Class: AWSCDK::Cognito::UserPoolProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
cognito/user_pool_props.rb

Overview

Props for the UserPool construct.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(account_recovery: nil, advanced_security_mode: nil, auto_verify: nil, custom_attributes: nil, custom_sender_kms_key: nil, custom_threat_protection_mode: nil, deletion_protection: nil, device_tracking: nil, email: nil, enable_sms_role: nil, feature_plan: nil, keep_original: nil, lambda_triggers: nil, mfa: nil, mfa_message: nil, mfa_second_factor: nil, passkey_relying_party_id: nil, passkey_user_verification: nil, password_policy: nil, removal_policy: nil, self_sign_up_enabled: nil, sign_in_aliases: nil, sign_in_case_sensitive: nil, sign_in_policy: nil, sms_role: nil, sms_role_external_id: nil, sns_region: nil, standard_attributes: nil, standard_threat_protection_mode: nil, user_invitation: nil, user_pool_name: nil, user_verification: nil) ⇒ UserPoolProps

Returns a new instance of UserPoolProps.

Parameters:

  • account_recovery (AWSCDK::Cognito::AccountRecovery, nil) (defaults to: nil)

    How will a user be able to recover their account?

  • advanced_security_mode (AWSCDK::Cognito::AdvancedSecurityMode, nil) (defaults to: nil)

    The user pool's Advanced Security Mode.

  • auto_verify (AWSCDK::Cognito::AutoVerifiedAttrs, nil) (defaults to: nil)

    Attributes which Cognito will look to verify automatically upon user sign up.

  • custom_attributes (Hash{String => AWSCDK::Cognito::ICustomAttribute}, nil) (defaults to: nil)

    Define a set of custom attributes that can be configured for each user in the user pool.

  • custom_sender_kms_key (AWSCDK::Interfaces::AWSKMS::IKeyRef, nil) (defaults to: nil)

    This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

  • custom_threat_protection_mode (AWSCDK::Cognito::CustomThreatProtectionMode, nil) (defaults to: nil)

    The Type of Threat Protection Enabled for Custom Authentication.

  • deletion_protection (Boolean, nil) (defaults to: nil)

    Indicates whether the user pool should have deletion protection enabled.

  • device_tracking (AWSCDK::Cognito::DeviceTracking, nil) (defaults to: nil)

    Device tracking settings.

  • email (AWSCDK::Cognito::UserPoolEmail, nil) (defaults to: nil)

    Email settings for a user pool.

  • enable_sms_role (Boolean, nil) (defaults to: nil)

    Setting this would explicitly enable or disable SMS role creation.

  • feature_plan (AWSCDK::Cognito::FeaturePlan, nil) (defaults to: nil)

    The user pool feature plan, or tier.

  • keep_original (AWSCDK::Cognito::KeepOriginalAttrs, nil) (defaults to: nil)

    Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

  • lambda_triggers (AWSCDK::Cognito::UserPoolTriggers, nil) (defaults to: nil)

    Lambda functions to use for supported Cognito triggers.

  • mfa (AWSCDK::Cognito::Mfa, nil) (defaults to: nil)

    Configure whether users of this user pool can or are required use MFA to sign in.

  • mfa_message (String, nil) (defaults to: nil)

    The SMS message template sent during MFA verification.

  • mfa_second_factor (AWSCDK::Cognito::MfaSecondFactor, nil) (defaults to: nil)

    Configure the MFA types that users can use in this user pool.

  • passkey_relying_party_id (String, nil) (defaults to: nil)

    The authentication domain that passkey providers must use as a relying party (RP) in their configuration.

  • passkey_user_verification (AWSCDK::Cognito::PasskeyUserVerification, nil) (defaults to: nil)

    Your user-pool treatment for MFA with a passkey.

  • password_policy (AWSCDK::Cognito::PasswordPolicy, nil) (defaults to: nil)

    Password policy for this user pool.

  • removal_policy (AWSCDK::RemovalPolicy, nil) (defaults to: nil)

    Policy to apply when the user pool is removed from the stack.

  • self_sign_up_enabled (Boolean, nil) (defaults to: nil)

    Whether self sign-up should be enabled.

  • sign_in_aliases (AWSCDK::Cognito::SignInAliases, nil) (defaults to: nil)

    Methods in which a user registers or signs in to a user pool.

  • sign_in_case_sensitive (Boolean, nil) (defaults to: nil)

    Whether sign-in aliases should be evaluated with case sensitivity.

  • sign_in_policy (AWSCDK::Cognito::SignInPolicy, nil) (defaults to: nil)

    Sign-in policy for this user pool.

  • sms_role (AWSCDK::Interfaces::AWSIAM::IRoleRef, nil) (defaults to: nil)

    The IAM role that Cognito will assume while sending SMS messages.

  • sms_role_external_id (String, nil) (defaults to: nil)

    The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

  • sns_region (String, nil) (defaults to: nil)

    The region to integrate with SNS to send SMS messages.

  • standard_attributes (AWSCDK::Cognito::StandardAttributes, nil) (defaults to: nil)

    The set of attributes that are required for every user in the user pool.

  • standard_threat_protection_mode (AWSCDK::Cognito::StandardThreatProtectionMode, nil) (defaults to: nil)

    The Type of Threat Protection Enabled for Standard Authentication.

  • user_invitation (AWSCDK::Cognito::UserInvitationConfig, nil) (defaults to: nil)

    Configuration around admins signing up users into a user pool.

  • user_pool_name (String, nil) (defaults to: nil)

    Name of the user pool.

  • user_verification (AWSCDK::Cognito::UserVerificationConfig, nil) (defaults to: nil)

    Configuration around users signing themselves up to the user pool.



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'cognito/user_pool_props.rb', line 39

def initialize(account_recovery: nil, advanced_security_mode: nil, auto_verify: nil, custom_attributes: nil, custom_sender_kms_key: nil, custom_threat_protection_mode: nil, deletion_protection: nil, device_tracking: nil, email: nil, enable_sms_role: nil, feature_plan: nil, keep_original: nil, lambda_triggers: nil, mfa: nil, mfa_message: nil, mfa_second_factor: nil, passkey_relying_party_id: nil, passkey_user_verification: nil, password_policy: nil, removal_policy: nil, self_sign_up_enabled: nil, sign_in_aliases: nil, sign_in_case_sensitive: nil, sign_in_policy: nil, sms_role: nil, sms_role_external_id: nil, sns_region: nil, standard_attributes: nil, standard_threat_protection_mode: nil, user_invitation: nil, user_pool_name: nil, user_verification: nil)
  @account_recovery = 
  Jsii::Type.check_type(@account_recovery, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BY2NvdW50UmVjb3ZlcnkifQ==")), "accountRecovery") unless @account_recovery.nil?
  @advanced_security_mode = advanced_security_mode
  Jsii::Type.check_type(@advanced_security_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BZHZhbmNlZFNlY3VyaXR5TW9kZSJ9")), "advancedSecurityMode") unless @advanced_security_mode.nil?
  @auto_verify = auto_verify.is_a?(Hash) ? ::AWSCDK::Cognito::AutoVerifiedAttrs.new(**auto_verify.transform_keys(&:to_sym)) : auto_verify
  Jsii::Type.check_type(@auto_verify, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BdXRvVmVyaWZpZWRBdHRycyJ9")), "autoVerify") unless @auto_verify.nil?
  @custom_attributes = custom_attributes
  Jsii::Type.check_type(@custom_attributes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLklDdXN0b21BdHRyaWJ1dGUifSwia2luZCI6Im1hcCJ9fQ==")), "customAttributes") unless @custom_attributes.nil?
  @custom_sender_kms_key = custom_sender_kms_key
  Jsii::Type.check_type(@custom_sender_kms_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "customSenderKmsKey") unless @custom_sender_kms_key.nil?
  @custom_threat_protection_mode = custom_threat_protection_mode
  Jsii::Type.check_type(@custom_threat_protection_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DdXN0b21UaHJlYXRQcm90ZWN0aW9uTW9kZSJ9")), "customThreatProtectionMode") unless @custom_threat_protection_mode.nil?
  @deletion_protection = deletion_protection
  Jsii::Type.check_type(@deletion_protection, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "deletionProtection") unless @deletion_protection.nil?
  @device_tracking = device_tracking.is_a?(Hash) ? ::AWSCDK::Cognito::DeviceTracking.new(**device_tracking.transform_keys(&:to_sym)) : device_tracking
  Jsii::Type.check_type(@device_tracking, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5EZXZpY2VUcmFja2luZyJ9")), "deviceTracking") unless @device_tracking.nil?
  @email = email
  Jsii::Type.check_type(@email, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyUG9vbEVtYWlsIn0=")), "email") unless @email.nil?
  @enable_sms_role = enable_sms_role
  Jsii::Type.check_type(@enable_sms_role, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableSmsRole") unless @enable_sms_role.nil?
  @feature_plan = feature_plan
  Jsii::Type.check_type(@feature_plan, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5GZWF0dXJlUGxhbiJ9")), "featurePlan") unless @feature_plan.nil?
  @keep_original = keep_original.is_a?(Hash) ? ::AWSCDK::Cognito::KeepOriginalAttrs.new(**keep_original.transform_keys(&:to_sym)) : keep_original
  Jsii::Type.check_type(@keep_original, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5LZWVwT3JpZ2luYWxBdHRycyJ9")), "keepOriginal") unless @keep_original.nil?
  @lambda_triggers = lambda_triggers.is_a?(Hash) ? ::AWSCDK::Cognito::UserPoolTriggers.new(**lambda_triggers.transform_keys(&:to_sym)) : lambda_triggers
  Jsii::Type.check_type(@lambda_triggers, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyUG9vbFRyaWdnZXJzIn0=")), "lambdaTriggers") unless @lambda_triggers.nil?
  @mfa = mfa
  Jsii::Type.check_type(@mfa, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5NZmEifQ==")), "mfa") unless @mfa.nil?
  @mfa_message = mfa_message
  Jsii::Type.check_type(@mfa_message, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "mfaMessage") unless @mfa_message.nil?
  @mfa_second_factor = mfa_second_factor.is_a?(Hash) ? ::AWSCDK::Cognito::MfaSecondFactor.new(**mfa_second_factor.transform_keys(&:to_sym)) : mfa_second_factor
  Jsii::Type.check_type(@mfa_second_factor, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5NZmFTZWNvbmRGYWN0b3IifQ==")), "mfaSecondFactor") unless @mfa_second_factor.nil?
  @passkey_relying_party_id = passkey_relying_party_id
  Jsii::Type.check_type(@passkey_relying_party_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "passkeyRelyingPartyId") unless @passkey_relying_party_id.nil?
  @passkey_user_verification = passkey_user_verification
  Jsii::Type.check_type(@passkey_user_verification, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5QYXNza2V5VXNlclZlcmlmaWNhdGlvbiJ9")), "passkeyUserVerification") unless @passkey_user_verification.nil?
  @password_policy = password_policy.is_a?(Hash) ? ::AWSCDK::Cognito::PasswordPolicy.new(**password_policy.transform_keys(&:to_sym)) : password_policy
  Jsii::Type.check_type(@password_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5QYXNzd29yZFBvbGljeSJ9")), "passwordPolicy") unless @password_policy.nil?
  @removal_policy = removal_policy
  Jsii::Type.check_type(@removal_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "removalPolicy") unless @removal_policy.nil?
  @self_sign_up_enabled = 
  Jsii::Type.check_type(@self_sign_up_enabled, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "selfSignUpEnabled") unless @self_sign_up_enabled.nil?
  @sign_in_aliases = .is_a?(Hash) ? ::AWSCDK::Cognito::SignInAliases.new(**.transform_keys(&:to_sym)) : 
  Jsii::Type.check_type(@sign_in_aliases, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TaWduSW5BbGlhc2VzIn0=")), "signInAliases") unless @sign_in_aliases.nil?
  @sign_in_case_sensitive = 
  Jsii::Type.check_type(@sign_in_case_sensitive, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "signInCaseSensitive") unless @sign_in_case_sensitive.nil?
  @sign_in_policy = .is_a?(Hash) ? ::AWSCDK::Cognito::SignInPolicy.new(**.transform_keys(&:to_sym)) : 
  Jsii::Type.check_type(@sign_in_policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TaWduSW5Qb2xpY3kifQ==")), "signInPolicy") unless @sign_in_policy.nil?
  @sms_role = sms_role
  Jsii::Type.check_type(@sms_role, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19pYW0uSVJvbGVSZWYifQ==")), "smsRole") unless @sms_role.nil?
  @sms_role_external_id = sms_role_external_id
  Jsii::Type.check_type(@sms_role_external_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "smsRoleExternalId") unless @sms_role_external_id.nil?
  @sns_region = sns_region
  Jsii::Type.check_type(@sns_region, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "snsRegion") unless @sns_region.nil?
  @standard_attributes = standard_attributes.is_a?(Hash) ? ::AWSCDK::Cognito::StandardAttributes.new(**standard_attributes.transform_keys(&:to_sym)) : standard_attributes
  Jsii::Type.check_type(@standard_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TdGFuZGFyZEF0dHJpYnV0ZXMifQ==")), "standardAttributes") unless @standard_attributes.nil?
  @standard_threat_protection_mode = standard_threat_protection_mode
  Jsii::Type.check_type(@standard_threat_protection_mode, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5TdGFuZGFyZFRocmVhdFByb3RlY3Rpb25Nb2RlIn0=")), "standardThreatProtectionMode") unless @standard_threat_protection_mode.nil?
  @user_invitation = user_invitation.is_a?(Hash) ? ::AWSCDK::Cognito::UserInvitationConfig.new(**user_invitation.transform_keys(&:to_sym)) : user_invitation
  Jsii::Type.check_type(@user_invitation, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VySW52aXRhdGlvbkNvbmZpZyJ9")), "userInvitation") unless @user_invitation.nil?
  @user_pool_name = user_pool_name
  Jsii::Type.check_type(@user_pool_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolName") unless @user_pool_name.nil?
  @user_verification = user_verification.is_a?(Hash) ? ::AWSCDK::Cognito::UserVerificationConfig.new(**user_verification.transform_keys(&:to_sym)) : user_verification
  Jsii::Type.check_type(@user_verification, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5Vc2VyVmVyaWZpY2F0aW9uQ29uZmlnIn0=")), "userVerification") unless @user_verification.nil?
end

Instance Attribute Details

#account_recoveryAWSCDK::Cognito::AccountRecovery? (readonly)

Note:

Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

How will a user be able to recover their account?



110
111
112
# File 'cognito/user_pool_props.rb', line 110

def 
  @account_recovery
end

#advanced_security_modeAWSCDK::Cognito::AdvancedSecurityMode? (readonly)

Deprecated.

Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.

Note:

Default: - no value

The user pool's Advanced Security Mode.



116
117
118
# File 'cognito/user_pool_props.rb', line 116

def advanced_security_mode
  @advanced_security_mode
end

#auto_verifyAWSCDK::Cognito::AutoVerifiedAttrs? (readonly)

Note:

Default: - If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

Attributes which Cognito will look to verify automatically upon user sign up.

EMAIL and PHONE are the only available options.



123
124
125
# File 'cognito/user_pool_props.rb', line 123

def auto_verify
  @auto_verify
end

#custom_attributesHash{String => AWSCDK::Cognito::ICustomAttribute}? (readonly)

Note:

Default: - No custom attributes.

Define a set of custom attributes that can be configured for each user in the user pool.

Returns:



128
129
130
# File 'cognito/user_pool_props.rb', line 128

def custom_attributes
  @custom_attributes
end

#custom_sender_kms_keyAWSCDK::Interfaces::AWSKMS::IKeyRef? (readonly)

Note:

Default: - no key ID configured

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.



134
135
136
# File 'cognito/user_pool_props.rb', line 134

def custom_sender_kms_key
  @custom_sender_kms_key
end

#custom_threat_protection_modeAWSCDK::Cognito::CustomThreatProtectionMode? (readonly)

Note:

Default: - no value

The Type of Threat Protection Enabled for Custom Authentication.

This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS



142
143
144
# File 'cognito/user_pool_props.rb', line 142

def custom_threat_protection_mode
  @custom_threat_protection_mode
end

#deletion_protectionBoolean? (readonly)

Note:

Default: false

Indicates whether the user pool should have deletion protection enabled.

Returns:

  • (Boolean, nil)


147
148
149
# File 'cognito/user_pool_props.rb', line 147

def deletion_protection
  @deletion_protection
end

#device_trackingAWSCDK::Cognito::DeviceTracking? (readonly)

Note:

Default: - see defaults on each property of DeviceTracking.

Device tracking settings.



152
153
154
# File 'cognito/user_pool_props.rb', line 152

def device_tracking
  @device_tracking
end

#emailAWSCDK::Cognito::UserPoolEmail? (readonly)

Note:

Default: - cognito will use the default email configuration

Email settings for a user pool.



157
158
159
# File 'cognito/user_pool_props.rb', line 157

def email
  @email
end

#enable_sms_roleBoolean? (readonly)

Note:

Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

Setting this would explicitly enable or disable SMS role creation.

When left unspecified, CDK will determine based on other properties if a role is needed or not.

Returns:

  • (Boolean, nil)


164
165
166
# File 'cognito/user_pool_props.rb', line 164

def enable_sms_role
  @enable_sms_role
end

#feature_planAWSCDK::Cognito::FeaturePlan? (readonly)

Note:

Default: - FeaturePlan.ESSENTIALS for a newly created user pool; FeaturePlan.LITE otherwise

The user pool feature plan, or tier.

This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection.



172
173
174
# File 'cognito/user_pool_props.rb', line 172

def feature_plan
  @feature_plan
end

#keep_originalAWSCDK::Cognito::KeepOriginalAttrs? (readonly)

Note:

Default: - Nothing is kept.

Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.

EMAIL and PHONE are the only available options.



179
180
181
# File 'cognito/user_pool_props.rb', line 179

def keep_original
  @keep_original
end

#lambda_triggersAWSCDK::Cognito::UserPoolTriggers? (readonly)

Note:

Default: - No Lambda triggers.

Lambda functions to use for supported Cognito triggers.



185
186
187
# File 'cognito/user_pool_props.rb', line 185

def lambda_triggers
  @lambda_triggers
end

#mfaAWSCDK::Cognito::Mfa? (readonly)

Note:

Default: Mfa.OFF

Configure whether users of this user pool can or are required use MFA to sign in.

Returns:



190
191
192
# File 'cognito/user_pool_props.rb', line 190

def mfa
  @mfa
end

#mfa_messageString? (readonly)

Note:

Default: 'Your authentication code is ####.'

The SMS message template sent during MFA verification.

Use '####' in the template where Cognito should insert the verification code.

Returns:

  • (String, nil)


197
198
199
# File 'cognito/user_pool_props.rb', line 197

def mfa_message
  @mfa_message
end

#mfa_second_factorAWSCDK::Cognito::MfaSecondFactor? (readonly)

Note:

Default: - { sms: true, otp: false, email: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false, email:false }, otherwise

Configure the MFA types that users can use in this user pool.

Ignored if mfa is set to OFF.



204
205
206
# File 'cognito/user_pool_props.rb', line 204

def mfa_second_factor
  @mfa_second_factor
end

#passkey_relying_party_idString? (readonly)

Note:

Default: - No authentication domain

The authentication domain that passkey providers must use as a relying party (RP) in their configuration.

Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:

  • The user pool is configured for passkey authentication.
  • The user pool has a custom domain, whether or not it also has a prefix domain.
  • Your application performs authentication with managed login or the classic hosted UI.

Returns:

  • (String, nil)


215
216
217
# File 'cognito/user_pool_props.rb', line 215

def passkey_relying_party_id
  @passkey_relying_party_id
end

#passkey_user_verificationAWSCDK::Cognito::PasskeyUserVerification? (readonly)

Note:

Default: - Cognito default setting is PasskeyUserVerification.PREFERRED

Your user-pool treatment for MFA with a passkey.

You can override other MFA options and require passkey MFA, or you can set it as preferred. When passkey MFA is preferred, the hosted UI encourages users to register a passkey at sign-in.



223
224
225
# File 'cognito/user_pool_props.rb', line 223

def passkey_user_verification
  @passkey_user_verification
end

#password_policyAWSCDK::Cognito::PasswordPolicy? (readonly)

Note:

Default: - see defaults on each property of PasswordPolicy.

Password policy for this user pool.



228
229
230
# File 'cognito/user_pool_props.rb', line 228

def password_policy
  @password_policy
end

#removal_policyAWSCDK::RemovalPolicy? (readonly)

Note:

Default: RemovalPolicy.RETAIN

Policy to apply when the user pool is removed from the stack.

Returns:



233
234
235
# File 'cognito/user_pool_props.rb', line 233

def removal_policy
  @removal_policy
end

#self_sign_up_enabledBoolean? (readonly)

Note:

Default: - false

Whether self sign-up should be enabled.

To configure self sign-up configuration use the user_verification property.

Returns:

  • (Boolean, nil)


240
241
242
# File 'cognito/user_pool_props.rb', line 240

def 
  @self_sign_up_enabled
end

#sign_in_aliasesAWSCDK::Cognito::SignInAliases? (readonly)

Note:

Default: { username: true }

Methods in which a user registers or signs in to a user pool.

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.



254
255
256
# File 'cognito/user_pool_props.rb', line 254

def 
  @sign_in_aliases
end

#sign_in_case_sensitiveBoolean? (readonly)

Note:

Default: true

Whether sign-in aliases should be evaluated with case sensitivity.

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

Returns:

  • (Boolean, nil)


261
262
263
# File 'cognito/user_pool_props.rb', line 261

def 
  @sign_in_case_sensitive
end

#sign_in_policyAWSCDK::Cognito::SignInPolicy? (readonly)

Note:

Default: - see defaults on each property of SignInPolicy.

Sign-in policy for this user pool.



266
267
268
# File 'cognito/user_pool_props.rb', line 266

def 
  @sign_in_policy
end

#sms_roleAWSCDK::Interfaces::AWSIAM::IRoleRef? (readonly)

Note:

Default: - a new IAM role is created.

The IAM role that Cognito will assume while sending SMS messages.



271
272
273
# File 'cognito/user_pool_props.rb', line 271

def sms_role
  @sms_role
end

#sms_role_external_idString? (readonly)

Note:

Default: - No external id will be configured.

The 'ExternalId' that Cognito service must be using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if sms_role is not specified.

Returns:

  • (String, nil)


280
281
282
# File 'cognito/user_pool_props.rb', line 280

def sms_role_external_id
  @sms_role_external_id
end

#sns_regionString? (readonly)

The region to integrate with SNS to send SMS messages.

This property will do nothing if SMS configuration is not configured.

Returns:

  • (String, nil)


287
288
289
# File 'cognito/user_pool_props.rb', line 287

def sns_region
  @sns_region
end

#standard_attributesAWSCDK::Cognito::StandardAttributes? (readonly)

Note:

Default: - All standard attributes are optional and mutable.

The set of attributes that are required for every user in the user pool.

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html



294
295
296
# File 'cognito/user_pool_props.rb', line 294

def standard_attributes
  @standard_attributes
end

#standard_threat_protection_modeAWSCDK::Cognito::StandardThreatProtectionMode? (readonly)

Note:

Default: - StandardThreatProtectionMode.NO_ENFORCEMENT

The Type of Threat Protection Enabled for Standard Authentication.

This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS



302
303
304
# File 'cognito/user_pool_props.rb', line 302

def standard_threat_protection_mode
  @standard_threat_protection_mode
end

#user_invitationAWSCDK::Cognito::UserInvitationConfig? (readonly)

Note:

Default: - see defaults in UserInvitationConfig.

Configuration around admins signing up users into a user pool.



307
308
309
# File 'cognito/user_pool_props.rb', line 307

def user_invitation
  @user_invitation
end

#user_pool_nameString? (readonly)

Note:

Default: - automatically generated name by CloudFormation at deploy time.

Name of the user pool.

Returns:

  • (String, nil)


312
313
314
# File 'cognito/user_pool_props.rb', line 312

def user_pool_name
  @user_pool_name
end

#user_verificationAWSCDK::Cognito::UserVerificationConfig? (readonly)

Note:

Default: - see defaults in UserVerificationConfig.

Configuration around users signing themselves up to the user pool.

Enable or disable self sign-up via the self_sign_up_enabled property.



319
320
321
# File 'cognito/user_pool_props.rb', line 319

def user_verification
  @user_verification
end

Class Method Details

.jsii_propertiesObject



321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
# File 'cognito/user_pool_props.rb', line 321

def self.jsii_properties
  {
    :account_recovery => "accountRecovery",
    :advanced_security_mode => "advancedSecurityMode",
    :auto_verify => "autoVerify",
    :custom_attributes => "customAttributes",
    :custom_sender_kms_key => "customSenderKmsKey",
    :custom_threat_protection_mode => "customThreatProtectionMode",
    :deletion_protection => "deletionProtection",
    :device_tracking => "deviceTracking",
    :email => "email",
    :enable_sms_role => "enableSmsRole",
    :feature_plan => "featurePlan",
    :keep_original => "keepOriginal",
    :lambda_triggers => "lambdaTriggers",
    :mfa => "mfa",
    :mfa_message => "mfaMessage",
    :mfa_second_factor => "mfaSecondFactor",
    :passkey_relying_party_id => "passkeyRelyingPartyId",
    :passkey_user_verification => "passkeyUserVerification",
    :password_policy => "passwordPolicy",
    :removal_policy => "removalPolicy",
    :self_sign_up_enabled => "selfSignUpEnabled",
    :sign_in_aliases => "signInAliases",
    :sign_in_case_sensitive => "signInCaseSensitive",
    :sign_in_policy => "signInPolicy",
    :sms_role => "smsRole",
    :sms_role_external_id => "smsRoleExternalId",
    :sns_region => "snsRegion",
    :standard_attributes => "standardAttributes",
    :standard_threat_protection_mode => "standardThreatProtectionMode",
    :user_invitation => "userInvitation",
    :user_pool_name => "userPoolName",
    :user_verification => "userVerification",
  }
end

Instance Method Details

#to_jsiiObject



358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
# File 'cognito/user_pool_props.rb', line 358

def to_jsii
  result = {}
  result.merge!({
    "accountRecovery" => @account_recovery,
    "advancedSecurityMode" => @advanced_security_mode,
    "autoVerify" => @auto_verify,
    "customAttributes" => @custom_attributes,
    "customSenderKmsKey" => @custom_sender_kms_key,
    "customThreatProtectionMode" => @custom_threat_protection_mode,
    "deletionProtection" => @deletion_protection,
    "deviceTracking" => @device_tracking,
    "email" => @email,
    "enableSmsRole" => @enable_sms_role,
    "featurePlan" => @feature_plan,
    "keepOriginal" => @keep_original,
    "lambdaTriggers" => @lambda_triggers,
    "mfa" => @mfa,
    "mfaMessage" => @mfa_message,
    "mfaSecondFactor" => @mfa_second_factor,
    "passkeyRelyingPartyId" => @passkey_relying_party_id,
    "passkeyUserVerification" => @passkey_user_verification,
    "passwordPolicy" => @password_policy,
    "removalPolicy" => @removal_policy,
    "selfSignUpEnabled" => @self_sign_up_enabled,
    "signInAliases" => @sign_in_aliases,
    "signInCaseSensitive" => @sign_in_case_sensitive,
    "signInPolicy" => @sign_in_policy,
    "smsRole" => @sms_role,
    "smsRoleExternalId" => @sms_role_external_id,
    "snsRegion" => @sns_region,
    "standardAttributes" => @standard_attributes,
    "standardThreatProtectionMode" => @standard_threat_protection_mode,
    "userInvitation" => @user_invitation,
    "userPoolName" => @user_pool_name,
    "userVerification" => @user_verification,
  })
  result.compact
end