AWS Amazon Cognito User Pool
This page shows how to write Terraform and CloudFormation for Amazon Cognito User Pool and write them securely.
aws_cognito_user_pool (Terraform)
The User Pool in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_user_pool. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
positive.tf#L1
resource "aws_cognito_user_pool" "positive1" {
# ... other configuration ...
sms_authentication_message = "Your code is {####}"
sms_configuration {
negative.tf#L1
resource "aws_cognito_user_pool" "negative1" {
# ... other configuration ...
mfa_configuration = "ON"
sms_authentication_message = "Your code is {####}"
main.tf#L5
resource "aws_cognito_user_pool" "user_pool" {
name = "beats_user_pool"
alias_attributes = ["email"]
username_configuration {
case_sensitive = false
}
positive.tf#L1
resource "aws_cognito_user_pool" "positive1" {
# ... other configuration ...
sms_authentication_message = "Your code is {####}"
sms_configuration {
negative.tf#L1
resource "aws_cognito_user_pool" "negative1" {
# ... other configuration ...
mfa_configuration = "ON"
sms_authentication_message = "Your code is {####}"
Parameters
-
alias_attributesoptional - set of string -
arnoptional computed - string -
auto_verified_attributesoptional - set of string -
creation_dateoptional computed - string -
email_verification_messageoptional computed - string -
email_verification_subjectoptional computed - string -
endpointoptional computed - string -
idoptional computed - string -
last_modified_dateoptional computed - string -
mfa_configurationoptional - string -
namerequired - string -
sms_authentication_messageoptional - string -
sms_verification_messageoptional computed - string -
tagsoptional - map from string to string -
username_attributesoptional - list of string -
account_recovery_settinglist block-
recovery_mechanismset block
-
-
admin_create_user_configlist block-
allow_admin_create_user_onlyoptional - bool -
invite_message_templatelist block-
email_messageoptional - string -
email_subjectoptional - string -
sms_messageoptional - string
-
-
-
device_configurationlist block-
challenge_required_on_new_deviceoptional - bool -
device_only_remembered_on_user_promptoptional - bool
-
-
email_configurationlist block-
configuration_setoptional - string -
email_sending_accountoptional - string -
from_email_addressoptional - string -
reply_to_email_addressoptional - string -
source_arnoptional - string
-
-
lambda_configlist block-
create_auth_challengeoptional - string -
custom_messageoptional - string -
define_auth_challengeoptional - string -
post_authenticationoptional - string -
post_confirmationoptional - string -
pre_authenticationoptional - string -
pre_sign_upoptional - string -
pre_token_generationoptional - string -
user_migrationoptional - string -
verify_auth_challenge_responseoptional - string
-
-
password_policylist block-
minimum_lengthoptional - number -
require_lowercaseoptional - bool -
require_numbersoptional - bool -
require_symbolsoptional - bool -
require_uppercaseoptional - bool -
temporary_password_validity_daysoptional - number
-
-
schemaset block-
attribute_data_typerequired - string -
developer_only_attributeoptional - bool -
mutableoptional - bool -
namerequired - string -
requiredoptional - bool -
number_attribute_constraintslist block -
string_attribute_constraintslist block-
max_lengthoptional - string -
min_lengthoptional - string
-
-
-
sms_configurationlist block-
external_idrequired - string -
sns_caller_arnrequired - string
-
-
software_token_mfa_configurationlist block-
enabledrequired - bool
-
-
user_pool_add_onslist block-
advanced_security_moderequired - string
-
-
username_configurationlist block-
case_sensitiverequired - bool
-
-
verification_message_templatelist block-
default_email_optionoptional - string -
email_messageoptional computed - string -
email_message_by_linkoptional computed - string -
email_subjectoptional computed - string -
email_subject_by_linkoptional computed - string -
sms_messageoptional computed - string
-
Explanation in Terraform Registry
Provides a Cognito User Pool resource.
AWS::Cognito::UserPool (CloudFormation)
The UserPool in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::UserPool. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
tag-example.yml#L8
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: uat01a-cognito-user-pool
UserPool2:
Type: AWS::Cognito::UserPool
Properties:
serverless.yml#L49
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: '${self:provider.environment.COGNITO_POOL_NAME}'
# Set email as an alias
UsernameAttributes:
- email
cognito-user-pools.yml#L4
Type: AWS::Cognito::UserPool
Properties:
MfaConfiguration: 'OFF'
UserPoolName:
Fn::Sub: Tzero${self:custom.stage}_ProducerUserPool
UsernameAttributes:
cognito-user-pool.yml#L3
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: ${self:provider.stage}-user-pool
UsernameAttributes:
- email
AutoVerifiedAttributes:
serverless.yml#L10
Type: "AWS::Cognito::UserPool"
Properties:
MfaConfiguration: OFF
UserPoolName: ${service}-${name}-pool
UsernameAttributes:
- email
attendance_cognito_userpools.json#L8
"Type":"AWS::Cognito::UserPool",
"Properties":{
"UserPoolName":"AdminUserPool",
"AliasAttributes":["email"],
"Schema": [
{
V1.json#L5
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"ClientName": "TestApp",
"GenerateSecret": true,
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
aws_cf_template.json#L499
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AutoVerifiedAttributes": [],
"AliasAttributes": [],
"UsernameAttributes": [],
"Policies": {
aws_cognito.json#L4
"path": "/ResourceTypes/AWS::Cognito::UserPool/Properties/AliasAttributes/Value",
"value": {
"ValueType": "AWS::Cognito::UserPool.AliasAttributes"
}
},
{
serverless-state.json#L34
"Type": "AWS::Cognito::UserPool",
"Properties": {
"MfaConfiguration": "OFF",
"UserPoolName": "yyp-user-pool",
"UsernameAttributes": [
"email"
Parameters
-
UserPoolTagsoptional - Json -
Policiesoptional - Policies -
VerificationMessageTemplateoptional - VerificationMessageTemplate -
MfaConfigurationoptional - String -
Schemaoptional - List of SchemaAttribute -
AdminCreateUserConfigoptional - AdminCreateUserConfig -
SmsAuthenticationMessageoptional - String -
UsernameConfigurationoptional - UsernameConfiguration -
UserPoolNameoptional - String -
SmsVerificationMessageoptional - String -
UserPoolAddOnsoptional - UserPoolAddOns -
EmailConfigurationoptional - EmailConfiguration -
SmsConfigurationoptional - SmsConfiguration -
AliasAttributesoptional - List -
EnabledMfasoptional - List -
EmailVerificationSubjectoptional - String -
LambdaConfigoptional - LambdaConfig -
UsernameAttributesoptional - List -
AutoVerifiedAttributesoptional - List -
DeviceConfigurationoptional - DeviceConfiguration -
EmailVerificationMessageoptional - String -
AccountRecoverySettingoptional - AccountRecoverySetting
Explanation in CloudFormation Registry
The
AWS::Cognito::UserPoolresource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool.
Frequently asked questions
What is AWS Amazon Cognito User Pool?
AWS Amazon Cognito User Pool is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Cognito User Pool?
For Terraform, the Checkmarx/kics, Checkmarx/kics and ccteng/nursing_capstone source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the cherylf/AWS-CloudFormation, uu4k/aws-nodejs-express-typescript and Chifhiwa/test-stack-002836 source code examples are useful. See the CloudFormation Example section for further details.
