UserPool

cognitoidentityprovider.services.k8s.aws/v1alpha1

Type	Link
GoDoc	cognitoidentityprovider-controller/apis/v1alpha1#UserPool

Metadata

Property	Value
Scope	Namespaced
Kind	`UserPool`
ListKind	`UserPoolList`
Plural	`userpools`
Singular	`userpool`

Spec

accountRecoverySetting: 
  recoveryMechanisms:
  - name: string
    priority: integer
adminCreateUserConfig: 
  allowAdminCreateUserOnly: boolean
  inviteMessageTemplate: 
    emailMessage: string
    emailSubject: string
    sMSMessage: string
  unusedAccountValidityDays: integer
aliasAttributes:
- string
autoVerifiedAttributes:
- string
deletionProtection: string
deviceConfiguration: 
  challengeRequiredOnNewDevice: boolean
  deviceOnlyRememberedOnUserPrompt: boolean
emailConfiguration: 
  configurationSet: string
  emailSendingAccount: string
  from: string
  replyToEmailAddress: string
  sourceARN: string
emailVerificationMessage: string
emailVerificationSubject: string
lambdaConfig: 
  createAuthChallenge: string
  customEmailSender: 
    lambdaARN: string
    lambdaVersion: string
  customMessage: string
  customSMSSender: 
    lambdaARN: string
    lambdaVersion: string
  defineAuthChallenge: string
  kmsKeyID: string
  postAuthentication: string
  postConfirmation: string
  preAuthentication: string
  preSignUp: string
  preTokenGeneration: string
  preTokenGenerationConfig: 
    lambdaARN: string
    lambdaVersion: string
  userMigration: string
  verifyAuthChallengeResponse: string
mfaConfiguration: string
name: string
policies: 
  passwordPolicy: 
    minimumLength: integer
    requireLowercase: boolean
    requireNumbers: boolean
    requireSymbols: boolean
    requireUppercase: boolean
    temporaryPasswordValidityDays: integer
schema:
- attributeDataType: string
  developerOnlyAttribute: boolean
  mutable: boolean
  name: string
  numberAttributeConstraints: 
    maxValue: string
    minValue: string
  required: boolean
  stringAttributeConstraints: 
    maxLength: string
    minLength: string
smsAuthenticationMessage: string
smsConfiguration: 
  externalID: string
  snsCallerARN: string
  snsRegion: string
smsVerificationMessage: string
tags: {}
userAttributeUpdateSettings: 
  attributesRequireVerificationBeforeUpdate:
  - string
userPoolAddOns: 
  advancedSecurityMode: string
userPoolTags: {}
usernameAttributes:
- string
usernameConfiguration: 
  caseSensitive: boolean
verificationMessageTemplate: 
  defaultEmailOption: string
  emailMessage: string
  emailMessageByLink: string
  emailSubject: string
  emailSubjectByLink: string
  smsMessage: string

Field	Description
accountRecoverySetting Optional	object The available verified method a user can use to recover their password when they call ForgotPassword. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn’t qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.
accountRecoverySetting.recoveryMechanisms Optional	array
accountRecoverySetting.recoveryMechanisms.[] Required	object A map containing a priority as a key, and recovery method name as a value.
accountRecoverySetting.recoveryMechanisms.[].priority Optional	integer
adminCreateUserConfig Optional	object The configuration for AdminCreateUser requests.
adminCreateUserConfig.allowAdminCreateUserOnly Optional	boolean
adminCreateUserConfig.inviteMessageTemplate Optional	object The message template structure.
adminCreateUserConfig.inviteMessageTemplate.emailMessage Optional	string
adminCreateUserConfig.inviteMessageTemplate.emailSubject Optional	string
adminCreateUserConfig.inviteMessageTemplate.sMSMessage Optional	string
adminCreateUserConfig.unusedAccountValidityDays Optional	integer
aliasAttributes Optional	array Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username.
aliasAttributes.[] Required	string
autoVerifiedAttributes.[] Required	string
deviceConfiguration Optional	object The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool. When you provide a value for any DeviceConfiguration field, you activate the Amazon Cognito device-remembering feature.
deviceConfiguration.challengeRequiredOnNewDevice Optional	boolean
deviceConfiguration.deviceOnlyRememberedOnUserPrompt Optional	boolean
emailConfiguration Optional	object The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
emailConfiguration.configurationSet Optional	string
emailConfiguration.emailSendingAccount Optional	string
emailConfiguration.from Optional	string
emailConfiguration.replyToEmailAddress Optional	string
emailConfiguration.sourceARN Optional	string
emailVerificationMessage Optional	string This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html).
emailVerificationSubject Optional	string This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html).
lambdaConfig Optional	object The Lambda trigger configuration information for the new user pool. In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function. For more information on using the Lambda API to add permission, see AddPermission (https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html). For adding permission using the CLI, see add-permission (https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html).
lambdaConfig.createAuthChallenge Optional	string
lambdaConfig.customEmailSender Optional	object The properties of a custom email sender Lambda trigger.
lambdaConfig.customEmailSender.lambdaARN Optional	string
lambdaConfig.customEmailSender.lambdaVersion Optional	string
lambdaConfig.customMessage Optional	string
lambdaConfig.customSMSSender Optional	object The properties of a custom SMS sender Lambda trigger.
lambdaConfig.customSMSSender.lambdaARN Optional	string
lambdaConfig.customSMSSender.lambdaVersion Optional	string
lambdaConfig.defineAuthChallenge Optional	string
lambdaConfig.kmsKeyID Optional	string
lambdaConfig.postAuthentication Optional	string
lambdaConfig.postConfirmation Optional	string
lambdaConfig.preAuthentication Optional	string
lambdaConfig.preSignUp Optional	string
lambdaConfig.preTokenGeneration Optional	string
lambdaConfig.preTokenGenerationConfig Optional	object The properties of a pre token generation Lambda trigger.
lambdaConfig.preTokenGenerationConfig.lambdaARN Optional	string
lambdaConfig.preTokenGenerationConfig.lambdaVersion Optional	string
lambdaConfig.userMigration Optional	string
lambdaConfig.verifyAuthChallengeResponse Optional	string
mfaConfiguration Optional	string Specifies MFA configuration details.
name Required	string A string used to name the user pool.
policies Optional	object The policies associated with the new user pool.
policies.passwordPolicy Optional	object The password policy type.
policies.passwordPolicy.minimumLength Optional	integer
policies.passwordPolicy.requireLowercase Optional	boolean
policies.passwordPolicy.requireNumbers Optional	boolean
policies.passwordPolicy.requireSymbols Optional	boolean
policies.passwordPolicy.requireUppercase Optional	boolean
policies.passwordPolicy.temporaryPasswordValidityDays Optional	integer
schema Optional	array An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.
schema.[] Required	object A list of the user attributes and their properties in your user pool. The
attribute schema contains standard attributes, custom attributes with a custom:
prefix, and developer attributes with a dev: prefix. For more information,
see User pool attributes (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html).

Developer-only attributes are a legacy feature of user pools, are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead. || schema.[].attributeDataType
Optional | string
| | schema.[].developerOnlyAttribute
Optional | boolean
| | schema.[].mutable
Optional | boolean
| | schema.[].name
Optional | string
| | schema.[].numberAttributeConstraints
Optional | object
The minimum and maximum values of an attribute that is of the number data
type. | | schema.[].numberAttributeConstraints.maxValue
Optional | string
| | schema.[].numberAttributeConstraints.minValue
Optional | string
| | schema.[].required
Optional | boolean
| | schema.[].stringAttributeConstraints
Optional | object
The constraints associated with a string attribute. | | schema.[].stringAttributeConstraints.maxLength
Optional | string
| | schema.[].stringAttributeConstraints.minLength
Optional | string
| | smsAuthenticationMessage
Optional | string
A string representing the SMS authentication message. | | smsConfiguration
Optional | object
The SMS configuration with the settings that your Amazon Cognito user pool
must use to send an SMS message from your Amazon Web Services account through
Amazon Simple Notification Service. To send SMS messages with Amazon SNS
in the Amazon Web Services Region that you want, the Amazon Cognito user
pool uses an Identity and Access Management (IAM) role in your Amazon Web
Services account. | | smsConfiguration.externalID
Optional | string
| | smsConfiguration.snsCallerARN
Optional | string
| | smsConfiguration.snsRegion
Optional | string
| | smsVerificationMessage
Optional | string
This parameter is no longer used. See VerificationMessageTemplateType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html). | | tags
Optional | object
The tags to assign to the user pool. | | userAttributeUpdateSettings
Optional | object
The settings for updates to user attributes. These settings include the property
AttributesRequireVerificationBeforeUpdate, a user-pool setting that tells
Amazon Cognito how to handle changes to the value of your users' email address
and phone number attributes. For more information, see Verifying updates
to email addresses and phone numbers (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates). | | userAttributeUpdateSettings.attributesRequireVerificationBeforeUpdate
Optional | array
| | userAttributeUpdateSettings.attributesRequireVerificationBeforeUpdate.[]
Required | string
|| userPoolAddOns
Optional | object
User pool add-ons. Contains settings for activation of advanced security
features. To log user security information but take no action, set to AUDIT.
To configure automatic security responses to risky traffic to your user pool,
set to ENFORCED.

For more information, see Adding advanced security to a user pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html). | | userPoolAddOns.advancedSecurityMode
Optional | string
| | userPoolTags
Optional | object
The tag keys and values to assign to the user pool. A tag is a label that
you can use to categorize and manage user pools in different ways, such as
by purpose, owner, environment, or other criteria. | | usernameAttributes
Optional | array
Specifies whether a user can use an email address or phone number as a username
when they sign up. | | usernameAttributes.[]
Required | string
|| usernameConfiguration
Optional | object
Case sensitivity on the username input for the selected sign-in option. When
case sensitivity is set to False (case insensitive), users can sign in with
any combination of capital and lowercase letters. For example, username,
USERNAME, or UserName, or for email, email@example.com or EMaiL@eXamplE.Com.
For most use cases, set case sensitivity to False (case insensitive) as a
best practice. When usernames and email addresses are case insensitive, Amazon
Cognito treats any variation in case as the same user, and prevents a case
variation from being assigned to the same attribute for a different user.

This configuration is immutable after you set it. For more information, see
UsernameConfigurationType (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html). | | usernameConfiguration.caseSensitive
Optional | boolean
| | verificationMessageTemplate
Optional | object
The template for the verification message that the user sees when the app
requests permission to access the user’s information. | | verificationMessageTemplate.defaultEmailOption
Optional | string
| | verificationMessageTemplate.emailMessage
Optional | string
| | verificationMessageTemplate.emailMessageByLink
Optional | string
| | verificationMessageTemplate.emailSubject
Optional | string
| | verificationMessageTemplate.emailSubjectByLink
Optional | string
| | verificationMessageTemplate.smsMessage
Optional | string
|

Status

ackResourceMetadata: 
  arn: string
  ownerAccountID: string
  region: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
creationDate: string
customDomain: string
domain: string
emailConfigurationFailure: string
estimatedNumberOfUsers: integer
id: string
lastModifiedDate: string
schemaAttributes:
- attributeDataType: string
  developerOnlyAttribute: boolean
  mutable: boolean
  name: string
  numberAttributeConstraints: 
    maxValue: string
    minValue: string
  required: boolean
  stringAttributeConstraints: 
    maxLength: string
    minLength: string
smsConfigurationFailure: string
status: string

Field	Description
ackResourceMetadata Optional	object All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource
ackResourceMetadata.arn Optional	string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. https://github.com/aws/aws-controllers-k8s/issues/270
ackResourceMetadata.ownerAccountID Required	string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.
ackResourceMetadata.region Required	string Region is the AWS region in which the resource exists or will exist.
conditions Optional	array All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource
conditions.[] Required	object Condition is the common struct used by all CRDs managed by ACK service
controllers to indicate terminal states of the CR and its backend AWS
service API resource
conditions.[].message Optional	string A human readable message indicating details about the transition.
conditions.[].reason Optional	string The reason for the condition’s last transition.
conditions.[].status Optional	string Status of the condition, one of True, False, Unknown.
conditions.[].type Optional	string Type is the type of the Condition
creationDate Optional	string The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.
customDomain Optional	string A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. An example of a custom domain name might be auth.example.com. For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html).
domain Optional	string The domain prefix, if the user pool has a domain associated with it.
emailConfigurationFailure Optional	string Deprecated. Review error codes from API requests with EventSource:cognito-idp.amazonaws.com in CloudTrail for information about problems with user pool email configuration.
estimatedNumberOfUsers Optional	integer A number estimating the size of the user pool.
id Optional	string The ID of the user pool.
lastModifiedDate Optional	string The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.
schemaAttributes Optional	array A list of the user attributes and their properties in your user pool. The attribute schema contains standard attributes, custom attributes with a custom: prefix, and developer attributes with a dev: prefix. For more information, see User pool attributes (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html). Developer-only attributes are a legacy feature of user pools, are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.
schemaAttributes.[] Required	object A list of the user attributes and their properties in your user pool. The
attribute schema contains standard attributes, custom attributes with a custom:
prefix, and developer attributes with a dev: prefix. For more information,
see User pool attributes (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html).

UserPool

Metadata#

Spec#

Status#

Metadata

Spec

Status