AWS Amazon Cognito User Pool
This page shows how to write Terraform and CloudFormation for Amazon Cognito User Pool and write them securely.
aws_cognito_user_pool (Terraform)
The User Pool in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_user_pool
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cognito_user_pool" "positive1" {
# ... other configuration ...
sms_authentication_message = "Your code is {####}"
sms_configuration {
resource "aws_cognito_user_pool" "negative1" {
# ... other configuration ...
mfa_configuration = "ON"
sms_authentication_message = "Your code is {####}"
resource "aws_cognito_user_pool" "user_pool" {
name = "beats_user_pool"
alias_attributes = ["email"]
username_configuration {
case_sensitive = false
}
resource "aws_cognito_user_pool" "positive1" {
# ... other configuration ...
sms_authentication_message = "Your code is {####}"
sms_configuration {
resource "aws_cognito_user_pool" "negative1" {
# ... other configuration ...
mfa_configuration = "ON"
sms_authentication_message = "Your code is {####}"
Parameters
-
alias_attributes
optional - set of string -
arn
optional computed - string -
auto_verified_attributes
optional - set of string -
creation_date
optional computed - string -
email_verification_message
optional computed - string -
email_verification_subject
optional computed - string -
endpoint
optional computed - string -
id
optional computed - string -
last_modified_date
optional computed - string -
mfa_configuration
optional - string -
name
required - string -
sms_authentication_message
optional - string -
sms_verification_message
optional computed - string -
tags
optional - map from string to string -
username_attributes
optional - list of string -
account_recovery_setting
list block-
recovery_mechanism
set block
-
-
admin_create_user_config
list block-
allow_admin_create_user_only
optional - bool -
invite_message_template
list block-
email_message
optional - string -
email_subject
optional - string -
sms_message
optional - string
-
-
-
device_configuration
list block-
challenge_required_on_new_device
optional - bool -
device_only_remembered_on_user_prompt
optional - bool
-
-
email_configuration
list block-
configuration_set
optional - string -
email_sending_account
optional - string -
from_email_address
optional - string -
reply_to_email_address
optional - string -
source_arn
optional - string
-
-
lambda_config
list block-
create_auth_challenge
optional - string -
custom_message
optional - string -
define_auth_challenge
optional - string -
post_authentication
optional - string -
post_confirmation
optional - string -
pre_authentication
optional - string -
pre_sign_up
optional - string -
pre_token_generation
optional - string -
user_migration
optional - string -
verify_auth_challenge_response
optional - string
-
-
password_policy
list block-
minimum_length
optional - number -
require_lowercase
optional - bool -
require_numbers
optional - bool -
require_symbols
optional - bool -
require_uppercase
optional - bool -
temporary_password_validity_days
optional - number
-
-
schema
set block-
attribute_data_type
required - string -
developer_only_attribute
optional - bool -
mutable
optional - bool -
name
required - string -
required
optional - bool -
number_attribute_constraints
list block -
string_attribute_constraints
list block-
max_length
optional - string -
min_length
optional - string
-
-
-
sms_configuration
list block-
external_id
required - string -
sns_caller_arn
required - string
-
-
software_token_mfa_configuration
list block-
enabled
required - bool
-
-
user_pool_add_ons
list block-
advanced_security_mode
required - string
-
-
username_configuration
list block-
case_sensitive
required - bool
-
-
verification_message_template
list block-
default_email_option
optional - string -
email_message
optional computed - string -
email_message_by_link
optional computed - string -
email_subject
optional computed - string -
email_subject_by_link
optional computed - string -
sms_message
optional computed - string
-
Explanation in Terraform Registry
Provides a Cognito User Pool resource.
AWS::Cognito::UserPool (CloudFormation)
The UserPool in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::UserPool
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: uat01a-cognito-user-pool
UserPool2:
Type: AWS::Cognito::UserPool
Properties:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: '${self:provider.environment.COGNITO_POOL_NAME}'
# Set email as an alias
UsernameAttributes:
- email
Type: AWS::Cognito::UserPool
Properties:
MfaConfiguration: 'OFF'
UserPoolName:
Fn::Sub: Tzero${self:custom.stage}_ProducerUserPool
UsernameAttributes:
Type: AWS::Cognito::UserPool
Properties:
UserPoolName: ${self:provider.stage}-user-pool
UsernameAttributes:
- email
AutoVerifiedAttributes:
Type: "AWS::Cognito::UserPool"
Properties:
MfaConfiguration: OFF
UserPoolName: ${service}-${name}-pool
UsernameAttributes:
- email
"Type":"AWS::Cognito::UserPool",
"Properties":{
"UserPoolName":"AdminUserPool",
"AliasAttributes":["email"],
"Schema": [
{
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"ClientName": "TestApp",
"GenerateSecret": true,
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AutoVerifiedAttributes": [],
"AliasAttributes": [],
"UsernameAttributes": [],
"Policies": {
"path": "/ResourceTypes/AWS::Cognito::UserPool/Properties/AliasAttributes/Value",
"value": {
"ValueType": "AWS::Cognito::UserPool.AliasAttributes"
}
},
{
"Type": "AWS::Cognito::UserPool",
"Properties": {
"MfaConfiguration": "OFF",
"UserPoolName": "yyp-user-pool",
"UsernameAttributes": [
"email"
Parameters
-
UserPoolTags
optional - Json -
Policies
optional - Policies -
VerificationMessageTemplate
optional - VerificationMessageTemplate -
MfaConfiguration
optional - String -
Schema
optional - List of SchemaAttribute -
AdminCreateUserConfig
optional - AdminCreateUserConfig -
SmsAuthenticationMessage
optional - String -
UsernameConfiguration
optional - UsernameConfiguration -
UserPoolName
optional - String -
SmsVerificationMessage
optional - String -
UserPoolAddOns
optional - UserPoolAddOns -
EmailConfiguration
optional - EmailConfiguration -
SmsConfiguration
optional - SmsConfiguration -
AliasAttributes
optional - List -
EnabledMfas
optional - List -
EmailVerificationSubject
optional - String -
LambdaConfig
optional - LambdaConfig -
UsernameAttributes
optional - List -
AutoVerifiedAttributes
optional - List -
DeviceConfiguration
optional - DeviceConfiguration -
EmailVerificationMessage
optional - String -
AccountRecoverySetting
optional - AccountRecoverySetting
Explanation in CloudFormation Registry
The
AWS::Cognito::UserPool
resource creates an Amazon Cognito user pool. For more information on working with Amazon Cognito user pools, see Amazon Cognito User Pools and CreateUserPool.
Frequently asked questions
What is AWS Amazon Cognito User Pool?
AWS Amazon Cognito User Pool is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Cognito User Pool?
For Terraform, the Checkmarx/kics, Checkmarx/kics and ccteng/nursing_capstone source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the cherylf/AWS-CloudFormation, uu4k/aws-nodejs-express-typescript and Chifhiwa/test-stack-002836 source code examples are useful. See the CloudFormation Example section for further details.