Table of Contents

Class UserPoolProps

Namespace
Amazon.CDK.AWS.Cognito
Assembly
Amazon.CDK.AWS.Cognito.dll

Props for the UserPool construct.

public class UserPoolProps : IUserPoolProps
Inheritance
UserPoolProps
Implements
Inherited Members

Examples

new UserPool(this, "myuserpool", new UserPoolProps {
                // ...
                SelfSignUpEnabled = true,
                UserVerification = new UserVerificationConfig {
                    EmailSubject = "Verify your email for our awesome app!",
                    EmailBody = "Thanks for signing up to our awesome app! Your verification code is {####}",
                    EmailStyle = VerificationEmailStyle.CODE,
                    SmsMessage = "Thanks for signing up to our awesome app! Your verification code is {####}"
                }
            });

Remarks

ExampleMetadata: infused

Constructors

UserPoolProps() 

public UserPoolProps()

Properties

AccountRecovery

How will a user be able to recover their account?

public AccountRecovery? AccountRecovery { get; set; }

Property Value

AccountRecovery?

Remarks

Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

AutoVerify

Attributes which Cognito will look to verify automatically upon user sign up.

public IAutoVerifiedAttrs? AutoVerify { get; set; }

Property Value

IAutoVerifiedAttrs

Remarks

EMAIL and PHONE are the only available options.

Default: - If signInAlias includes email and/or phone, they will be included in autoVerifiedAttributes by default. If absent, no attributes will be auto-verified.

CustomAttributes

Define a set of custom attributes that can be configured for each user in the user pool.

public IDictionary<string, ICustomAttribute>? CustomAttributes { get; set; }

Property Value

IDictionary<string, ICustomAttribute>

Remarks

Default: - No custom attributes.

CustomSenderKmsKey

This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

public IKey? CustomSenderKmsKey { get; set; }

Property Value

IKey

Remarks

Default: - no key ID configured

See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html

DeviceTracking

Device tracking settings.

public IDeviceTracking? DeviceTracking { get; set; }

Property Value

IDeviceTracking

Remarks

Default: - see defaults on each property of DeviceTracking.

Email

Email settings for a user pool.

public UserPoolEmail? Email { get; set; }

Property Value

UserPoolEmail

Remarks

Default: - cognito will use the default email configuration

EmailSettings

(deprecated) Email settings for a user pool.

[Obsolete("Use 'email' instead.")]
public IEmailSettings? EmailSettings { get; set; }

Property Value

IEmailSettings

Remarks

Default: - see defaults on each property of EmailSettings.

Stability: Deprecated

EnableSmsRole

Setting this would explicitly enable or disable SMS role creation.

public bool? EnableSmsRole { get; set; }

Property Value

bool?

Remarks

When left unspecified, CDK will determine based on other properties if a role is needed or not.

Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

LambdaTriggers

Lambda functions to use for supported Cognito triggers.

public IUserPoolTriggers? LambdaTriggers { get; set; }

Property Value

IUserPoolTriggers

Remarks

Default: - No Lambda triggers.

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

Mfa

Configure whether users of this user pool can or are required use MFA to sign in.

public Mfa? Mfa { get; set; }

Property Value

Mfa?

Remarks

Default: Mfa.OFF

MfaMessage

The SMS message template sent during MFA verification.

public string? MfaMessage { get; set; }

Property Value

string

Remarks

Use '{####}' in the template where Cognito should insert the verification code.

Default: 'Your authentication code is {####}.'

MfaSecondFactor

Configure the MFA types that users can use in this user pool.

public IMfaSecondFactor? MfaSecondFactor { get; set; }

Property Value

IMfaSecondFactor

Remarks

Ignored if mfa is set to OFF.

Default: - { sms: true, otp: false }, if mfa is set to OPTIONAL or REQUIRED. { sms: false, otp: false }, otherwise

PasswordPolicy

Password policy for this user pool.

public IPasswordPolicy? PasswordPolicy { get; set; }

Property Value

IPasswordPolicy

Remarks

Default: - see defaults on each property of PasswordPolicy.

RemovalPolicy

Policy to apply when the user pool is removed from the stack.

public RemovalPolicy?? RemovalPolicy { get; set; }

Property Value

RemovalPolicy?

Remarks

Default: RemovalPolicy.RETAIN

SelfSignUpEnabled

Whether self sign up should be enabled.

public bool? SelfSignUpEnabled { get; set; }

Property Value

bool?

Remarks

This can be further configured via the selfSignUp property.

Default: false

SignInAliases

Methods in which a user registers or signs in to a user pool.

public ISignInAliases? SignInAliases { get; set; }

Property Value

ISignInAliases

Remarks

Allows either username with aliases OR sign in with email, phone, or both.

Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

Default: { username: true }

SignInCaseSensitive

Whether sign-in aliases should be evaluated with case sensitivity.

public bool? SignInCaseSensitive { get; set; }

Property Value

bool?

Remarks

For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

Default: true

SmsRole

The IAM role that Cognito will assume while sending SMS messages.

public IRole? SmsRole { get; set; }

Property Value

IRole

Remarks

Default: - a new IAM role is created

SmsRoleExternalId

The 'ExternalId' that Cognito service must using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

public string? SmsRoleExternalId { get; set; }

Property Value

string

Remarks

Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

This property will be ignored if smsRole is not specified.

Default: - No external id will be configured

SnsRegion

The region to integrate with SNS to send SMS messages.

public string? SnsRegion { get; set; }

Property Value

string

Remarks

This property will do nothing if SMS configuration is not configured

Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time

StandardAttributes

The set of attributes that are required for every user in the user pool.

public IStandardAttributes? StandardAttributes { get; set; }

Property Value

IStandardAttributes

Remarks

Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

Default: - All standard attributes are optional and mutable.

UserInvitation

Configuration around admins signing up users into a user pool.

public IUserInvitationConfig? UserInvitation { get; set; }

Property Value

IUserInvitationConfig

Remarks

Default: - see defaults in UserInvitationConfig

UserPoolName

Name of the user pool.

public string? UserPoolName { get; set; }

Property Value

string

Remarks

Default: - automatically generated name by CloudFormation at deploy time

UserVerification

Configuration around users signing themselves up to the user pool.

public IUserVerificationConfig? UserVerification { get; set; }

Property Value

IUserVerificationConfig

Remarks

Enable or disable self sign-up via the selfSignUpEnabled property.

Default: - see defaults in UserVerificationConfig