroup(name: string, args: UserGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a UserGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupState, opts?: pulumi.CustomResourceOptions): UserGroup

Get an existing UserGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserGroup

Returns true if the given object is an instance of UserGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description of the user group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the user group.

property precedence

public precedence: pulumi.Output<number | undefined>;

The precedence of the user group.

property roleArn

public roleArn: pulumi.Output<string | undefined>;

The ARN of the IAM role to be associated with the user group.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId

public userPoolId: pulumi.Output<string>;

The user pool ID.

Resource UserPool

class UserPool extends CustomResource

Provides a Cognito User Pool resource.

Example Usage

Basic configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
Enabling SMS and Software Token Multi-Factor Authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// ... other configuration ...
const example = new aws.cognito.UserPool("example", {
    mfaConfiguration: "ON",
    smsAuthenticationMessage: "Your code is {####}",
    sms_configuration: {
        externalId: "example",
        snsCallerArn: aws_iam_role.example.arn,
    },
    software_token_mfa_configuration: {
        enabled: true,
    },
});

constructor

new UserPool(name: string, args?: UserPoolArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPool resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolState, opts?: pulumi.CustomResourceOptions): UserPool

Get an existing UserPool resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserPool

Returns true if the given object is an instance of UserPool. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property adminCreateUserConfig

public adminCreateUserConfig: pulumi.Output<UserPoolAdminCreateUserConfig>;

The configuration for AdminCreateUser requests.

property aliasAttributes

public aliasAttributes: pulumi.Output<string[] | undefined>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with usernameAttributes.

property arn

public arn: pulumi.Output<string>;

The ARN of the user pool.

property autoVerifiedAttributes

public autoVerifiedAttributes: pulumi.Output<string[] | undefined>;

The attributes to be auto-verified. Possible values: email, phone_number.

property creationDate

public creationDate: pulumi.Output<string>;

The date the user pool was created.

property deviceConfiguration

public deviceConfiguration: pulumi.Output<UserPoolDeviceConfiguration | undefined>;

The configuration for the user pool’s device tracking.

property emailConfiguration

public emailConfiguration: pulumi.Output<UserPoolEmailConfiguration | undefined>;

The Email Configuration.

property emailVerificationMessage

public emailVerificationMessage: pulumi.Output<string>;

A string representing the email verification message. Conflicts with verificationMessageTemplate configuration block emailMessage argument.

property emailVerificationSubject

public emailVerificationSubject: pulumi.Output<string>;

A string representing the email verification subject. Conflicts with verificationMessageTemplate configuration block emailSubject argument.

property endpoint

public endpoint: pulumi.Output<string>;

The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property lambdaConfig

public lambdaConfig: pulumi.Output<UserPoolLambdaConfig>;

A container for the AWS Lambda triggers associated with the user pool.

property lastModifiedDate

public lastModifiedDate: pulumi.Output<string>;

The date the user pool was last modified.

property mfaConfiguration

public mfaConfiguration: pulumi.Output<string | undefined>;

Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values:

property name

public name: pulumi.Output<string>;

The name of the attribute.

property passwordPolicy

public passwordPolicy: pulumi.Output<UserPoolPasswordPolicy>;

A container for information about the user pool password policy.

property schemas

public schemas: pulumi.Output<UserPoolSchema[] | undefined>;

A container with the schema attributes of a user pool. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Maximum of 50 attributes.

property smsAuthenticationMessage

public smsAuthenticationMessage: pulumi.Output<string | undefined>;

A string representing the SMS authentication message. The message must contain the {####} placeholder, which will be replaced with the code.

property smsConfiguration

public smsConfiguration: pulumi.Output<UserPoolSmsConfiguration>;

Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the up command and use –replace.

property smsVerificationMessage

public smsVerificationMessage: pulumi.Output<string>;

A string representing the SMS verification message. Conflicts with verificationMessageTemplate configuration block smsMessage argument.

property softwareTokenMfaConfiguration

public softwareTokenMfaConfiguration: pulumi.Output<UserPoolSoftwareTokenMfaConfiguration | undefined>;

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the User Pool.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolAddOns

public userPoolAddOns: pulumi.Output<UserPoolUserPoolAddOns | undefined>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes

public usernameAttributes: pulumi.Output<string[] | undefined>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with aliasAttributes.

property usernameConfiguration

public usernameConfiguration: pulumi.Output<UserPoolUsernameConfiguration | undefined>;

The Username Configuration.

property verificationMessageTemplate

public verificationMessageTemplate: pulumi.Output<UserPoolVerificationMessageTemplate>;

The verification message templates configuration.

Resource UserPoolClient

class UserPoolClient extends CustomResource

Provides a Cognito User Pool Client resource.

Example Usage

Create a basic user pool client
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {
    userPoolId: pool.id,
});
Create a user pool client with no SRP authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {
    explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
    generateSecret: true,
    userPoolId: pool.id,
});
Create a user pool client with pinpoint analytics
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getCallerIdentity({ async: true }));
const testUserPool = new aws.cognito.UserPool("test", {});
const testApp = new aws.pinpoint.App("test", {});
const testRole = new aws.iam.Role("test", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "cognito-idp.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const testRolePolicy = new aws.iam.RolePolicy("test", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "mobiletargeting:UpdateEndpoint",
        "mobiletargeting:PutItems"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:mobiletargeting:*:${current.accountId}:apps/${testApp.applicationId}*"
    }
  ]
}
`,
    role: testRole.id,
});
const testUserPoolClient = new aws.cognito.UserPoolClient("test", {
    analyticsConfiguration: {
        applicationId: testApp.applicationId,
        externalId: "some_id",
        roleArn: testRole.arn,
        userDataShared: true,
    },
    userPoolId: testUserPool.id,
});

constructor

new UserPoolClient(name: string, args: UserPoolClientArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPoolClient resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolClientState, opts?: pulumi.CustomResourceOptions): UserPoolClient

Get an existing UserPoolClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserPoolClient

Returns true if the given object is an instance of UserPoolClient. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedOauthFlows

public allowedOauthFlows: pulumi.Output<string[] | undefined>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient

public allowedOauthFlowsUserPoolClient: pulumi.Output<boolean | undefined>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes

public allowedOauthScopes: pulumi.Output<string[] | undefined>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property analyticsConfiguration

public analyticsConfiguration: pulumi.Output<UserPoolClientAnalyticsConfiguration | undefined>;

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

property callbackUrls

public callbackUrls: pulumi.Output<string[] | undefined>;

List of allowed callback URLs for the identity providers.

property clientSecret

public clientSecret: pulumi.Output<string>;

The client secret of the user pool client.

property defaultRedirectUri

public defaultRedirectUri: pulumi.Output<string | undefined>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows

public explicitAuthFlows: pulumi.Output<string[] | undefined>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

property generateSecret

public generateSecret: pulumi.Output<boolean | undefined>;

Should an application secret be generated.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logoutUrls

public logoutUrls: pulumi.Output<string[] | undefined>;

List of allowed logout URLs for the identity providers.

property name

public name: pulumi.Output<string>;

The name of the application client.

property preventUserExistenceErrors

public preventUserExistenceErrors: pulumi.Output<string>;

Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

property readAttributes

public readAttributes: pulumi.Output<string[] | undefined>;

List of user pool attributes the application client can read from.

property refreshTokenValidity

public refreshTokenValidity: pulumi.Output<number | undefined>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders

public supportedIdentityProviders: pulumi.Output<string[] | undefined>;

List of provider names for the identity providers that are supported on this client.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId

public userPoolId: pulumi.Output<string>;

The user pool the client belongs to.

property writeAttributes

public writeAttributes: pulumi.Output<string[] | undefined>;

List of user pool attributes the application client can write to.

Resource UserPoolDomain

class UserPoolDomain extends CustomResource

Provides a Cognito User Pool Domain resource.

Example Usage

Amazon Cognito domain
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {});
const main = new aws.cognito.UserPoolDomain("main", {
    domain: "example-domain",
    userPoolId: example.id,
});
Custom Cognito domain
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {});
const main = new aws.cognito.UserPoolDomain("main", {
    certificateArn: aws_acm_certificate_cert.arn,
    domain: "example-domain.example.com",
    userPoolId: example.id,
});

constructor

new UserPoolDomain(name: string, args: UserPoolDomainArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPoolDomain resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPoolDomainState, opts?: pulumi.CustomResourceOptions): UserPoolDomain

Get an existing UserPoolDomain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserPoolDomain

Returns true if the given object is an instance of UserPoolDomain. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property awsAccountId

public awsAccountId: pulumi.Output<string>;

The AWS account ID for the user pool owner.

property certificateArn

public certificateArn: pulumi.Output<string | undefined>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property cloudfrontDistributionArn

public cloudfrontDistributionArn: pulumi.Output<string>;

The ARN of the CloudFront distribution.

property domain

public domain: pulumi.Output<string>;

The domain string.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property s3Bucket

public s3Bucket: pulumi.Output<string>;

The S3 bucket where the static files for this domain are stored.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userPoolId

public userPoolId: pulumi.Output<string>;

The user pool ID.

property version

public version: pulumi.Output<string>;

The app version.

Functions

Function getUserPools

getUserPools(args: GetUserPoolsArgs, opts?: pulumi.InvokeOptions): Promise<GetUserPoolsResult>

Use this data source to get a list of cognito user pools.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const selectedRestApi = pulumi.output(aws.apigateway.getRestApi({
    name: var_api_gateway_name,
}, { async: true }));
const selectedUserPools = pulumi.output(aws.cognito.getUserPools({
    name: var_cognito_user_pool_name,
}, { async: true }));
const cognito = new aws.apigateway.Authorizer("cognito", {
    providerArns: selectedUserPools.arns,
    restApi: selectedRestApi.id,
    type: "COGNITO_USER_POOLS",
});

Others

interface GetUserPoolsArgs

interface GetUserPoolsArgs

A collection of arguments for invoking getUserPools.

property name

name: string;

Name of the cognito user pools. Name is not a unique attribute for cognito user pool, so multiple pools might be returned with given name.

interface GetUserPoolsResult

interface GetUserPoolsResult

A collection of values returned by getUserPools.

property arns

arns: string[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

The list of cognito user pool ids.

property name

name: string;

interface IdentityPoolArgs

interface IdentityPoolArgs

The set of arguments for constructing a IdentityPool resource.

property allowUnauthenticatedIdentities

allowUnauthenticatedIdentities?: pulumi.Input<boolean>;

Whether the identity pool supports unauthenticated logins or not.

property cognitoIdentityProviders

cognitoIdentityProviders?: pulumi.Input<pulumi.Input<IdentityPoolCognitoIdentityProvider>[]>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName

developerProviderName?: pulumi.Input<string>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property identityPoolName

identityPoolName: pulumi.Input<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns

openidConnectProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

A list of OpendID Connect provider ARNs.

property samlProviderArns

samlProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders

supportedLoginProviders?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Key-Value pairs mapping provider names to provider app IDs.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the Identity Pool.

interface IdentityPoolRoleAttachmentArgs

interface IdentityPoolRoleAttachmentArgs

The set of arguments for constructing a IdentityPoolRoleAttachment resource.

property identityPoolId

identityPoolId: pulumi.Input<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings

roleMappings?: pulumi.Input<pulumi.Input<IdentityPoolRoleAttachmentRoleMapping>[]>;

A List of Role Mapping.

property roles

roles: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

interface IdentityPoolRoleAttachmentState

interface IdentityPoolRoleAttachmentState

Input properties used for looking up and filtering IdentityPoolRoleAttachment resources.

property identityPoolId

identityPoolId?: pulumi.Input<string>;

An identity pool ID in the format REGION:GUID.

property roleMappings

roleMappings?: pulumi.Input<pulumi.Input<IdentityPoolRoleAttachmentRoleMapping>[]>;

A List of Role Mapping.

property roles

roles?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

The map of roles associated with this pool. For a given role, the key will be either “authenticated” or “unauthenticated” and the value will be the Role ARN.

interface IdentityPoolState

interface IdentityPoolState

Input properties used for looking up and filtering IdentityPool resources.

property allowUnauthenticatedIdentities

allowUnauthenticatedIdentities?: pulumi.Input<boolean>;

Whether the identity pool supports unauthenticated logins or not.

property arn

arn?: pulumi.Input<string>;

The ARN of the identity pool.

property cognitoIdentityProviders

cognitoIdentityProviders?: pulumi.Input<pulumi.Input<IdentityPoolCognitoIdentityProvider>[]>;

An array of Amazon Cognito Identity user pools and their client IDs.

property developerProviderName

developerProviderName?: pulumi.Input<string>;

The “domain” by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider.

property identityPoolName

identityPoolName?: pulumi.Input<string>;

The Cognito Identity Pool name.

property openidConnectProviderArns

openidConnectProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

A list of OpendID Connect provider ARNs.

property samlProviderArns

samlProviderArns?: pulumi.Input<pulumi.Input<string>[]>;

An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.

property supportedLoginProviders

supportedLoginProviders?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Key-Value pairs mapping provider names to provider app IDs.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the Identity Pool.

interface IdentityProviderArgs

interface IdentityProviderArgs

The set of arguments for constructing a IdentityProvider resource.

property attributeMapping

attributeMapping?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property idpIdentifiers

idpIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

The list of identity providers.

property providerDetails

providerDetails: pulumi.Input<{[key: string]: any}>;

The map of identity details, such as access token

property providerName

providerName: pulumi.Input<string>;

The provider name

property providerType

providerType: pulumi.Input<string>;

The provider type. See AWS API for valid values

property userPoolId

userPoolId: pulumi.Input<string>;

The user pool id

interface IdentityProviderState

interface IdentityProviderState

Input properties used for looking up and filtering IdentityProvider resources.

property attributeMapping

attributeMapping?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

The map of attribute mapping of user pool attributes. AttributeMapping in AWS API documentation

property idpIdentifiers

idpIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

The list of identity providers.

property providerDetails

providerDetails?: pulumi.Input<{[key: string]: any}>;

The map of identity details, such as access token

property providerName

providerName?: pulumi.Input<string>;

The provider name

property providerType

providerType?: pulumi.Input<string>;

The provider type. See AWS API for valid values

property userPoolId

userPoolId?: pulumi.Input<string>;

The user pool id

interface ResourceServerArgs

interface ResourceServerArgs

The set of arguments for constructing a ResourceServer resource.

property identifier

identifier: pulumi.Input<string>;

An identifier for the resource server.

property name

name?: pulumi.Input<string>;

A name for the resource server.

property scopes

scopes?: pulumi.Input<pulumi.Input<ResourceServerScope>[]>;

A list of Authorization Scope.

property userPoolId

userPoolId: pulumi.Input<string>;

interface ResourceServerState

interface ResourceServerState

Input properties used for looking up and filtering ResourceServer resources.

property identifier

identifier?: pulumi.Input<string>;

An identifier for the resource server.

property name

name?: pulumi.Input<string>;

A name for the resource server.

property scopeIdentifiers

scopeIdentifiers?: pulumi.Input<pulumi.Input<string>[]>;

A list of all scopes configured for this resource server in the format identifier/scope_name.

property scopes

scopes?: pulumi.Input<pulumi.Input<ResourceServerScope>[]>;

A list of Authorization Scope.

property userPoolId

userPoolId?: pulumi.Input<string>;

interface UserGroupArgs

interface UserGroupArgs

The set of arguments for constructing a UserGroup resource.

property description

description?: pulumi.Input<string>;

The description of the user group.

property name

name?: pulumi.Input<string>;

The name of the user group.

property precedence

precedence?: pulumi.Input<number>;

The precedence of the user group.

property roleArn

roleArn?: pulumi.Input<string>;

The ARN of the IAM role to be associated with the user group.

property userPoolId

userPoolId: pulumi.Input<string>;

The user pool ID.

interface UserGroupState

interface UserGroupState

Input properties used for looking up and filtering UserGroup resources.

property description

description?: pulumi.Input<string>;

The description of the user group.

property name

name?: pulumi.Input<string>;

The name of the user group.

property precedence

precedence?: pulumi.Input<number>;

The precedence of the user group.

property roleArn

roleArn?: pulumi.Input<string>;

The ARN of the IAM role to be associated with the user group.

property userPoolId

userPoolId?: pulumi.Input<string>;

The user pool ID.

interface UserPoolArgs

interface UserPoolArgs

The set of arguments for constructing a UserPool resource.

property adminCreateUserConfig

adminCreateUserConfig?: pulumi.Input<UserPoolAdminCreateUserConfig>;

The configuration for AdminCreateUser requests.

property aliasAttributes

aliasAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with usernameAttributes.

property autoVerifiedAttributes

autoVerifiedAttributes?: pulumi.Input<pulumi.Input<string>[]>;

The attributes to be auto-verified. Possible values: email, phone_number.

property deviceConfiguration

deviceConfiguration?: pulumi.Input<UserPoolDeviceConfiguration>;

The configuration for the user pool’s device tracking.

property emailConfiguration

emailConfiguration?: pulumi.Input<UserPoolEmailConfiguration>;

The Email Configuration.

property emailVerificationMessage

emailVerificationMessage?: pulumi.Input<string>;

A string representing the email verification message. Conflicts with verificationMessageTemplate configuration block emailMessage argument.

property emailVerificationSubject

emailVerificationSubject?: pulumi.Input<string>;

A string representing the email verification subject. Conflicts with verificationMessageTemplate configuration block emailSubject argument.

property lambdaConfig

lambdaConfig?: pulumi.Input<UserPoolLambdaConfig>;

A container for the AWS Lambda triggers associated with the user pool.

property mfaConfiguration

mfaConfiguration?: pulumi.Input<string>;

Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values:

property name

name?: pulumi.Input<string>;

The name of the attribute.

property passwordPolicy

passwordPolicy?: pulumi.Input<UserPoolPasswordPolicy>;

A container for information about the user pool password policy.

property schemas

schemas?: pulumi.Input<pulumi.Input<UserPoolSchema>[]>;

A container with the schema attributes of a user pool. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Maximum of 50 attributes.

property smsAuthenticationMessage

smsAuthenticationMessage?: pulumi.Input<string>;

A string representing the SMS authentication message. The message must contain the {####} placeholder, which will be replaced with the code.

property smsConfiguration

smsConfiguration?: pulumi.Input<UserPoolSmsConfiguration>;

Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the up command and use –replace.

property smsVerificationMessage

smsVerificationMessage?: pulumi.Input<string>;

A string representing the SMS verification message. Conflicts with verificationMessageTemplate configuration block smsMessage argument.

property softwareTokenMfaConfiguration

softwareTokenMfaConfiguration?: pulumi.Input<UserPoolSoftwareTokenMfaConfiguration>;

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the User Pool.

property userPoolAddOns

userPoolAddOns?: pulumi.Input<UserPoolUserPoolAddOns>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes

usernameAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with aliasAttributes.

property usernameConfiguration

usernameConfiguration?: pulumi.Input<UserPoolUsernameConfiguration>;

The Username Configuration.

property verificationMessageTemplate

verificationMessageTemplate?: pulumi.Input<UserPoolVerificationMessageTemplate>;

The verification message templates configuration.

interface UserPoolClientArgs

interface UserPoolClientArgs

The set of arguments for constructing a UserPoolClient resource.

property allowedOauthFlows

allowedOauthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient

allowedOauthFlowsUserPoolClient?: pulumi.Input<boolean>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes

allowedOauthScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property analyticsConfiguration

analyticsConfiguration?: pulumi.Input<UserPoolClientAnalyticsConfiguration>;

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

property callbackUrls

callbackUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed callback URLs for the identity providers.

property defaultRedirectUri

defaultRedirectUri?: pulumi.Input<string>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows

explicitAuthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

property generateSecret

generateSecret?: pulumi.Input<boolean>;

Should an application secret be generated.

property logoutUrls

logoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed logout URLs for the identity providers.

property name

name?: pulumi.Input<string>;

The name of the application client.

property preventUserExistenceErrors

preventUserExistenceErrors?: pulumi.Input<string>;

Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

property readAttributes

readAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can read from.

property refreshTokenValidity

refreshTokenValidity?: pulumi.Input<number>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders

supportedIdentityProviders?: pulumi.Input<pulumi.Input<string>[]>;

List of provider names for the identity providers that are supported on this client.

property userPoolId

userPoolId: pulumi.Input<string>;

The user pool the client belongs to.

property writeAttributes

writeAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can write to.

interface UserPoolClientState

interface UserPoolClientState

Input properties used for looking up and filtering UserPoolClient resources.

property allowedOauthFlows

allowedOauthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth flows (code, implicit, client_credentials).

property allowedOauthFlowsUserPoolClient

allowedOauthFlowsUserPoolClient?: pulumi.Input<boolean>;

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

property allowedOauthScopes

allowedOauthScopes?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

property analyticsConfiguration

analyticsConfiguration?: pulumi.Input<UserPoolClientAnalyticsConfiguration>;

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

property callbackUrls

callbackUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed callback URLs for the identity providers.

property clientSecret

clientSecret?: pulumi.Input<string>;

The client secret of the user pool client.

property defaultRedirectUri

defaultRedirectUri?: pulumi.Input<string>;

The default redirect URI. Must be in the list of callback URLs.

property explicitAuthFlows

explicitAuthFlows?: pulumi.Input<pulumi.Input<string>[]>;

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

property generateSecret

generateSecret?: pulumi.Input<boolean>;

Should an application secret be generated.

property logoutUrls

logoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List of allowed logout URLs for the identity providers.

property name

name?: pulumi.Input<string>;

The name of the application client.

property preventUserExistenceErrors

preventUserExistenceErrors?: pulumi.Input<string>;

Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

property readAttributes

readAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can read from.

property refreshTokenValidity

refreshTokenValidity?: pulumi.Input<number>;

The time limit in days refresh tokens are valid for.

property supportedIdentityProviders

supportedIdentityProviders?: pulumi.Input<pulumi.Input<string>[]>;

List of provider names for the identity providers that are supported on this client.

property userPoolId

userPoolId?: pulumi.Input<string>;

The user pool the client belongs to.

property writeAttributes

writeAttributes?: pulumi.Input<pulumi.Input<string>[]>;

List of user pool attributes the application client can write to.

interface UserPoolDomainArgs

interface UserPoolDomainArgs

The set of arguments for constructing a UserPoolDomain resource.

property certificateArn

certificateArn?: pulumi.Input<string>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property domain

domain: pulumi.Input<string>;

The domain string.

property userPoolId

userPoolId: pulumi.Input<string>;

The user pool ID.

interface UserPoolDomainState

interface UserPoolDomainState

Input properties used for looking up and filtering UserPoolDomain resources.

property awsAccountId

awsAccountId?: pulumi.Input<string>;

The AWS account ID for the user pool owner.

property certificateArn

certificateArn?: pulumi.Input<string>;

The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.

property cloudfrontDistributionArn

cloudfrontDistributionArn?: pulumi.Input<string>;

The ARN of the CloudFront distribution.

property domain

domain?: pulumi.Input<string>;

The domain string.

property s3Bucket

s3Bucket?: pulumi.Input<string>;

The S3 bucket where the static files for this domain are stored.

property userPoolId

userPoolId?: pulumi.Input<string>;

The user pool ID.

property version

version?: pulumi.Input<string>;

The app version.

interface UserPoolState

interface UserPoolState

Input properties used for looking up and filtering UserPool resources.

property adminCreateUserConfig

adminCreateUserConfig?: pulumi.Input<UserPoolAdminCreateUserConfig>;

The configuration for AdminCreateUser requests.

property aliasAttributes

aliasAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username. Conflicts with usernameAttributes.

property arn

arn?: pulumi.Input<string>;

The ARN of the user pool.

property autoVerifiedAttributes

autoVerifiedAttributes?: pulumi.Input<pulumi.Input<string>[]>;

The attributes to be auto-verified. Possible values: email, phone_number.

property creationDate

creationDate?: pulumi.Input<string>;

The date the user pool was created.

property deviceConfiguration

deviceConfiguration?: pulumi.Input<UserPoolDeviceConfiguration>;

The configuration for the user pool’s device tracking.

property emailConfiguration

emailConfiguration?: pulumi.Input<UserPoolEmailConfiguration>;

The Email Configuration.

property emailVerificationMessage

emailVerificationMessage?: pulumi.Input<string>;

A string representing the email verification message. Conflicts with verificationMessageTemplate configuration block emailMessage argument.

property emailVerificationSubject

emailVerificationSubject?: pulumi.Input<string>;

A string representing the email verification subject. Conflicts with verificationMessageTemplate configuration block emailSubject argument.

property endpoint

endpoint?: pulumi.Input<string>;

The endpoint name of the user pool. Example format: cognito-idp.REGION.amazonaws.com/xxxx_yyyyy

property lambdaConfig

lambdaConfig?: pulumi.Input<UserPoolLambdaConfig>;

A container for the AWS Lambda triggers associated with the user pool.

property lastModifiedDate

lastModifiedDate?: pulumi.Input<string>;

The date the user pool was last modified.

property mfaConfiguration

mfaConfiguration?: pulumi.Input<string>;

Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values:

property name

name?: pulumi.Input<string>;

The name of the attribute.

property passwordPolicy

passwordPolicy?: pulumi.Input<UserPoolPasswordPolicy>;

A container for information about the user pool password policy.

property schemas

schemas?: pulumi.Input<pulumi.Input<UserPoolSchema>[]>;

A container with the schema attributes of a user pool. Schema attributes from the standard attribute set only need to be specified if they are different from the default configuration. Maximum of 50 attributes.

property smsAuthenticationMessage

smsAuthenticationMessage?: pulumi.Input<string>;

A string representing the SMS authentication message. The message must contain the {####} placeholder, which will be replaced with the code.

property smsConfiguration

smsConfiguration?: pulumi.Input<UserPoolSmsConfiguration>;

Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection. To force resource recreation after this configuration has been applied, see the up command and use –replace.

property smsVerificationMessage

smsVerificationMessage?: pulumi.Input<string>;

A string representing the SMS verification message. Conflicts with verificationMessageTemplate configuration block smsMessage argument.

property softwareTokenMfaConfiguration

softwareTokenMfaConfiguration?: pulumi.Input<UserPoolSoftwareTokenMfaConfiguration>;

Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the User Pool.

property userPoolAddOns

userPoolAddOns?: pulumi.Input<UserPoolUserPoolAddOns>;

Configuration block for user pool add-ons to enable user pool advanced security mode features.

property usernameAttributes

usernameAttributes?: pulumi.Input<pulumi.Input<string>[]>;

Specifies whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with aliasAttributes.

property usernameConfiguration

usernameConfiguration?: pulumi.Input<UserPoolUsernameConfiguration>;

The Username Configuration.

property verificationMessageTemplate

verificationMessageTemplate?: pulumi.Input<UserPoolVerificationMessageTemplate>;

The verification message templates configuration.