AWS::Cognito::UserPoolRiskConfigurationAttachment - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::Cognito::UserPoolRiskConfigurationAttachment

AWS::Cognito::UserPoolRiskConfigurationAttachment 资源设置用于 Amazon Cognito 高级安全功能的风险配置。

您可以为单个客户端(具有特定的 clientId)或所有客户端(将 clientId 设置为 ALL)指定风险配置。如果您指定 ALL,则将默认配置用于以前未设置风险配置的每个客户端。如果您为特定客户端指定风险配置,它将不再回退到 ALL 配置。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

属性

AccountTakeoverRiskConfiguration

账户接管风险配置对象,包括 NotifyConfiguration 对象以及在进行账户接管时要执行的 Actions

必需:否

类型AccountTakeoverRiskConfigurationType

Update requires: No interruption

ClientId

应用程序客户端 ID。您可以为单个客户端(具有特定的 ClientId)或所有客户端(通过将 ClientId 设置为 ALL)指定风险配置。

必需:是

类型:字符串

最低1

最高128

模式[\w+]+

Update requires: Replacement

CompromisedCredentialsRiskConfiguration

受损凭证风险配置对象,包括 EventFilterEventAction

必需:否

类型CompromisedCredentialsRiskConfigurationType

Update requires: No interruption

RiskExceptionConfiguration

用于覆盖风险决策的配置。

必需:否

类型RiskExceptionConfigurationType

Update requires: No interruption

UserPoolId

用户池 ID。

必需:是

类型:字符串

最低1

最高55

模式[\w-]+_[0-9a-zA-Z]+

Update requires: Replacement

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回 physicalResourceId,即“UserPoolRiskConfigurationAttachment-UserPoolId-ClientId”。例如:

{ "Ref": “UserPoolRiskConfigurationAttachment-us-east-1_FAKEPOOLID-2asc123fakeclientidajjulj6bh” }

对于 Amazon Cognito 风险配置附件 UserPoolRiskConfigurationAttachment-us-east-1_FAKEPOOLID-2asc123fakeclientidajjulj6bh,Ref 将返回该风险配置附件的名称。

For more information about using the Ref function, see Ref.

示例

为用户池创建新的风险配置附件

以下示例在引用的用户池和客户端中设置风险配置。

JSON

{ "UserPoolRiskConfiguration":{ "Type":"AWS::Cognito::UserPoolRiskConfigurationAttachment", "Properties":{ "UserPoolId":{ "Ref":"UserPool" }, "ClientId":{ "Ref":"Client" }, "AccountTakeoverRiskConfiguration":{ "Actions":{ "HighAction":{ "EventAction":"MFA_REQUIRED", "Notify":true, }, "MediumAction":{ "EventAction":"MFA_IF_CONFIGURED", "Notify":true }, "LowAction":{ "EventAction":{ "Ref":"EventAction" }, "Notify":false } }, "NotifyConfiguration":{ "BlockEmail":{ "HtmlBody":"html body", "Subject":"Your account got blocked", "TextBody":"Your account got blocked" }, "MfaEmail":{ "HtmlBody":"html body", "Subject":"Your account needs MFA verification", "TextBody":"Your account needs MFA verification" }, "NoActionEmail":{ "HtmlBody":{ "Ref":"HtmlBody" }, "Subject":{ "Ref":"Subject" }, "TextBody":{ "Ref":"TextBody" }, }, "From":"your-from-email@amazon.com", "SourceArn":{ "Ref":"SourceArn" }, "ReplyTo":"your-reply-to@amazon.com" } }, "CompromisedCredentialsRiskConfiguration":{ "Actions":{ "EventAction":"BLOCKED" }, "EventFilter":[ { "Ref":"EventFilter" }, ] }, "RiskExceptionConfiguration":{ "BlockedIPRangeList":[ "198.0.0.1" ], "SkippedIPRangeList":[ "198.0.0.1" ] } } } }

YAML

UserPoolRiskConfiguration: Type: AWS::Cognito::UserPoolRiskConfigurationAttachment Properties: UserPoolId: !Ref UserPool ClientId: !Ref Client AccountTakeoverRiskConfiguration: Actions: HighAction: EventAction: "MFA_REQUIRED" Notify: True MediumAction: EventAction: "MFA_IF_CONFIGURED" Notify: True LowAction: EventAction: !Ref LowEventAction Notify: False NotifyConfiguration: BlockEmail: HtmlBody: "html body" Subject: "Your account got blocked" TextBody: "Your account got blocked" MfaEmail: HtmlBody: "html body" Subject: "Your account needs MFA verification" TextBody: "Your account needs MFA verification" NoActionEmail: HtmlBody: !Ref HtmlBody Subject: !Ref Subject TextBody: !Ref TextBody From: "your-from-email@amazon.com" SourceArn: !Ref SourceArn ReplyTo: "your-reply-to@amazon.com" CompromisedCredentialsRiskConfiguration: Actions: EventAction: "BLOCKED" EventFilter: - !Ref EventFilter RiskExceptionConfiguration: BlockedIPRangeList: - "198.0.0.1" SkippedIPRangeList: - "198.0.0.1"