- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
account_id
Type: STRING
account_recovery_setting
Type: STRUCT
Provider name: AccountRecoverySetting
Description: The available verified method a user can use to recover their password when they call ForgotPassword
. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
recovery_mechanisms
UNORDERED_LIST_STRUCT
RecoveryMechanisms
RecoveryOptionTypes
.name
STRING
Name
priority
INT32
Priority
admin_create_user_config
Type: STRUCT
Provider name: AdminCreateUserConfig
Description: The configuration for AdminCreateUser
requests.
allow_admin_create_user_only
BOOLEAN
AllowAdminCreateUserOnly
True
if only the administrator is allowed to create user profiles. Set to False
if users can sign themselves up via an app.invite_message_template
STRUCT
InviteMessageTemplate
email_message
STRING
EmailMessage
email_subject
STRING
EmailSubject
sms_message
STRING
SMSMessage
unused_account_validity_days
INT32
UnusedAccountValidityDays
AdminCreateUser
again, specifying “RESEND”
for the MessageAction
parameter. The default value for this parameter is 7. TemporaryPasswordValidityDays
in PasswordPolicy
, that value will be used, and UnusedAccountValidityDays
will be no longer be an available parameter for that user pool.alias_attributes
Type: UNORDERED_LIST_STRING
Provider name: AliasAttributes
Description: The attributes that are aliased in a user pool.
arn
Type: STRING
Provider name: Arn
Description: The Amazon Resource Name (ARN) for the user pool.
auto_verified_attributes
Type: UNORDERED_LIST_STRING
Provider name: AutoVerifiedAttributes
Description: The attributes that are auto-verified in a user pool.
creation_date
Type: TIMESTAMP
Provider name: CreationDate
Description: The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date
object.
custom_domain
Type: STRING
Provider name: CustomDomain
Description: A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. An example of a custom domain name might be auth.example.com
. For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.
deletion_protection
Type: STRING
Provider name: DeletionProtection
Description: When active, DeletionProtection
prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. When you try to delete a protected user pool in a DeleteUserPool
API request, Amazon Cognito returns an InvalidParameterException
error. To delete a protected user pool, send a new DeleteUserPool
request after you deactivate deletion protection in an UpdateUserPool
API request.
device_configuration
Type: STRUCT
Provider name: DeviceConfiguration
Description: The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool. DeviceConfiguration
field, you activate the Amazon Cognito device-remembering feature.
challenge_required_on_new_device
BOOLEAN
ChallengeRequiredOnNewDevice
ChallengeRequiredOnNewDevice
is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.device_only_remembered_on_user_prompt
BOOLEAN
DeviceOnlyRememberedOnUserPrompt
DeviceOnlyRememberedOnUserPrompt
is false
, Amazon Cognito immediately remembers devices that you register in a ConfirmDevice
API request.domain
Type: STRING
Provider name: Domain
Description: The domain prefix, if the user pool has a domain associated with it.
email_configuration
Type: STRUCT
Provider name: EmailConfiguration
Description: The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
configuration_set
STRING
ConfigurationSet
email_sending_account
STRING
EmailSendingAccount
no-reply@verificationemail.com
. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the SourceArn
parameter.SourceArn
parameter. Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of role in your Amazon Web Services account. This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.from
STRING
From
testuser@example.com
or Test User <testuser@example.com>
. This address appears before the body of the email.reply_to_email_address
STRING
ReplyToEmailAddress
source_arn
STRING
SourceArn
SourceArn
email from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for the EmailSendingAccount
parameter:COGNITO_DEFAULT
, Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.DEVELOPER
, Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.SourceArn
parameter must indicate a supported Amazon Web Services Region of your user pool. Typically, the Region in the SourceArn
and the user pool Region are the same. For more information, see Amazon SES email configuration regions in the Amazon Cognito Developer Guide.email_configuration_failure
Type: STRING
Provider name: EmailConfigurationFailure
Description: Deprecated. Review error codes from API requests with EventSource:cognito-idp.amazonaws.com
in CloudTrail for information about problems with user pool email configuration.
email_verification_message
Type: STRING
Provider name: EmailVerificationMessage
Description: This parameter is no longer used. See VerificationMessageTemplateType.
email_verification_subject
Type: STRING
Provider name: EmailVerificationSubject
Description: This parameter is no longer used. See VerificationMessageTemplateType.
estimated_number_of_users
Type: INT32
Provider name: EstimatedNumberOfUsers
Description: A number estimating the size of the user pool.
id
Type: STRING
Provider name: Id
Description: The ID of the user pool.
lambda_config
Type: STRUCT
Provider name: LambdaConfig
Description: The Lambda triggers associated with the user pool.
create_auth_challenge
STRING
CreateAuthChallenge
custom_email_sender
STRUCT
CustomEmailSender
lambda_arn
STRING
LambdaArn
lambda_version
STRING
LambdaVersion
LambdaVersion
of V1_0
with a custom sender function.custom_message
STRING
CustomMessage
custom_sms_sender
STRUCT
CustomSMSSender
lambda_arn
STRING
LambdaArn
lambda_version
STRING
LambdaVersion
LambdaVersion
of V1_0
with a custom sender function.define_auth_challenge
STRING
DefineAuthChallenge
kms_key_id
STRING
KMSKeyID
CustomEmailSender
and CustomSMSSender
.post_authentication
STRING
PostAuthentication
post_confirmation
STRING
PostConfirmation
pre_authentication
STRING
PreAuthentication
pre_sign_up
STRING
PreSignUp
pre_token_generation
STRING
PreTokenGeneration
PreTokenGenerationConfig
, its value must be identical to PreTokenGeneration
. For new instances of pre token generation triggers, set the LambdaArn
of PreTokenGenerationConfig
. You can set
pre_token_generation_config
STRUCT
PreTokenGenerationConfig
PreTokenGeneration
, its value must be identical to PreTokenGenerationConfig
.lambda_arn
STRING
LambdaArn
PreTokenGeneration
property of LambdaConfig
have the same value. For new instances of pre token generation triggers, set LambdaArn
.lambda_version
STRING
LambdaVersion
user_migration
STRING
UserMigration
verify_auth_challenge_response
STRING
VerifyAuthChallengeResponse
last_modified_date
Type: TIMESTAMP
Provider name: LastModifiedDate
Description: The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date
object.
mfa_configuration
Type: STRING
Provider name: MfaConfiguration
Description: Can be one of the following values:
OFF
- MFA tokens aren’t required and can’t be specified during user registration.ON
- MFA tokens are required for all user registrations. You can only specify required when you’re initially creating a user pool.OPTIONAL
- Users have the option when registering to create an MFA token.name
Type: STRING
Provider name: Name
Description: The name of the user pool.
policies
Type: STRUCT
Provider name: Policies
Description: The policies associated with the user pool.
password_policy
STRUCT
PasswordPolicy
minimum_length
INT32
MinimumLength
require_lowercase
BOOLEAN
RequireLowercase
require_numbers
BOOLEAN
RequireNumbers
require_symbols
BOOLEAN
RequireSymbols
require_uppercase
BOOLEAN
RequireUppercase
temporary_password_validity_days
INT32
TemporaryPasswordValidityDays
7
. If you submit a value of 0
, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays
to its default value. TemporaryPasswordValidityDays
for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays
parameter in that user pool.providers
Type: UNORDERED_LIST_STRUCT
Provider name: Providers
Description: A list of IdP objects.
creation_date
TIMESTAMP
CreationDate
Date
object.last_modified_date
TIMESTAMP
LastModifiedDate
provider_name
STRING
ProviderName
provider_type
STRING
ProviderType
schema_attributes
Type: UNORDERED_LIST_STRUCT
Provider name: SchemaAttributes
Description: A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a custom:
prefix, and developer attributes with a dev:
prefix. For more information, see User pool attributes. Developer-only attributes are a legacy feature of user pools, are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.
attribute_data_type
STRING
AttributeDataType
AttributeDataType
, Amazon Cognito validates the input against the data type. A custom attribute value in your user’s ID token is always a string, for example “custom:isMember” : “true”
or “custom:YearsAsMember” : “12”
.developer_only_attribute
BOOLEAN
DeveloperOnlyAttribute
DeveloperOnlyAttribute
. DeveloperOnlyAttribute
can be modified using AdminUpdateUserAttributes but can’t be updated using UpdateUserAttributes.mutable
BOOLEAN
Mutable
true
. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool.name
STRING
Name
Name
value of MyAttribute
, Amazon Cognito creates the custom attribute custom:MyAttribute
. When DeveloperOnlyAttribute
is true
, Amazon Cognito creates your attribute as dev:MyAttribute
. In an operation that describes a user pool, Amazon Cognito returns this value as value
for standard attributes, custom:value
for custom attributes, and dev:value
for developer-only attributes..number_attribute_constraints
STRUCT
NumberAttributeConstraints
max_value
STRING
MaxValue
2^1023
, represented as a string with a length of 131072 characters or fewer.min_value
STRING
MinValue
required
BOOLEAN
Required
string_attribute_constraints
STRUCT
StringAttributeConstraints
max_length
STRING
MaxLength
2^1023
, represented as a string with a length of 131072 characters or fewer.min_length
STRING
MinLength
sms_authentication_message
Type: STRING
Provider name: SmsAuthenticationMessage
Description: The contents of the SMS authentication message.
sms_configuration
Type: STRUCT
Provider name: SmsConfiguration
Description: The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
external_id
STRING
ExternalId
ExternalId
with the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId
, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide the ExternalID
. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of the ExternalId
. For more information about the ExternalId
of a role, see How to use an external ID when granting access to your Amazon Web Services resources to a third partysns_caller_arn
STRING
SnsCallerArn
sns_region
STRING
SnsRegion
sms_configuration_failure
Type: STRING
Provider name: SmsConfigurationFailure
Description: The reason why the SMS configuration can’t send the messages to your users. This message might include comma-separated values to describe why your SMS configuration can’t send messages to user pool end users.
sms_verification_message
Type: STRING
Provider name: SmsVerificationMessage
Description: This parameter is no longer used. See VerificationMessageTemplateType.
status
Type: STRING
Provider name: Status
Description: This parameter is no longer used.
tags
Type: UNORDERED_LIST_STRING
user_attribute_update_settings
Type: STRUCT
Provider name: UserAttributeUpdateSettings
Description: The settings for updates to user attributes. These settings include the property AttributesRequireVerificationBeforeUpdate
, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users’ email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.
attributes_require_verification_before_update
UNORDERED_LIST_STRING
AttributesRequireVerificationBeforeUpdate
email_verified
or phone_number_verified
to true. When AttributesRequireVerificationBeforeUpdate
is false, your user pool doesn’t require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where AttributesRequireVerificationBeforeUpdate
is false, API operations that change attribute values can immediately update a user’s email
or phone_number
attribute.user_pool_add_ons
Type: STRUCT
Provider name: UserPoolAddOns
Description: User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to AUDIT
. To configure automatic security responses to risky traffic to your user pool, set to ENFORCED
. For more information, see Adding advanced security to a user pool.
advanced_security_mode
STRING
AdvancedSecurityMode
user_pool_tags
Type: MAP_STRING_STRING
Provider name: UserPoolTags
Description: The tags that are assigned to the user pool. A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
username_attributes
Type: UNORDERED_LIST_STRING
Provider name: UsernameAttributes
Description: Specifies whether a user can use an email address or phone number as a username when they sign up.
username_configuration
Type: STRUCT
Provider name: UsernameConfiguration
Description: Case sensitivity of the username input for the selected sign-in option. For example, when case sensitivity is set to False
, users can sign in using either “username” or “Username”. This configuration is immutable once it has been set. For more information, see UsernameConfigurationType.
case_sensitive
BOOLEAN
CaseSensitive
False
(case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name. Valid values include:True
, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.False
, users can sign in using username
, USERNAME
, or UserName
. This option also enables both preferred_username
and email
alias to be case insensitive, in addition to the username
attribute.verification_message_template
Type: STRUCT
Provider name: VerificationMessageTemplate
Description: The template for verification messages.
default_email_option
STRING
DefaultEmailOption
email_message
STRING
EmailMessage
EmailMessage
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration.email_message_by_link
STRING
EmailMessageByLink
EmailMessageByLink
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration.email_subject
STRING
EmailSubject
EmailSubject
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration.email_subject_by_link
STRING
EmailSubjectByLink
EmailSubjectByLink
template only if the value of EmailSendingAccount is DEVELOPER
. When your EmailSendingAccount is DEVELOPER
, your user pool sends email messages with your own Amazon SES configuration.sms_message
STRING
SmsMessage