user_pools
Creates, updates, deletes or gets an user_pool resource or lists user_pools in a region
Overview
| Name | user_pools |
| Type | Resource |
| Description | Definition of AWS::Cognito::UserPool Resource Type |
| Id | awscc.cognito.user_pools |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
user_pool_name | string | |
policies | object | |
account_recovery_setting | object | |
admin_create_user_config | object | |
alias_attributes | array | |
username_attributes | array | |
auto_verified_attributes | array | |
device_configuration | object | |
email_configuration | object | |
email_verification_message | string | |
email_verification_subject | string | |
deletion_protection | string | |
lambda_config | object | |
mfa_configuration | string | |
enabled_mfas | array | |
sms_authentication_message | string | |
email_authentication_message | string | |
email_authentication_subject | string | |
sms_configuration | object | |
sms_verification_message | string | |
web_authn_relying_party_id | string | |
web_authn_user_verification | string | |
schema | array | |
username_configuration | object | |
user_attribute_update_settings | object | |
user_pool_tags | object | |
verification_message_template | object | |
user_pool_add_ons | object | |
provider_name | string | |
provider_url | string | |
arn | string | |
user_pool_id | string | |
user_pool_tier | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
user_pool_id | string | |
region | string | AWS region. |
For more information, see AWS::Cognito::UserPool.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | user_pools | INSERT | region |
delete_resource | user_pools | DELETE | Identifier, region |
update_resource | user_pools | UPDATE | Identifier, PatchDocument, region |
list_resources | user_pools_list_only | SELECT | region |
get_resource | user_pools | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual user_pool.
SELECT
region,
user_pool_name,
policies,
account_recovery_setting,
admin_create_user_config,
alias_attributes,
username_attributes,
auto_verified_attributes,
device_configuration,
email_configuration,
email_verification_message,
email_verification_subject,
deletion_protection,
lambda_config,
mfa_configuration,
enabled_mfas,
sms_authentication_message,
email_authentication_message,
email_authentication_subject,
sms_configuration,
sms_verification_message,
web_authn_relying_party_id,
web_authn_user_verification,
schema,
username_configuration,
user_attribute_update_settings,
user_pool_tags,
verification_message_template,
user_pool_add_ons,
provider_name,
provider_url,
arn,
user_pool_id,
user_pool_tier
FROM awscc.cognito.user_pools
WHERE
region = 'us-east-1' AND
Identifier = '{{ user_pool_id }}';
Lists all user_pools in a region.
SELECT
region,
user_pool_id
FROM awscc.cognito.user_pools_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new user_pool resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.cognito.user_pools (
UserPoolName,
Policies,
AccountRecoverySetting,
AdminCreateUserConfig,
AliasAttributes,
UsernameAttributes,
AutoVerifiedAttributes,
DeviceConfiguration,
EmailConfiguration,
EmailVerificationMessage,
EmailVerificationSubject,
DeletionProtection,
LambdaConfig,
MfaConfiguration,
EnabledMfas,
SmsAuthenticationMessage,
EmailAuthenticationMessage,
EmailAuthenticationSubject,
SmsConfiguration,
SmsVerificationMessage,
WebAuthnRelyingPartyID,
WebAuthnUserVerification,
Schema,
UsernameConfiguration,
UserAttributeUpdateSettings,
UserPoolTags,
VerificationMessageTemplate,
UserPoolAddOns,
UserPoolTier,
region
)
SELECT
'{{ user_pool_name }}',
'{{ policies }}',
'{{ account_recovery_setting }}',
'{{ admin_create_user_config }}',
'{{ alias_attributes }}',
'{{ username_attributes }}',
'{{ auto_verified_attributes }}',
'{{ device_configuration }}',
'{{ email_configuration }}',
'{{ email_verification_message }}',
'{{ email_verification_subject }}',
'{{ deletion_protection }}',
'{{ lambda_config }}',
'{{ mfa_configuration }}',
'{{ enabled_mfas }}',
'{{ sms_authentication_message }}',
'{{ email_authentication_message }}',
'{{ email_authentication_subject }}',
'{{ sms_configuration }}',
'{{ sms_verification_message }}',
'{{ web_authn_relying_party_id }}',
'{{ web_authn_user_verification }}',
'{{ schema }}',
'{{ username_configuration }}',
'{{ user_attribute_update_settings }}',
'{{ user_pool_tags }}',
'{{ verification_message_template }}',
'{{ user_pool_add_ons }}',
'{{ user_pool_tier }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.cognito.user_pools (
UserPoolName,
Policies,
AccountRecoverySetting,
AdminCreateUserConfig,
AliasAttributes,
UsernameAttributes,
AutoVerifiedAttributes,
DeviceConfiguration,
EmailConfiguration,
EmailVerificationMessage,
EmailVerificationSubject,
DeletionProtection,
LambdaConfig,
MfaConfiguration,
EnabledMfas,
SmsAuthenticationMessage,
EmailAuthenticationMessage,
EmailAuthenticationSubject,
SmsConfiguration,
SmsVerificationMessage,
WebAuthnRelyingPartyID,
WebAuthnUserVerification,
Schema,
UsernameConfiguration,
UserAttributeUpdateSettings,
UserPoolTags,
VerificationMessageTemplate,
UserPoolAddOns,
UserPoolTier,
region
)
SELECT
'{{ user_pool_name }}',
'{{ policies }}',
'{{ account_recovery_setting }}',
'{{ admin_create_user_config }}',
'{{ alias_attributes }}',
'{{ username_attributes }}',
'{{ auto_verified_attributes }}',
'{{ device_configuration }}',
'{{ email_configuration }}',
'{{ email_verification_message }}',
'{{ email_verification_subject }}',
'{{ deletion_protection }}',
'{{ lambda_config }}',
'{{ mfa_configuration }}',
'{{ enabled_mfas }}',
'{{ sms_authentication_message }}',
'{{ email_authentication_message }}',
'{{ email_authentication_subject }}',
'{{ sms_configuration }}',
'{{ sms_verification_message }}',
'{{ web_authn_relying_party_id }}',
'{{ web_authn_user_verification }}',
'{{ schema }}',
'{{ username_configuration }}',
'{{ user_attribute_update_settings }}',
'{{ user_pool_tags }}',
'{{ verification_message_template }}',
'{{ user_pool_add_ons }}',
'{{ user_pool_tier }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: user_pool
props:
- name: user_pool_name
value: '{{ user_pool_name }}'
- name: policies
value:
password_policy:
minimum_length: '{{ minimum_length }}'
require_lowercase: '{{ require_lowercase }}'
require_numbers: '{{ require_numbers }}'
require_symbols: '{{ require_symbols }}'
require_uppercase: '{{ require_uppercase }}'
temporary_password_validity_days: '{{ temporary_password_validity_days }}'
password_history_size: '{{ password_history_size }}'
sign_in_policy:
allowed_first_auth_factors:
- '{{ allowed_first_auth_factors[0] }}'
- name: account_recovery_setting
value:
recovery_mechanisms:
- name: '{{ name }}'
priority: '{{ priority }}'
- name: admin_create_user_config
value:
allow_admin_create_user_only: '{{ allow_admin_create_user_only }}'
invite_message_template:
email_message: '{{ email_message }}'
email_subject: '{{ email_subject }}'
s_ms_message: '{{ s_ms_message }}'
unused_account_validity_days: '{{ unused_account_validity_days }}'
- name: alias_attributes
value:
- '{{ alias_attributes[0] }}'
- name: username_attributes
value:
- '{{ username_attributes[0] }}'
- name: auto_verified_attributes
value:
- '{{ auto_verified_attributes[0] }}'
- name: device_configuration
value:
challenge_required_on_new_device: '{{ challenge_required_on_new_device }}'
device_only_remembered_on_user_prompt: '{{ device_only_remembered_on_user_prompt }}'
- name: email_configuration
value:
reply_to_email_address: '{{ reply_to_email_address }}'
source_arn: '{{ source_arn }}'
from: '{{ from }}'
configuration_set: '{{ configuration_set }}'
email_sending_account: '{{ email_sending_account }}'
- name: email_verification_message
value: '{{ email_verification_message }}'
- name: email_verification_subject
value: '{{ email_verification_subject }}'
- name: deletion_protection
value: '{{ deletion_protection }}'
- name: lambda_config
value:
create_auth_challenge: '{{ create_auth_challenge }}'
custom_message: '{{ custom_message }}'
define_auth_challenge: '{{ define_auth_challenge }}'
post_authentication: '{{ post_authentication }}'
post_confirmation: '{{ post_confirmation }}'
pre_authentication: '{{ pre_authentication }}'
pre_sign_up: '{{ pre_sign_up }}'
verify_auth_challenge_response: '{{ verify_auth_challenge_response }}'
user_migration: '{{ user_migration }}'
pre_token_generation: '{{ pre_token_generation }}'
custom_email_sender:
lambda_version: '{{ lambda_version }}'
lambda_arn: '{{ lambda_arn }}'
custom_sm_ssender:
lambda_version: '{{ lambda_version }}'
lambda_arn: '{{ lambda_arn }}'
kms_key_id: '{{ kms_key_id }}'
pre_token_generation_config:
lambda_version: '{{ lambda_version }}'
lambda_arn: '{{ lambda_arn }}'
- name: mfa_configuration
value: '{{ mfa_configuration }}'
- name: enabled_mfas
value:
- '{{ enabled_mfas[0] }}'
- name: sms_authentication_message
value: '{{ sms_authentication_message }}'
- name: email_authentication_message
value: '{{ email_authentication_message }}'
- name: email_authentication_subject
value: '{{ email_authentication_subject }}'
- name: sms_configuration
value:
external_id: '{{ external_id }}'
sns_caller_arn: '{{ sns_caller_arn }}'
sns_region: '{{ sns_region }}'
- name: sms_verification_message
value: '{{ sms_verification_message }}'
- name: web_authn_relying_party_id
value: '{{ web_authn_relying_party_id }}'
- name: web_authn_user_verification
value: '{{ web_authn_user_verification }}'
- name: schema
value:
- attribute_data_type: '{{ attribute_data_type }}'
developer_only_attribute: '{{ developer_only_attribute }}'
mutable: '{{ mutable }}'
name: '{{ name }}'
number_attribute_constraints:
max_value: '{{ max_value }}'
min_value: '{{ min_value }}'
string_attribute_constraints:
max_length: '{{ max_length }}'
min_length: '{{ min_length }}'
required: '{{ required }}'
- name: username_configuration
value:
case_sensitive: '{{ case_sensitive }}'
- name: user_attribute_update_settings
value:
attributes_require_verification_before_update:
- '{{ attributes_require_verification_before_update[0] }}'
- name: user_pool_tags
value: {}
- name: verification_message_template
value:
default_email_option: '{{ default_email_option }}'
email_message: '{{ email_message }}'
email_message_by_link: '{{ email_message_by_link }}'
email_subject: '{{ email_subject }}'
email_subject_by_link: '{{ email_subject_by_link }}'
sms_message: '{{ sms_message }}'
- name: user_pool_add_ons
value:
advanced_security_mode: '{{ advanced_security_mode }}'
advanced_security_additional_flows:
custom_auth_mode: '{{ custom_auth_mode }}'
- name: user_pool_tier
value: '{{ user_pool_tier }}'
UPDATE example
Use the following StackQL query and manifest file to update a user_pool resource, using stack-deploy.
/*+ update */
UPDATE awscc.cognito.user_pools
SET PatchDocument = string('{{ {
"UserPoolName": user_pool_name,
"Policies": policies,
"AccountRecoverySetting": account_recovery_setting,
"AdminCreateUserConfig": admin_create_user_config,
"AliasAttributes": alias_attributes,
"UsernameAttributes": username_attributes,
"AutoVerifiedAttributes": auto_verified_attributes,
"DeviceConfiguration": device_configuration,
"EmailConfiguration": email_configuration,
"EmailVerificationMessage": email_verification_message,
"EmailVerificationSubject": email_verification_subject,
"DeletionProtection": deletion_protection,
"LambdaConfig": lambda_config,
"MfaConfiguration": mfa_configuration,
"EnabledMfas": enabled_mfas,
"SmsAuthenticationMessage": sms_authentication_message,
"EmailAuthenticationMessage": email_authentication_message,
"EmailAuthenticationSubject": email_authentication_subject,
"SmsConfiguration": sms_configuration,
"SmsVerificationMessage": sms_verification_message,
"WebAuthnRelyingPartyID": web_authn_relying_party_id,
"WebAuthnUserVerification": web_authn_user_verification,
"Schema": schema,
"UsernameConfiguration": username_configuration,
"UserAttributeUpdateSettings": user_attribute_update_settings,
"UserPoolTags": user_pool_tags,
"VerificationMessageTemplate": verification_message_template,
"UserPoolAddOns": user_pool_add_ons,
"UserPoolTier": user_pool_tier
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ user_pool_id }}';
DELETE example
/*+ delete */
DELETE FROM awscc.cognito.user_pools
WHERE
Identifier = '{{ user_pool_id }}' AND
region = 'us-east-1';
Permissions
To operate on the user_pools resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
cognito-idp:CreateUserPool,
iam:PassRole,
cognito-idp:SetUserPoolMfaConfig,
cognito-idp:DescribeUserPool,
kms:CreateGrant,
iam:CreateServiceLinkedRole,
cognito-idp:TagResource
cognito-idp:DescribeUserPool,
cognito-idp:GetUserPoolMfaConfig
cognito-idp:UpdateUserPool,
cognito-idp:ListTagsForResource,
cognito-idp:UntagResource,
cognito-idp:TagResource,
cognito-idp:SetUserPoolMfaConfig,
cognito-idp:AddCustomAttributes,
cognito-idp:DescribeUserPool,
cognito-idp:GetUserPoolMfaConfig,
iam:PassRole
cognito-idp:DeleteUserPool
cognito-idp:ListUserPools