Class: AWSCDK::Cognito::UserPoolProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Cognito::UserPoolProps
- Defined in:
- cognito/user_pool_props.rb
Overview
Props for the UserPool construct.
Instance Attribute Summary collapse
-
#account_recovery ⇒ AWSCDK::Cognito::AccountRecovery?
readonly
How will a user be able to recover their account?.
-
#advanced_security_mode ⇒ AWSCDK::Cognito::AdvancedSecurityMode?
readonly
deprecated
Deprecated.
Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
-
#auto_verify ⇒ AWSCDK::Cognito::AutoVerifiedAttrs?
readonly
Attributes which Cognito will look to verify automatically upon user sign up.
-
#custom_attributes ⇒ Hash{String => AWSCDK::Cognito::ICustomAttribute}?
readonly
Define a set of custom attributes that can be configured for each user in the user pool.
-
#custom_sender_kms_key ⇒ AWSCDK::Interfaces::AWSKMS::IKeyRef?
readonly
This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
-
#custom_threat_protection_mode ⇒ AWSCDK::Cognito::CustomThreatProtectionMode?
readonly
The Type of Threat Protection Enabled for Custom Authentication.
-
#deletion_protection ⇒ Boolean?
readonly
Indicates whether the user pool should have deletion protection enabled.
-
#device_tracking ⇒ AWSCDK::Cognito::DeviceTracking?
readonly
Device tracking settings.
-
#email ⇒ AWSCDK::Cognito::UserPoolEmail?
readonly
Email settings for a user pool.
-
#enable_sms_role ⇒ Boolean?
readonly
Setting this would explicitly enable or disable SMS role creation.
-
#feature_plan ⇒ AWSCDK::Cognito::FeaturePlan?
readonly
The user pool feature plan, or tier.
-
#keep_original ⇒ AWSCDK::Cognito::KeepOriginalAttrs?
readonly
Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
-
#lambda_triggers ⇒ AWSCDK::Cognito::UserPoolTriggers?
readonly
Lambda functions to use for supported Cognito triggers.
-
#mfa ⇒ AWSCDK::Cognito::Mfa?
readonly
Configure whether users of this user pool can or are required use MFA to sign in.
-
#mfa_message ⇒ String?
readonly
The SMS message template sent during MFA verification.
-
#mfa_second_factor ⇒ AWSCDK::Cognito::MfaSecondFactor?
readonly
Configure the MFA types that users can use in this user pool.
-
#passkey_relying_party_id ⇒ String?
readonly
The authentication domain that passkey providers must use as a relying party (RP) in their configuration.
-
#passkey_user_verification ⇒ AWSCDK::Cognito::PasskeyUserVerification?
readonly
Your user-pool treatment for MFA with a passkey.
-
#password_policy ⇒ AWSCDK::Cognito::PasswordPolicy?
readonly
Password policy for this user pool.
-
#removal_policy ⇒ AWSCDK::RemovalPolicy?
readonly
Policy to apply when the user pool is removed from the stack.
-
#self_sign_up_enabled ⇒ Boolean?
readonly
Whether self sign-up should be enabled.
-
#sign_in_aliases ⇒ AWSCDK::Cognito::SignInAliases?
readonly
Methods in which a user registers or signs in to a user pool.
-
#sign_in_case_sensitive ⇒ Boolean?
readonly
Whether sign-in aliases should be evaluated with case sensitivity.
-
#sign_in_policy ⇒ AWSCDK::Cognito::SignInPolicy?
readonly
Sign-in policy for this user pool.
-
#sms_role ⇒ AWSCDK::Interfaces::AWSIAM::IRoleRef?
readonly
The IAM role that Cognito will assume while sending SMS messages.
-
#sms_role_external_id ⇒ String?
readonly
The 'ExternalId' that Cognito service must be using when assuming the
smsRole, if the role is restricted with an 'sts:ExternalId' conditional. -
#sns_region ⇒ String?
readonly
The region to integrate with SNS to send SMS messages.
-
#standard_attributes ⇒ AWSCDK::Cognito::StandardAttributes?
readonly
The set of attributes that are required for every user in the user pool.
-
#standard_threat_protection_mode ⇒ AWSCDK::Cognito::StandardThreatProtectionMode?
readonly
The Type of Threat Protection Enabled for Standard Authentication.
-
#user_invitation ⇒ AWSCDK::Cognito::UserInvitationConfig?
readonly
Configuration around admins signing up users into a user pool.
-
#user_pool_name ⇒ String?
readonly
Name of the user pool.
-
#user_verification ⇒ AWSCDK::Cognito::UserVerificationConfig?
readonly
Configuration around users signing themselves up to the user pool.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(account_recovery: nil, advanced_security_mode: nil, auto_verify: nil, custom_attributes: nil, custom_sender_kms_key: nil, custom_threat_protection_mode: nil, deletion_protection: nil, device_tracking: nil, email: nil, enable_sms_role: nil, feature_plan: nil, keep_original: nil, lambda_triggers: nil, mfa: nil, mfa_message: nil, mfa_second_factor: nil, passkey_relying_party_id: nil, passkey_user_verification: nil, password_policy: nil, removal_policy: nil, self_sign_up_enabled: nil, sign_in_aliases: nil, sign_in_case_sensitive: nil, sign_in_policy: nil, sms_role: nil, sms_role_external_id: nil, sns_region: nil, standard_attributes: nil, standard_threat_protection_mode: nil, user_invitation: nil, user_pool_name: nil, user_verification: nil) ⇒ UserPoolProps
constructor
A new instance of UserPoolProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(account_recovery: nil, advanced_security_mode: nil, auto_verify: nil, custom_attributes: nil, custom_sender_kms_key: nil, custom_threat_protection_mode: nil, deletion_protection: nil, device_tracking: nil, email: nil, enable_sms_role: nil, feature_plan: nil, keep_original: nil, lambda_triggers: nil, mfa: nil, mfa_message: nil, mfa_second_factor: nil, passkey_relying_party_id: nil, passkey_user_verification: nil, password_policy: nil, removal_policy: nil, self_sign_up_enabled: nil, sign_in_aliases: nil, sign_in_case_sensitive: nil, sign_in_policy: nil, sms_role: nil, sms_role_external_id: nil, sns_region: nil, standard_attributes: nil, standard_threat_protection_mode: nil, user_invitation: nil, user_pool_name: nil, user_verification: nil) ⇒ UserPoolProps
Returns a new instance of UserPoolProps.
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'cognito/user_pool_props.rb', line 39 def initialize(account_recovery: nil, advanced_security_mode: nil, auto_verify: nil, custom_attributes: nil, custom_sender_kms_key: nil, custom_threat_protection_mode: nil, deletion_protection: nil, device_tracking: nil, email: nil, enable_sms_role: nil, feature_plan: nil, keep_original: nil, lambda_triggers: nil, mfa: nil, mfa_message: nil, mfa_second_factor: nil, passkey_relying_party_id: nil, passkey_user_verification: nil, password_policy: nil, removal_policy: nil, self_sign_up_enabled: nil, sign_in_aliases: nil, sign_in_case_sensitive: nil, sign_in_policy: nil, sms_role: nil, sms_role_external_id: nil, sns_region: nil, standard_attributes: nil, standard_threat_protection_mode: nil, user_invitation: nil, user_pool_name: nil, user_verification: nil) @account_recovery = account_recovery Jsii::Type.check_type(@account_recovery, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BY2NvdW50UmVjb3ZlcnkifQ==")), "accountRecovery") unless @account_recovery.nil? @advanced_security_mode = advanced_security_mode Jsii::Type.check_type(@advanced_security_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BZHZhbmNlZFNlY3VyaXR5TW9kZSJ9")), "advancedSecurityMode") unless @advanced_security_mode.nil? @auto_verify = auto_verify.is_a?(Hash) ? ::AWSCDK::Cognito::AutoVerifiedAttrs.new(**auto_verify.transform_keys(&:to_sym)) : auto_verify Jsii::Type.check_type(@auto_verify, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BdXRvVmVyaWZpZWRBdHRycyJ9")), "autoVerify") unless @auto_verify.nil? @custom_attributes = custom_attributes Jsii::Type.check_type(@custom_attributes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLklDdXN0b21BdHRyaWJ1dGUifSwia2luZCI6Im1hcCJ9fQ==")), "customAttributes") unless @custom_attributes.nil? @custom_sender_kms_key = custom_sender_kms_key Jsii::Type.check_type(@custom_sender_kms_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "customSenderKmsKey") unless @custom_sender_kms_key.nil? @custom_threat_protection_mode = custom_threat_protection_mode Jsii::Type.check_type(@custom_threat_protection_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DdXN0b21UaHJlYXRQcm90ZWN0aW9uTW9kZSJ9")), "customThreatProtectionMode") unless @custom_threat_protection_mode.nil? @deletion_protection = deletion_protection Jsii::Type.check_type(@deletion_protection, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "deletionProtection") unless @deletion_protection.nil? @device_tracking = device_tracking.is_a?(Hash) ? ::AWSCDK::Cognito::DeviceTracking.new(**device_tracking.transform_keys(&:to_sym)) : device_tracking Jsii::Type.check_type(@device_tracking, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5EZXZpY2VUcmFja2luZyJ9")), "deviceTracking") unless @device_tracking.nil? @email = email Jsii::Type.check_type(@email, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyUG9vbEVtYWlsIn0=")), "email") unless @email.nil? @enable_sms_role = enable_sms_role Jsii::Type.check_type(@enable_sms_role, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableSmsRole") unless @enable_sms_role.nil? @feature_plan = feature_plan Jsii::Type.check_type(@feature_plan, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5GZWF0dXJlUGxhbiJ9")), "featurePlan") unless @feature_plan.nil? @keep_original = keep_original.is_a?(Hash) ? ::AWSCDK::Cognito::KeepOriginalAttrs.new(**keep_original.transform_keys(&:to_sym)) : keep_original Jsii::Type.check_type(@keep_original, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5LZWVwT3JpZ2luYWxBdHRycyJ9")), "keepOriginal") unless @keep_original.nil? @lambda_triggers = lambda_triggers.is_a?(Hash) ? ::AWSCDK::Cognito::UserPoolTriggers.new(**lambda_triggers.transform_keys(&:to_sym)) : lambda_triggers Jsii::Type.check_type(@lambda_triggers, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyUG9vbFRyaWdnZXJzIn0=")), "lambdaTriggers") unless @lambda_triggers.nil? @mfa = mfa Jsii::Type.check_type(@mfa, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5NZmEifQ==")), "mfa") unless @mfa.nil? @mfa_message = Jsii::Type.check_type(@mfa_message, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mfaMessage") unless @mfa_message.nil? @mfa_second_factor = mfa_second_factor.is_a?(Hash) ? ::AWSCDK::Cognito::MfaSecondFactor.new(**mfa_second_factor.transform_keys(&:to_sym)) : mfa_second_factor Jsii::Type.check_type(@mfa_second_factor, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5NZmFTZWNvbmRGYWN0b3IifQ==")), "mfaSecondFactor") unless @mfa_second_factor.nil? @passkey_relying_party_id = Jsii::Type.check_type(@passkey_relying_party_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "passkeyRelyingPartyId") unless @passkey_relying_party_id.nil? @passkey_user_verification = passkey_user_verification Jsii::Type.check_type(@passkey_user_verification, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5QYXNza2V5VXNlclZlcmlmaWNhdGlvbiJ9")), "passkeyUserVerification") unless @passkey_user_verification.nil? @password_policy = password_policy.is_a?(Hash) ? ::AWSCDK::Cognito::PasswordPolicy.new(**password_policy.transform_keys(&:to_sym)) : password_policy Jsii::Type.check_type(@password_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5QYXNzd29yZFBvbGljeSJ9")), "passwordPolicy") unless @password_policy.nil? @removal_policy = removal_policy Jsii::Type.check_type(@removal_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "removalPolicy") unless @removal_policy.nil? @self_sign_up_enabled = self_sign_up_enabled Jsii::Type.check_type(@self_sign_up_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "selfSignUpEnabled") unless @self_sign_up_enabled.nil? @sign_in_aliases = sign_in_aliases.is_a?(Hash) ? ::AWSCDK::Cognito::SignInAliases.new(**sign_in_aliases.transform_keys(&:to_sym)) : sign_in_aliases Jsii::Type.check_type(@sign_in_aliases, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TaWduSW5BbGlhc2VzIn0=")), "signInAliases") unless @sign_in_aliases.nil? @sign_in_case_sensitive = sign_in_case_sensitive Jsii::Type.check_type(@sign_in_case_sensitive, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "signInCaseSensitive") unless @sign_in_case_sensitive.nil? @sign_in_policy = sign_in_policy.is_a?(Hash) ? ::AWSCDK::Cognito::SignInPolicy.new(**sign_in_policy.transform_keys(&:to_sym)) : sign_in_policy Jsii::Type.check_type(@sign_in_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TaWduSW5Qb2xpY3kifQ==")), "signInPolicy") unless @sign_in_policy.nil? @sms_role = sms_role Jsii::Type.check_type(@sms_role, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19pYW0uSVJvbGVSZWYifQ==")), "smsRole") unless @sms_role.nil? @sms_role_external_id = sms_role_external_id Jsii::Type.check_type(@sms_role_external_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "smsRoleExternalId") unless @sms_role_external_id.nil? @sns_region = sns_region Jsii::Type.check_type(@sns_region, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "snsRegion") unless @sns_region.nil? @standard_attributes = standard_attributes.is_a?(Hash) ? ::AWSCDK::Cognito::StandardAttributes.new(**standard_attributes.transform_keys(&:to_sym)) : standard_attributes Jsii::Type.check_type(@standard_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TdGFuZGFyZEF0dHJpYnV0ZXMifQ==")), "standardAttributes") unless @standard_attributes.nil? @standard_threat_protection_mode = standard_threat_protection_mode Jsii::Type.check_type(@standard_threat_protection_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TdGFuZGFyZFRocmVhdFByb3RlY3Rpb25Nb2RlIn0=")), "standardThreatProtectionMode") unless @standard_threat_protection_mode.nil? @user_invitation = user_invitation.is_a?(Hash) ? ::AWSCDK::Cognito::UserInvitationConfig.new(**user_invitation.transform_keys(&:to_sym)) : user_invitation Jsii::Type.check_type(@user_invitation, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VySW52aXRhdGlvbkNvbmZpZyJ9")), "userInvitation") unless @user_invitation.nil? @user_pool_name = user_pool_name Jsii::Type.check_type(@user_pool_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolName") unless @user_pool_name.nil? @user_verification = user_verification.is_a?(Hash) ? ::AWSCDK::Cognito::UserVerificationConfig.new(**user_verification.transform_keys(&:to_sym)) : user_verification Jsii::Type.check_type(@user_verification, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyVmVyaWZpY2F0aW9uQ29uZmlnIn0=")), "userVerification") unless @user_verification.nil? end |
Instance Attribute Details
#account_recovery ⇒ AWSCDK::Cognito::AccountRecovery? (readonly)
Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL
How will a user be able to recover their account?
110 111 112 |
# File 'cognito/user_pool_props.rb', line 110 def account_recovery @account_recovery end |
#advanced_security_mode ⇒ AWSCDK::Cognito::AdvancedSecurityMode? (readonly)
Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
Default: - no value
The user pool's Advanced Security Mode.
116 117 118 |
# File 'cognito/user_pool_props.rb', line 116 def advanced_security_mode @advanced_security_mode end |
#auto_verify ⇒ AWSCDK::Cognito::AutoVerifiedAttrs? (readonly)
Default: - If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.
Attributes which Cognito will look to verify automatically upon user sign up.
EMAIL and PHONE are the only available options.
123 124 125 |
# File 'cognito/user_pool_props.rb', line 123 def auto_verify @auto_verify end |
#custom_attributes ⇒ Hash{String => AWSCDK::Cognito::ICustomAttribute}? (readonly)
Default: - No custom attributes.
Define a set of custom attributes that can be configured for each user in the user pool.
128 129 130 |
# File 'cognito/user_pool_props.rb', line 128 def custom_attributes @custom_attributes end |
#custom_sender_kms_key ⇒ AWSCDK::Interfaces::AWSKMS::IKeyRef? (readonly)
Default: - no key ID configured
This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
134 135 136 |
# File 'cognito/user_pool_props.rb', line 134 def custom_sender_kms_key @custom_sender_kms_key end |
#custom_threat_protection_mode ⇒ AWSCDK::Cognito::CustomThreatProtectionMode? (readonly)
Default: - no value
The Type of Threat Protection Enabled for Custom Authentication.
This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
142 143 144 |
# File 'cognito/user_pool_props.rb', line 142 def custom_threat_protection_mode @custom_threat_protection_mode end |
#deletion_protection ⇒ Boolean? (readonly)
Default: false
Indicates whether the user pool should have deletion protection enabled.
147 148 149 |
# File 'cognito/user_pool_props.rb', line 147 def deletion_protection @deletion_protection end |
#device_tracking ⇒ AWSCDK::Cognito::DeviceTracking? (readonly)
Default: - see defaults on each property of DeviceTracking.
Device tracking settings.
152 153 154 |
# File 'cognito/user_pool_props.rb', line 152 def device_tracking @device_tracking end |
#email ⇒ AWSCDK::Cognito::UserPoolEmail? (readonly)
Default: - cognito will use the default email configuration
Email settings for a user pool.
157 158 159 |
# File 'cognito/user_pool_props.rb', line 157 def email @email end |
#enable_sms_role ⇒ Boolean? (readonly)
Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.
Setting this would explicitly enable or disable SMS role creation.
When left unspecified, CDK will determine based on other properties if a role is needed or not.
164 165 166 |
# File 'cognito/user_pool_props.rb', line 164 def enable_sms_role @enable_sms_role end |
#feature_plan ⇒ AWSCDK::Cognito::FeaturePlan? (readonly)
Default: - FeaturePlan.ESSENTIALS for a newly created user pool; FeaturePlan.LITE otherwise
The user pool feature plan, or tier.
This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection.
172 173 174 |
# File 'cognito/user_pool_props.rb', line 172 def feature_plan @feature_plan end |
#keep_original ⇒ AWSCDK::Cognito::KeepOriginalAttrs? (readonly)
Default: - Nothing is kept.
Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
EMAIL and PHONE are the only available options.
179 180 181 |
# File 'cognito/user_pool_props.rb', line 179 def keep_original @keep_original end |
#lambda_triggers ⇒ AWSCDK::Cognito::UserPoolTriggers? (readonly)
Default: - No Lambda triggers.
Lambda functions to use for supported Cognito triggers.
185 186 187 |
# File 'cognito/user_pool_props.rb', line 185 def lambda_triggers @lambda_triggers end |
#mfa ⇒ AWSCDK::Cognito::Mfa? (readonly)
Default: Mfa.OFF
Configure whether users of this user pool can or are required use MFA to sign in.
190 191 192 |
# File 'cognito/user_pool_props.rb', line 190 def mfa @mfa end |
#mfa_message ⇒ String? (readonly)
Default: 'Your authentication code is ####.'
The SMS message template sent during MFA verification.
Use '####' in the template where Cognito should insert the verification code.
197 198 199 |
# File 'cognito/user_pool_props.rb', line 197 def @mfa_message end |
#mfa_second_factor ⇒ AWSCDK::Cognito::MfaSecondFactor? (readonly)
Default: - { sms: true, otp: false, email: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false, email:false }, otherwise
Configure the MFA types that users can use in this user pool.
Ignored if mfa is set to OFF.
204 205 206 |
# File 'cognito/user_pool_props.rb', line 204 def mfa_second_factor @mfa_second_factor end |
#passkey_relying_party_id ⇒ String? (readonly)
Default: - No authentication domain
The authentication domain that passkey providers must use as a relying party (RP) in their configuration.
Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:
- The user pool is configured for passkey authentication.
- The user pool has a custom domain, whether or not it also has a prefix domain.
- Your application performs authentication with managed login or the classic hosted UI.
215 216 217 |
# File 'cognito/user_pool_props.rb', line 215 def @passkey_relying_party_id end |
#passkey_user_verification ⇒ AWSCDK::Cognito::PasskeyUserVerification? (readonly)
Default: - Cognito default setting is PasskeyUserVerification.PREFERRED
Your user-pool treatment for MFA with a passkey.
You can override other MFA options and require passkey MFA, or you can set it as preferred. When passkey MFA is preferred, the hosted UI encourages users to register a passkey at sign-in.
223 224 225 |
# File 'cognito/user_pool_props.rb', line 223 def passkey_user_verification @passkey_user_verification end |
#password_policy ⇒ AWSCDK::Cognito::PasswordPolicy? (readonly)
Default: - see defaults on each property of PasswordPolicy.
Password policy for this user pool.
228 229 230 |
# File 'cognito/user_pool_props.rb', line 228 def password_policy @password_policy end |
#removal_policy ⇒ AWSCDK::RemovalPolicy? (readonly)
Default: RemovalPolicy.RETAIN
Policy to apply when the user pool is removed from the stack.
233 234 235 |
# File 'cognito/user_pool_props.rb', line 233 def removal_policy @removal_policy end |
#self_sign_up_enabled ⇒ Boolean? (readonly)
Default: - false
Whether self sign-up should be enabled.
To configure self sign-up configuration use the user_verification property.
240 241 242 |
# File 'cognito/user_pool_props.rb', line 240 def self_sign_up_enabled @self_sign_up_enabled end |
#sign_in_aliases ⇒ AWSCDK::Cognito::SignInAliases? (readonly)
Default: { username: true }
Methods in which a user registers or signs in to a user pool.
Allows either username with aliases OR sign in with email, phone, or both.
Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
To match with 'Option 1' in the above link, with a verified email, this property should be set to
{ username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone
number, this property should be set to { email: true, phone: true }.
254 255 256 |
# File 'cognito/user_pool_props.rb', line 254 def sign_in_aliases @sign_in_aliases end |
#sign_in_case_sensitive ⇒ Boolean? (readonly)
Default: true
Whether sign-in aliases should be evaluated with case sensitivity.
For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.
261 262 263 |
# File 'cognito/user_pool_props.rb', line 261 def sign_in_case_sensitive @sign_in_case_sensitive end |
#sign_in_policy ⇒ AWSCDK::Cognito::SignInPolicy? (readonly)
Default: - see defaults on each property of SignInPolicy.
Sign-in policy for this user pool.
266 267 268 |
# File 'cognito/user_pool_props.rb', line 266 def sign_in_policy @sign_in_policy end |
#sms_role ⇒ AWSCDK::Interfaces::AWSIAM::IRoleRef? (readonly)
Default: - a new IAM role is created.
The IAM role that Cognito will assume while sending SMS messages.
271 272 273 |
# File 'cognito/user_pool_props.rb', line 271 def sms_role @sms_role end |
#sms_role_external_id ⇒ String? (readonly)
Default: - No external id will be configured.
The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.
Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
This property will be ignored if sms_role is not specified.
280 281 282 |
# File 'cognito/user_pool_props.rb', line 280 def sms_role_external_id @sms_role_external_id end |
#sns_region ⇒ String? (readonly)
Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
The region to integrate with SNS to send SMS messages.
This property will do nothing if SMS configuration is not configured.
287 288 289 |
# File 'cognito/user_pool_props.rb', line 287 def sns_region @sns_region end |
#standard_attributes ⇒ AWSCDK::Cognito::StandardAttributes? (readonly)
Default: - All standard attributes are optional and mutable.
The set of attributes that are required for every user in the user pool.
Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
294 295 296 |
# File 'cognito/user_pool_props.rb', line 294 def standard_attributes @standard_attributes end |
#standard_threat_protection_mode ⇒ AWSCDK::Cognito::StandardThreatProtectionMode? (readonly)
Default: - StandardThreatProtectionMode.NO_ENFORCEMENT
The Type of Threat Protection Enabled for Standard Authentication.
This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
302 303 304 |
# File 'cognito/user_pool_props.rb', line 302 def standard_threat_protection_mode @standard_threat_protection_mode end |
#user_invitation ⇒ AWSCDK::Cognito::UserInvitationConfig? (readonly)
Default: - see defaults in UserInvitationConfig.
Configuration around admins signing up users into a user pool.
307 308 309 |
# File 'cognito/user_pool_props.rb', line 307 def user_invitation @user_invitation end |
#user_pool_name ⇒ String? (readonly)
Default: - automatically generated name by CloudFormation at deploy time.
Name of the user pool.
312 313 314 |
# File 'cognito/user_pool_props.rb', line 312 def user_pool_name @user_pool_name end |
#user_verification ⇒ AWSCDK::Cognito::UserVerificationConfig? (readonly)
Default: - see defaults in UserVerificationConfig.
Configuration around users signing themselves up to the user pool.
Enable or disable self sign-up via the self_sign_up_enabled property.
319 320 321 |
# File 'cognito/user_pool_props.rb', line 319 def user_verification @user_verification end |
Class Method Details
.jsii_properties ⇒ Object
321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 |
# File 'cognito/user_pool_props.rb', line 321 def self.jsii_properties { :account_recovery => "accountRecovery", :advanced_security_mode => "advancedSecurityMode", :auto_verify => "autoVerify", :custom_attributes => "customAttributes", :custom_sender_kms_key => "customSenderKmsKey", :custom_threat_protection_mode => "customThreatProtectionMode", :deletion_protection => "deletionProtection", :device_tracking => "deviceTracking", :email => "email", :enable_sms_role => "enableSmsRole", :feature_plan => "featurePlan", :keep_original => "keepOriginal", :lambda_triggers => "lambdaTriggers", :mfa => "mfa", :mfa_message => "mfaMessage", :mfa_second_factor => "mfaSecondFactor", :passkey_relying_party_id => "passkeyRelyingPartyId", :passkey_user_verification => "passkeyUserVerification", :password_policy => "passwordPolicy", :removal_policy => "removalPolicy", :self_sign_up_enabled => "selfSignUpEnabled", :sign_in_aliases => "signInAliases", :sign_in_case_sensitive => "signInCaseSensitive", :sign_in_policy => "signInPolicy", :sms_role => "smsRole", :sms_role_external_id => "smsRoleExternalId", :sns_region => "snsRegion", :standard_attributes => "standardAttributes", :standard_threat_protection_mode => "standardThreatProtectionMode", :user_invitation => "userInvitation", :user_pool_name => "userPoolName", :user_verification => "userVerification", } end |
Instance Method Details
#to_jsii ⇒ Object
358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 |
# File 'cognito/user_pool_props.rb', line 358 def to_jsii result = {} result.merge!({ "accountRecovery" => @account_recovery, "advancedSecurityMode" => @advanced_security_mode, "autoVerify" => @auto_verify, "customAttributes" => @custom_attributes, "customSenderKmsKey" => @custom_sender_kms_key, "customThreatProtectionMode" => @custom_threat_protection_mode, "deletionProtection" => @deletion_protection, "deviceTracking" => @device_tracking, "email" => @email, "enableSmsRole" => @enable_sms_role, "featurePlan" => @feature_plan, "keepOriginal" => @keep_original, "lambdaTriggers" => @lambda_triggers, "mfa" => @mfa, "mfaMessage" => @mfa_message, "mfaSecondFactor" => @mfa_second_factor, "passkeyRelyingPartyId" => @passkey_relying_party_id, "passkeyUserVerification" => @passkey_user_verification, "passwordPolicy" => @password_policy, "removalPolicy" => @removal_policy, "selfSignUpEnabled" => @self_sign_up_enabled, "signInAliases" => @sign_in_aliases, "signInCaseSensitive" => @sign_in_case_sensitive, "signInPolicy" => @sign_in_policy, "smsRole" => @sms_role, "smsRoleExternalId" => @sms_role_external_id, "snsRegion" => @sns_region, "standardAttributes" => @standard_attributes, "standardThreatProtectionMode" => @standard_threat_protection_mode, "userInvitation" => @user_invitation, "userPoolName" => @user_pool_name, "userVerification" => @user_verification, }) result.compact end |