user_pools
Creates, updates, deletes or gets an user_pool resource or lists user_pools in a region
Overview
| Name | user_pools |
| Type | Resource |
| Description | Resource Type definition for AWS::Cognito::UserPool |
| Id | aws.cognito.user_pools |
Fields
| Name | Datatype | Description |
|---|---|---|
user_pool_name | string | |
policies | object | |
account_recovery_setting | object | |
admin_create_user_config | object | |
alias_attributes | array | |
username_attributes | array | |
auto_verified_attributes | array | |
device_configuration | object | |
email_configuration | object | |
email_verification_message | string | |
email_verification_subject | string | |
deletion_protection | string | |
lambda_config | object | |
mfa_configuration | string | |
enabled_mfas | array | |
sms_authentication_message | string | |
sms_configuration | object | |
sms_verification_message | string | |
schema | array | |
username_configuration | object | |
user_attribute_update_settings | object | |
user_pool_tags | object | |
verification_message_template | object | |
user_pool_add_ons | object | |
provider_name | string | |
provider_url | string | |
arn | string | |
user_pool_id | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all user_pools in a region.
SELECT
region,
user_pool_name,
policies,
account_recovery_setting,
admin_create_user_config,
alias_attributes,
username_attributes,
auto_verified_attributes,
device_configuration,
email_configuration,
email_verification_message,
email_verification_subject,
deletion_protection,
lambda_config,
mfa_configuration,
enabled_mfas,
sms_authentication_message,
sms_configuration,
sms_verification_message,
schema,
username_configuration,
user_attribute_update_settings,
user_pool_tags,
verification_message_template,
user_pool_add_ons,
provider_name,
provider_url,
arn,
user_pool_id
FROM aws.cognito.user_pools
WHERE region = 'us-east-1';
Gets all properties from an individual user_pool.
SELECT
region,
user_pool_name,
policies,
account_recovery_setting,
admin_create_user_config,
alias_attributes,
username_attributes,
auto_verified_attributes,
device_configuration,
email_configuration,
email_verification_message,
email_verification_subject,
deletion_protection,
lambda_config,
mfa_configuration,
enabled_mfas,
sms_authentication_message,
sms_configuration,
sms_verification_message,
schema,
username_configuration,
user_attribute_update_settings,
user_pool_tags,
verification_message_template,
user_pool_add_ons,
provider_name,
provider_url,
arn,
user_pool_id
FROM aws.cognito.user_pools
WHERE region = 'us-east-1' AND data__Identifier = '<UserPoolId>';
INSERT example
Use the following StackQL query and manifest file to create a new user_pool resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.cognito.user_pools (
UserPoolName,
Policies,
AccountRecoverySetting,
AdminCreateUserConfig,
AliasAttributes,
UsernameAttributes,
AutoVerifiedAttributes,
DeviceConfiguration,
EmailConfiguration,
EmailVerificationMessage,
EmailVerificationSubject,
DeletionProtection,
LambdaConfig,
MfaConfiguration,
EnabledMfas,
SmsAuthenticationMessage,
SmsConfiguration,
SmsVerificationMessage,
Schema,
UsernameConfiguration,
UserAttributeUpdateSettings,
UserPoolTags,
VerificationMessageTemplate,
UserPoolAddOns,
region
)
SELECT
'{{ UserPoolName }}',
'{{ Policies }}',
'{{ AccountRecoverySetting }}',
'{{ AdminCreateUserConfig }}',
'{{ AliasAttributes }}',
'{{ UsernameAttributes }}',
'{{ AutoVerifiedAttributes }}',
'{{ DeviceConfiguration }}',
'{{ EmailConfiguration }}',
'{{ EmailVerificationMessage }}',
'{{ EmailVerificationSubject }}',
'{{ DeletionProtection }}',
'{{ LambdaConfig }}',
'{{ MfaConfiguration }}',
'{{ EnabledMfas }}',
'{{ SmsAuthenticationMessage }}',
'{{ SmsConfiguration }}',
'{{ SmsVerificationMessage }}',
'{{ Schema }}',
'{{ UsernameConfiguration }}',
'{{ UserAttributeUpdateSettings }}',
'{{ UserPoolTags }}',
'{{ VerificationMessageTemplate }}',
'{{ UserPoolAddOns }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.cognito.user_pools (
UserPoolName,
Policies,
AccountRecoverySetting,
AdminCreateUserConfig,
AliasAttributes,
UsernameAttributes,
AutoVerifiedAttributes,
DeviceConfiguration,
EmailConfiguration,
EmailVerificationMessage,
EmailVerificationSubject,
DeletionProtection,
LambdaConfig,
MfaConfiguration,
EnabledMfas,
SmsAuthenticationMessage,
SmsConfiguration,
SmsVerificationMessage,
Schema,
UsernameConfiguration,
UserAttributeUpdateSettings,
UserPoolTags,
VerificationMessageTemplate,
UserPoolAddOns,
region
)
SELECT
'{{ UserPoolName }}',
'{{ Policies }}',
'{{ AccountRecoverySetting }}',
'{{ AdminCreateUserConfig }}',
'{{ AliasAttributes }}',
'{{ UsernameAttributes }}',
'{{ AutoVerifiedAttributes }}',
'{{ DeviceConfiguration }}',
'{{ EmailConfiguration }}',
'{{ EmailVerificationMessage }}',
'{{ EmailVerificationSubject }}',
'{{ DeletionProtection }}',
'{{ LambdaConfig }}',
'{{ MfaConfiguration }}',
'{{ EnabledMfas }}',
'{{ SmsAuthenticationMessage }}',
'{{ SmsConfiguration }}',
'{{ SmsVerificationMessage }}',
'{{ Schema }}',
'{{ UsernameConfiguration }}',
'{{ UserAttributeUpdateSettings }}',
'{{ UserPoolTags }}',
'{{ VerificationMessageTemplate }}',
'{{ UserPoolAddOns }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: user_pool
props:
- name: UserPoolName
value: '{{ UserPoolName }}'
- name: Policies
value:
PasswordPolicy:
MinimumLength: '{{ MinimumLength }}'
RequireLowercase: '{{ RequireLowercase }}'
RequireNumbers: '{{ RequireNumbers }}'
RequireSymbols: '{{ RequireSymbols }}'
RequireUppercase: '{{ RequireUppercase }}'
TemporaryPasswordValidityDays: '{{ TemporaryPasswordValidityDays }}'
- name: AccountRecoverySetting
value:
RecoveryMechanisms:
- Name: '{{ Name }}'
Priority: '{{ Priority }}'
- name: AdminCreateUserConfig
value:
AllowAdminCreateUserOnly: '{{ AllowAdminCreateUserOnly }}'
InviteMessageTemplate:
EmailMessage: '{{ EmailMessage }}'
EmailSubject: '{{ EmailSubject }}'
SMSMessage: '{{ SMSMessage }}'
UnusedAccountValidityDays: '{{ UnusedAccountValidityDays }}'
- name: AliasAttributes
value:
- '{{ AliasAttributes[0] }}'
- name: UsernameAttributes
value:
- '{{ UsernameAttributes[0] }}'
- name: AutoVerifiedAttributes
value:
- '{{ AutoVerifiedAttributes[0] }}'
- name: DeviceConfiguration
value:
ChallengeRequiredOnNewDevice: '{{ ChallengeRequiredOnNewDevice }}'
DeviceOnlyRememberedOnUserPrompt: '{{ DeviceOnlyRememberedOnUserPrompt }}'
- name: EmailConfiguration
value:
ReplyToEmailAddress: '{{ ReplyToEmailAddress }}'
SourceArn: '{{ SourceArn }}'
From: '{{ From }}'
ConfigurationSet: '{{ ConfigurationSet }}'
EmailSendingAccount: '{{ EmailSendingAccount }}'
- name: EmailVerificationMessage
value: '{{ EmailVerificationMessage }}'
- name: EmailVerificationSubject
value: '{{ EmailVerificationSubject }}'
- name: DeletionProtection
value: '{{ DeletionProtection }}'
- name: LambdaConfig
value:
CreateAuthChallenge: '{{ CreateAuthChallenge }}'
CustomMessage: '{{ CustomMessage }}'
DefineAuthChallenge: '{{ DefineAuthChallenge }}'
PostAuthentication: '{{ PostAuthentication }}'
PostConfirmation: '{{ PostConfirmation }}'
PreAuthentication: '{{ PreAuthentication }}'
PreSignUp: '{{ PreSignUp }}'
VerifyAuthChallengeResponse: '{{ VerifyAuthChallengeResponse }}'
UserMigration: '{{ UserMigration }}'
PreTokenGeneration: '{{ PreTokenGeneration }}'
CustomEmailSender:
LambdaVersion: '{{ LambdaVersion }}'
LambdaArn: '{{ LambdaArn }}'
CustomSMSSender:
LambdaVersion: '{{ LambdaVersion }}'
LambdaArn: '{{ LambdaArn }}'
KMSKeyID: '{{ KMSKeyID }}'
PreTokenGenerationConfig:
LambdaVersion: '{{ LambdaVersion }}'
LambdaArn: '{{ LambdaArn }}'
- name: MfaConfiguration
value: '{{ MfaConfiguration }}'
- name: EnabledMfas
value:
- '{{ EnabledMfas[0] }}'
- name: SmsAuthenticationMessage
value: '{{ SmsAuthenticationMessage }}'
- name: SmsConfiguration
value:
ExternalId: '{{ ExternalId }}'
SnsCallerArn: '{{ SnsCallerArn }}'
SnsRegion: '{{ SnsRegion }}'
- name: SmsVerificationMessage
value: '{{ SmsVerificationMessage }}'
- name: Schema
value:
- AttributeDataType: '{{ AttributeDataType }}'
DeveloperOnlyAttribute: '{{ DeveloperOnlyAttribute }}'
Mutable: '{{ Mutable }}'
Name: '{{ Name }}'
NumberAttributeConstraints:
MaxValue: '{{ MaxValue }}'
MinValue: '{{ MinValue }}'
StringAttributeConstraints:
MaxLength: '{{ MaxLength }}'
MinLength: '{{ MinLength }}'
Required: '{{ Required }}'
- name: UsernameConfiguration
value:
CaseSensitive: '{{ CaseSensitive }}'
- name: UserAttributeUpdateSettings
value:
AttributesRequireVerificationBeforeUpdate:
- '{{ AttributesRequireVerificationBeforeUpdate[0] }}'
- name: UserPoolTags
value: {}
- name: VerificationMessageTemplate
value:
DefaultEmailOption: '{{ DefaultEmailOption }}'
EmailMessage: '{{ EmailMessage }}'
EmailMessageByLink: '{{ EmailMessageByLink }}'
EmailSubject: '{{ EmailSubject }}'
EmailSubjectByLink: '{{ EmailSubjectByLink }}'
SmsMessage: '{{ SmsMessage }}'
- name: UserPoolAddOns
value:
AdvancedSecurityMode: '{{ AdvancedSecurityMode }}'
DELETE example
/*+ delete */
DELETE FROM aws.cognito.user_pools
WHERE data__Identifier = '<UserPoolId>'
AND region = 'us-east-1';
Permissions
To operate on the user_pools resource, the following permissions are required:
Create
cognito-idp:CreateUserPool,
iam:PassRole,
cognito-idp:SetUserPoolMfaConfig,
cognito-idp:DescribeUserPool,
kms:CreateGrant,
iam:CreateServiceLinkedRole
Read
cognito-idp:DescribeUserPool
Update
cognito-idp:UpdateUserPool,
cognito-idp:ListTagsForResource,
cognito-idp:UntagResource,
cognito-idp:TagResource,
cognito-idp:SetUserPoolMfaConfig,
cognito-idp:AddCustomAttributes,
cognito-idp:DescribeUserPool,
iam:PassRole
Delete
cognito-idp:DeleteUserPool
List
cognito-idp:ListUserPools