Skip to content

API Reference

Constructs

UserIdentity

Creates a UserPool and Identity Pool with sane defaults configured intended for usage from a web client.

Initializers

import software.aws.pdk.identity.UserIdentity;

UserIdentity.Builder.create(Construct scope, java.lang.String id)
//  .allowSignup(java.lang.Boolean)
//  .identityPoolOptions(IdentityPoolProps)
//  .userPool(UserPool)
    .build();
Name Type Description
scope software.constructs.Construct No description.
id java.lang.String No description.
allowSignup java.lang.Boolean Allow self sign up.
identityPoolOptions software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolProps Configuration for the Identity Pool.
userPool software.amazon.awscdk.services.cognito.UserPool User provided Cognito UserPool.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

allowSignupOptional
  • Type: java.lang.Boolean
  • Default: false

Allow self sign up.


identityPoolOptionsOptional
  • Type: software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolProps

Configuration for the Identity Pool.


userPoolOptional
  • Type: software.amazon.awscdk.services.cognito.UserPool
  • Default: a userpool with mfa will be created.

User provided Cognito UserPool.


Methods

Name Description
toString Returns a string representation of this construct.

toString
public java.lang.String toString()

Returns a string representation of this construct.

Static Functions

Name Description
isConstruct Checks if x is a construct.

isConstruct
import software.aws.pdk.identity.UserIdentity;

UserIdentity.isConstruct(java.lang.Object x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: java.lang.Object

Any object.


Properties

Name Type Description
node software.constructs.Node The tree node.
identityPool software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPool No description.
userPool software.amazon.awscdk.services.cognito.UserPool No description.
userPoolClient software.amazon.awscdk.services.cognito.UserPoolClient No description.

nodeRequired
public Node getNode();
  • Type: software.constructs.Node

The tree node.


identityPoolRequired
public IdentityPool getIdentityPool();
  • Type: software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPool

userPoolRequired
public UserPool getUserPool();
  • Type: software.amazon.awscdk.services.cognito.UserPool

userPoolClientRequired
public UserPoolClient getUserPoolClient();
  • Type: software.amazon.awscdk.services.cognito.UserPoolClient

UserPoolWithMfa

Configures a UserPool with MFA across SMS/TOTP using sane defaults.

Initializers

import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.Builder.create(Construct scope, java.lang.String id)
//  .accountRecovery(AccountRecovery)
//  .advancedSecurityMode(AdvancedSecurityMode)
//  .autoVerify(AutoVerifiedAttrs)
//  .customAttributes(java.util.Map<java.lang.String, ICustomAttribute>)
//  .customSenderKmsKey(IKey)
//  .deletionProtection(java.lang.Boolean)
//  .deviceTracking(DeviceTracking)
//  .email(UserPoolEmail)
//  .enableSmsRole(java.lang.Boolean)
//  .keepOriginal(KeepOriginalAttrs)
//  .lambdaTriggers(UserPoolTriggers)
//  .mfa(Mfa)
//  .mfaMessage(java.lang.String)
//  .mfaSecondFactor(MfaSecondFactor)
//  .passwordPolicy(PasswordPolicy)
//  .removalPolicy(RemovalPolicy)
//  .selfSignUpEnabled(java.lang.Boolean)
//  .signInAliases(SignInAliases)
//  .signInCaseSensitive(java.lang.Boolean)
//  .smsRole(IRole)
//  .smsRoleExternalId(java.lang.String)
//  .snsRegion(java.lang.String)
//  .standardAttributes(StandardAttributes)
//  .userInvitation(UserInvitationConfig)
//  .userPoolName(java.lang.String)
//  .userVerification(UserVerificationConfig)
    .build();
Name Type Description
scope software.constructs.Construct No description.
id java.lang.String No description.
accountRecovery software.amazon.awscdk.services.cognito.AccountRecovery How will a user be able to recover their account?
advancedSecurityMode software.amazon.awscdk.services.cognito.AdvancedSecurityMode The user pool's Advanced Security Mode.
autoVerify software.amazon.awscdk.services.cognito.AutoVerifiedAttrs Attributes which Cognito will look to verify automatically upon user sign up.
customAttributes java.util.Map Define a set of custom attributes that can be configured for each user in the user pool.
customSenderKmsKey software.amazon.awscdk.services.kms.IKey This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
deletionProtection java.lang.Boolean Indicates whether the user pool should have deletion protection enabled.
deviceTracking software.amazon.awscdk.services.cognito.DeviceTracking Device tracking settings.
email software.amazon.awscdk.services.cognito.UserPoolEmail Email settings for a user pool.
enableSmsRole java.lang.Boolean Setting this would explicitly enable or disable SMS role creation.
keepOriginal software.amazon.awscdk.services.cognito.KeepOriginalAttrs Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
lambdaTriggers software.amazon.awscdk.services.cognito.UserPoolTriggers Lambda functions to use for supported Cognito triggers.
mfa software.amazon.awscdk.services.cognito.Mfa Configure whether users of this user pool can or are required use MFA to sign in.
mfaMessage java.lang.String The SMS message template sent during MFA verification.
mfaSecondFactor software.amazon.awscdk.services.cognito.MfaSecondFactor Configure the MFA types that users can use in this user pool.
passwordPolicy software.amazon.awscdk.services.cognito.PasswordPolicy Password policy for this user pool.
removalPolicy software.amazon.awscdk.RemovalPolicy Policy to apply when the user pool is removed from the stack.
selfSignUpEnabled java.lang.Boolean Whether self sign-up should be enabled.
signInAliases software.amazon.awscdk.services.cognito.SignInAliases Methods in which a user registers or signs in to a user pool.
signInCaseSensitive java.lang.Boolean Whether sign-in aliases should be evaluated with case sensitivity.
smsRole software.amazon.awscdk.services.iam.IRole The IAM role that Cognito will assume while sending SMS messages.
smsRoleExternalId java.lang.String The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.
snsRegion java.lang.String The region to integrate with SNS to send SMS messages.
standardAttributes software.amazon.awscdk.services.cognito.StandardAttributes The set of attributes that are required for every user in the user pool.
userInvitation software.amazon.awscdk.services.cognito.UserInvitationConfig Configuration around admins signing up users into a user pool.
userPoolName java.lang.String Name of the user pool.
userVerification software.amazon.awscdk.services.cognito.UserVerificationConfig Configuration around users signing themselves up to the user pool.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

accountRecoveryOptional
  • Type: software.amazon.awscdk.services.cognito.AccountRecovery
  • Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

How will a user be able to recover their account?


advancedSecurityModeOptional
  • Type: software.amazon.awscdk.services.cognito.AdvancedSecurityMode
  • Default: no value

The user pool's Advanced Security Mode.


autoVerifyOptional
  • Type: software.amazon.awscdk.services.cognito.AutoVerifiedAttrs
  • Default: If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.


customAttributesOptional
  • Type: java.util.Map
  • Default: No custom attributes.

Define a set of custom attributes that can be configured for each user in the user pool.


customSenderKmsKeyOptional
  • Type: software.amazon.awscdk.services.kms.IKey
  • Default: no key ID configured

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html


deletionProtectionOptional
  • Type: java.lang.Boolean
  • Default: false

Indicates whether the user pool should have deletion protection enabled.


deviceTrackingOptional
  • Type: software.amazon.awscdk.services.cognito.DeviceTracking
  • Default: see defaults on each property of DeviceTracking.

Device tracking settings.


emailOptional
  • Type: software.amazon.awscdk.services.cognito.UserPoolEmail
  • Default: cognito will use the default email configuration

Email settings for a user pool.


enableSmsRoleOptional
  • Type: java.lang.Boolean
  • Default: CDK will determine based on other properties of the user pool if an SMS role should be created or not.

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.


keepOriginalOptional
  • Type: software.amazon.awscdk.services.cognito.KeepOriginalAttrs
  • Default: Nothing is kept.

Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

EMAIL and PHONE are the only available options.


lambdaTriggersOptional
  • Type: software.amazon.awscdk.services.cognito.UserPoolTriggers
  • Default: No Lambda triggers.

Lambda functions to use for supported Cognito triggers.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html


mfaOptional
  • Type: software.amazon.awscdk.services.cognito.Mfa
  • Default: Mfa.OFF

Configure whether users of this user pool can or are required use MFA to sign in.


mfaMessageOptional
  • Type: java.lang.String
  • Default: 'Your authentication code is {####}.'

The SMS message template sent during MFA verification.

Use '{####}' in the template where Cognito should insert the verification code.


mfaSecondFactorOptional
  • Type: software.amazon.awscdk.services.cognito.MfaSecondFactor
  • Default: { sms: true, otp: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false }, otherwise

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.


passwordPolicyOptional
  • Type: software.amazon.awscdk.services.cognito.PasswordPolicy
  • Default: see defaults on each property of PasswordPolicy.

Password policy for this user pool.


removalPolicyOptional
  • Type: software.amazon.awscdk.RemovalPolicy
  • Default: RemovalPolicy.RETAIN

Policy to apply when the user pool is removed from the stack.


selfSignUpEnabledOptional
  • Type: java.lang.Boolean
  • Default: false

Whether self sign-up should be enabled.

To configure self sign-up configuration use the userVerification property.


signInAliasesOptional
  • Type: software.amazon.awscdk.services.cognito.SignInAliases
  • Default: { username: true }

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.


signInCaseSensitiveOptional
  • Type: java.lang.Boolean
  • Default: true

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.


smsRoleOptional
  • Type: software.amazon.awscdk.services.iam.IRole
  • Default: a new IAM role is created.

The IAM role that Cognito will assume while sending SMS messages.


smsRoleExternalIdOptional
  • Type: java.lang.String
  • Default: No external id will be configured.

The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.


snsRegionOptional

The region to integrate with SNS to send SMS messages.

This property will do nothing if SMS configuration is not configured.


standardAttributesOptional
  • Type: software.amazon.awscdk.services.cognito.StandardAttributes
  • Default: All standard attributes are optional and mutable.

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html


userInvitationOptional
  • Type: software.amazon.awscdk.services.cognito.UserInvitationConfig
  • Default: see defaults in UserInvitationConfig.

Configuration around admins signing up users into a user pool.


userPoolNameOptional
  • Type: java.lang.String
  • Default: automatically generated name by CloudFormation at deploy time.

Name of the user pool.


userVerificationOptional
  • Type: software.amazon.awscdk.services.cognito.UserVerificationConfig
  • Default: see defaults in UserVerificationConfig.

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.


Methods

Name Description
toString Returns a string representation of this construct.
applyRemovalPolicy Apply the given removal policy to this resource.
addClient Add a new app client to this user pool.
addDomain Associate a domain to this user pool.
addResourceServer Add a new resource server to this user pool.
addTrigger Add a lambda trigger to a user pool operation.
grant Adds an IAM policy statement associated with this user pool to an IAM principal's policy.
registerIdentityProvider Register an identity provider with this user pool.

toString
public java.lang.String toString()

Returns a string representation of this construct.

applyRemovalPolicy
public void applyRemovalPolicy(RemovalPolicy policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

policyRequired
  • Type: software.amazon.awscdk.RemovalPolicy

addClient
public UserPoolClient addClient(java.lang.String id)
public UserPoolClient addClient(java.lang.String id, UserPoolClientOptions options)

Add a new app client to this user pool.

idRequired
  • Type: java.lang.String

optionsOptional
  • Type: software.amazon.awscdk.services.cognito.UserPoolClientOptions

addDomain
public UserPoolDomain addDomain(java.lang.String id, UserPoolDomainOptions options)

Associate a domain to this user pool.

idRequired
  • Type: java.lang.String

optionsRequired
  • Type: software.amazon.awscdk.services.cognito.UserPoolDomainOptions

addResourceServer
public UserPoolResourceServer addResourceServer(java.lang.String id, UserPoolResourceServerOptions options)

Add a new resource server to this user pool.

idRequired
  • Type: java.lang.String

optionsRequired
  • Type: software.amazon.awscdk.services.cognito.UserPoolResourceServerOptions

addTrigger
public void addTrigger(UserPoolOperation operation, IFunction fn)
public void addTrigger(UserPoolOperation operation, IFunction fn, LambdaVersion lambdaVersion)

Add a lambda trigger to a user pool operation.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

operationRequired
  • Type: software.amazon.awscdk.services.cognito.UserPoolOperation

fnRequired
  • Type: software.amazon.awscdk.services.lambda.IFunction

lambdaVersionOptional
  • Type: software.amazon.awscdk.services.cognito.LambdaVersion

grant
public Grant grant(IGrantable grantee, java.lang.String actions)

Adds an IAM policy statement associated with this user pool to an IAM principal's policy.

granteeRequired
  • Type: software.amazon.awscdk.services.iam.IGrantable

actionsRequired
  • Type: java.lang.String

registerIdentityProvider
public void registerIdentityProvider(IUserPoolIdentityProvider provider)

Register an identity provider with this user pool.

providerRequired
  • Type: software.amazon.awscdk.services.cognito.IUserPoolIdentityProvider

Static Functions

Name Description
isConstruct Checks if x is a construct.
isOwnedResource Returns true if the construct was created by CDK, and false otherwise.
isResource Check whether the given construct is a Resource.
fromUserPoolArn Import an existing user pool based on its ARN.
fromUserPoolId Import an existing user pool based on its id.

isConstruct
import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.isConstruct(java.lang.Object x)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

xRequired
  • Type: java.lang.Object

Any object.


isOwnedResource
import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.isOwnedResource(IConstruct construct)

Returns true if the construct was created by CDK, and false otherwise.

constructRequired
  • Type: software.constructs.IConstruct

isResource
import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.isResource(IConstruct construct)

Check whether the given construct is a Resource.

constructRequired
  • Type: software.constructs.IConstruct

fromUserPoolArn
import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.fromUserPoolArn(Construct scope, java.lang.String id, java.lang.String userPoolArn)

Import an existing user pool based on its ARN.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

userPoolArnRequired
  • Type: java.lang.String

fromUserPoolId
import software.aws.pdk.identity.UserPoolWithMfa;

UserPoolWithMfa.fromUserPoolId(Construct scope, java.lang.String id, java.lang.String userPoolId)

Import an existing user pool based on its id.

scopeRequired
  • Type: software.constructs.Construct

idRequired
  • Type: java.lang.String

userPoolIdRequired
  • Type: java.lang.String

Properties

Name Type Description
node software.constructs.Node The tree node.
env software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to.
stack software.amazon.awscdk.Stack The stack in which this resource is defined.
identityProviders java.util.List Get all identity providers registered with this user pool.
userPoolArn java.lang.String The ARN of the user pool.
userPoolId java.lang.String The physical ID of this user pool resource.
userPoolProviderName java.lang.String User pool provider name.
userPoolProviderUrl java.lang.String User pool provider URL.

nodeRequired
public Node getNode();
  • Type: software.constructs.Node

The tree node.


envRequired
public ResourceEnvironment getEnv();
  • Type: software.amazon.awscdk.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


stackRequired
public Stack getStack();
  • Type: software.amazon.awscdk.Stack

The stack in which this resource is defined.


identityProvidersRequired
public java.util.List<IUserPoolIdentityProvider> getIdentityProviders();
  • Type: java.util.List

Get all identity providers registered with this user pool.


userPoolArnRequired
public java.lang.String getUserPoolArn();
  • Type: java.lang.String

The ARN of the user pool.


userPoolIdRequired
public java.lang.String getUserPoolId();
  • Type: java.lang.String

The physical ID of this user pool resource.


userPoolProviderNameRequired
public java.lang.String getUserPoolProviderName();
  • Type: java.lang.String

User pool provider name.


userPoolProviderUrlRequired
public java.lang.String getUserPoolProviderUrl();
  • Type: java.lang.String

User pool provider URL.


Structs

UserIdentityProps

Properties which configures the Identity Pool.

Initializer

import software.aws.pdk.identity.UserIdentityProps;

UserIdentityProps.builder()
//  .allowSignup(java.lang.Boolean)
//  .identityPoolOptions(IdentityPoolProps)
//  .userPool(UserPool)
    .build();

Properties

Name Type Description
allowSignup java.lang.Boolean Allow self sign up.
identityPoolOptions software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolProps Configuration for the Identity Pool.
userPool software.amazon.awscdk.services.cognito.UserPool User provided Cognito UserPool.

allowSignupOptional
public java.lang.Boolean getAllowSignup();
  • Type: java.lang.Boolean
  • Default: false

Allow self sign up.


identityPoolOptionsOptional
public IdentityPoolProps getIdentityPoolOptions();
  • Type: software.amazon.awscdk.services.cognito.identitypool.alpha.IdentityPoolProps

Configuration for the Identity Pool.


userPoolOptional
public UserPool getUserPool();
  • Type: software.amazon.awscdk.services.cognito.UserPool
  • Default: a userpool with mfa will be created.

User provided Cognito UserPool.


UserPoolWithMfaProps

UserPoolWithMfa props.

Initializer

import software.aws.pdk.identity.UserPoolWithMfaProps;

UserPoolWithMfaProps.builder()
//  .accountRecovery(AccountRecovery)
//  .advancedSecurityMode(AdvancedSecurityMode)
//  .autoVerify(AutoVerifiedAttrs)
//  .customAttributes(java.util.Map<java.lang.String, ICustomAttribute>)
//  .customSenderKmsKey(IKey)
//  .deletionProtection(java.lang.Boolean)
//  .deviceTracking(DeviceTracking)
//  .email(UserPoolEmail)
//  .enableSmsRole(java.lang.Boolean)
//  .keepOriginal(KeepOriginalAttrs)
//  .lambdaTriggers(UserPoolTriggers)
//  .mfa(Mfa)
//  .mfaMessage(java.lang.String)
//  .mfaSecondFactor(MfaSecondFactor)
//  .passwordPolicy(PasswordPolicy)
//  .removalPolicy(RemovalPolicy)
//  .selfSignUpEnabled(java.lang.Boolean)
//  .signInAliases(SignInAliases)
//  .signInCaseSensitive(java.lang.Boolean)
//  .smsRole(IRole)
//  .smsRoleExternalId(java.lang.String)
//  .snsRegion(java.lang.String)
//  .standardAttributes(StandardAttributes)
//  .userInvitation(UserInvitationConfig)
//  .userPoolName(java.lang.String)
//  .userVerification(UserVerificationConfig)
    .build();

Properties

Name Type Description
accountRecovery software.amazon.awscdk.services.cognito.AccountRecovery How will a user be able to recover their account?
advancedSecurityMode software.amazon.awscdk.services.cognito.AdvancedSecurityMode The user pool's Advanced Security Mode.
autoVerify software.amazon.awscdk.services.cognito.AutoVerifiedAttrs Attributes which Cognito will look to verify automatically upon user sign up.
customAttributes java.util.Map Define a set of custom attributes that can be configured for each user in the user pool.
customSenderKmsKey software.amazon.awscdk.services.kms.IKey This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
deletionProtection java.lang.Boolean Indicates whether the user pool should have deletion protection enabled.
deviceTracking software.amazon.awscdk.services.cognito.DeviceTracking Device tracking settings.
email software.amazon.awscdk.services.cognito.UserPoolEmail Email settings for a user pool.
enableSmsRole java.lang.Boolean Setting this would explicitly enable or disable SMS role creation.
keepOriginal software.amazon.awscdk.services.cognito.KeepOriginalAttrs Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
lambdaTriggers software.amazon.awscdk.services.cognito.UserPoolTriggers Lambda functions to use for supported Cognito triggers.
mfa software.amazon.awscdk.services.cognito.Mfa Configure whether users of this user pool can or are required use MFA to sign in.
mfaMessage java.lang.String The SMS message template sent during MFA verification.
mfaSecondFactor software.amazon.awscdk.services.cognito.MfaSecondFactor Configure the MFA types that users can use in this user pool.
passwordPolicy software.amazon.awscdk.services.cognito.PasswordPolicy Password policy for this user pool.
removalPolicy software.amazon.awscdk.RemovalPolicy Policy to apply when the user pool is removed from the stack.
selfSignUpEnabled java.lang.Boolean Whether self sign-up should be enabled.
signInAliases software.amazon.awscdk.services.cognito.SignInAliases Methods in which a user registers or signs in to a user pool.
signInCaseSensitive java.lang.Boolean Whether sign-in aliases should be evaluated with case sensitivity.
smsRole software.amazon.awscdk.services.iam.IRole The IAM role that Cognito will assume while sending SMS messages.
smsRoleExternalId java.lang.String The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.
snsRegion java.lang.String The region to integrate with SNS to send SMS messages.
standardAttributes software.amazon.awscdk.services.cognito.StandardAttributes The set of attributes that are required for every user in the user pool.
userInvitation software.amazon.awscdk.services.cognito.UserInvitationConfig Configuration around admins signing up users into a user pool.
userPoolName java.lang.String Name of the user pool.
userVerification software.amazon.awscdk.services.cognito.UserVerificationConfig Configuration around users signing themselves up to the user pool.

accountRecoveryOptional
public AccountRecovery getAccountRecovery();
  • Type: software.amazon.awscdk.services.cognito.AccountRecovery
  • Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

How will a user be able to recover their account?


advancedSecurityModeOptional
public AdvancedSecurityMode getAdvancedSecurityMode();
  • Type: software.amazon.awscdk.services.cognito.AdvancedSecurityMode
  • Default: no value

The user pool's Advanced Security Mode.


autoVerifyOptional
public AutoVerifiedAttrs getAutoVerify();
  • Type: software.amazon.awscdk.services.cognito.AutoVerifiedAttrs
  • Default: If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.


customAttributesOptional
public java.util.Map<java.lang.String, ICustomAttribute> getCustomAttributes();
  • Type: java.util.Map
  • Default: No custom attributes.

Define a set of custom attributes that can be configured for each user in the user pool.


customSenderKmsKeyOptional
public IKey getCustomSenderKmsKey();
  • Type: software.amazon.awscdk.services.kms.IKey
  • Default: no key ID configured

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html


deletionProtectionOptional
public java.lang.Boolean getDeletionProtection();
  • Type: java.lang.Boolean
  • Default: false

Indicates whether the user pool should have deletion protection enabled.


deviceTrackingOptional
public DeviceTracking getDeviceTracking();
  • Type: software.amazon.awscdk.services.cognito.DeviceTracking
  • Default: see defaults on each property of DeviceTracking.

Device tracking settings.


emailOptional
public UserPoolEmail getEmail();
  • Type: software.amazon.awscdk.services.cognito.UserPoolEmail
  • Default: cognito will use the default email configuration

Email settings for a user pool.


enableSmsRoleOptional
public java.lang.Boolean getEnableSmsRole();
  • Type: java.lang.Boolean
  • Default: CDK will determine based on other properties of the user pool if an SMS role should be created or not.

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.


keepOriginalOptional
public KeepOriginalAttrs getKeepOriginal();
  • Type: software.amazon.awscdk.services.cognito.KeepOriginalAttrs
  • Default: Nothing is kept.

Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

EMAIL and PHONE are the only available options.


lambdaTriggersOptional
public UserPoolTriggers getLambdaTriggers();
  • Type: software.amazon.awscdk.services.cognito.UserPoolTriggers
  • Default: No Lambda triggers.

Lambda functions to use for supported Cognito triggers.

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html


mfaOptional
public Mfa getMfa();
  • Type: software.amazon.awscdk.services.cognito.Mfa
  • Default: Mfa.OFF

Configure whether users of this user pool can or are required use MFA to sign in.


mfaMessageOptional
public java.lang.String getMfaMessage();
  • Type: java.lang.String
  • Default: 'Your authentication code is {####}.'

The SMS message template sent during MFA verification.

Use '{####}' in the template where Cognito should insert the verification code.


mfaSecondFactorOptional
public MfaSecondFactor getMfaSecondFactor();
  • Type: software.amazon.awscdk.services.cognito.MfaSecondFactor
  • Default: { sms: true, otp: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false }, otherwise

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.


passwordPolicyOptional
public PasswordPolicy getPasswordPolicy();
  • Type: software.amazon.awscdk.services.cognito.PasswordPolicy
  • Default: see defaults on each property of PasswordPolicy.

Password policy for this user pool.


removalPolicyOptional
public RemovalPolicy getRemovalPolicy();
  • Type: software.amazon.awscdk.RemovalPolicy
  • Default: RemovalPolicy.RETAIN

Policy to apply when the user pool is removed from the stack.


selfSignUpEnabledOptional
public java.lang.Boolean getSelfSignUpEnabled();
  • Type: java.lang.Boolean
  • Default: false

Whether self sign-up should be enabled.

To configure self sign-up configuration use the userVerification property.


signInAliasesOptional
public SignInAliases getSignInAliases();
  • Type: software.amazon.awscdk.services.cognito.SignInAliases
  • Default: { username: true }

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.


signInCaseSensitiveOptional
public java.lang.Boolean getSignInCaseSensitive();
  • Type: java.lang.Boolean
  • Default: true

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.


smsRoleOptional
public IRole getSmsRole();
  • Type: software.amazon.awscdk.services.iam.IRole
  • Default: a new IAM role is created.

The IAM role that Cognito will assume while sending SMS messages.


smsRoleExternalIdOptional
public java.lang.String getSmsRoleExternalId();
  • Type: java.lang.String
  • Default: No external id will be configured.

The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.


snsRegionOptional
public java.lang.String getSnsRegion();

The region to integrate with SNS to send SMS messages.

This property will do nothing if SMS configuration is not configured.


standardAttributesOptional
public StandardAttributes getStandardAttributes();
  • Type: software.amazon.awscdk.services.cognito.StandardAttributes
  • Default: All standard attributes are optional and mutable.

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html


userInvitationOptional
public UserInvitationConfig getUserInvitation();
  • Type: software.amazon.awscdk.services.cognito.UserInvitationConfig
  • Default: see defaults in UserInvitationConfig.

Configuration around admins signing up users into a user pool.


userPoolNameOptional
public java.lang.String getUserPoolName();
  • Type: java.lang.String
  • Default: automatically generated name by CloudFormation at deploy time.

Name of the user pool.


userVerificationOptional
public UserVerificationConfig getUserVerification();
  • Type: software.amazon.awscdk.services.cognito.UserVerificationConfig
  • Default: see defaults in UserVerificationConfig.

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the selfSignUpEnabled property.



Last update: 2024-12-20