Package software.amazon.awscdk.services.cognito

Class UserPool.Builder

java.lang.Object
software.amazon.awscdk.services.cognito.UserPool.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<UserPool>
Enclosing class:
UserPool
@Stability(Stable) public static final class UserPool.Builder extends Object implements software.amazon.jsii.Builder<UserPool>
A fluent builder for UserPool.

  • Method Details

    • create

      @Stability(Stable) public static UserPool.Builder create(software.constructs.Construct scope, String id)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      Returns:
      a new instance of UserPool.Builder.

    • accountRecovery

      @Stability(Stable) public UserPool.Builder accountRecovery(AccountRecovery accountRecovery)
      How will a user be able to recover their account?

      Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL

      Parameters:
      accountRecovery - How will a user be able to recover their account?. This parameter is required.
      Returns:
      this

    • autoVerify

      @Stability(Stable) public UserPool.Builder autoVerify(AutoVerifiedAttrs autoVerify)
      Attributes which Cognito will look to verify automatically upon user sign up.

      EMAIL and PHONE are the only available options.

      Default: - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default. If absent, no attributes will be auto-verified.

      Parameters:
      autoVerify - Attributes which Cognito will look to verify automatically upon user sign up. This parameter is required.
      Returns:
      this

    • customAttributes

      @Stability(Stable) public UserPool.Builder customAttributes(Map<String,? extends ICustomAttribute> customAttributes)
      Define a set of custom attributes that can be configured for each user in the user pool.

      Default: - No custom attributes.

      Parameters:
      customAttributes - Define a set of custom attributes that can be configured for each user in the user pool. This parameter is required.
      Returns:
      this

    • customSenderKmsKey

      @Stability(Stable) public UserPool.Builder customSenderKmsKey(IKey customSenderKmsKey)
      This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.

      Default: - no key ID configured

      Parameters:
      customSenderKmsKey - This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates. This parameter is required.
      Returns:
      this
      See Also:

    • deviceTracking

      @Stability(Stable) public UserPool.Builder deviceTracking(DeviceTracking deviceTracking)
      Device tracking settings.

      Default: - see defaults on each property of DeviceTracking.

      Parameters:
      deviceTracking - Device tracking settings. This parameter is required.
      Returns:
      this

    • email

      @Stability(Stable) public UserPool.Builder email(UserPoolEmail email)
      Email settings for a user pool.

      Default: - cognito will use the default email configuration

      Parameters:
      email - Email settings for a user pool. This parameter is required.
      Returns:
      this

    • emailSettings

      @Stability(Deprecated) @Deprecated public UserPool.Builder emailSettings(EmailSettings emailSettings)
      Deprecated.
      Use 'email' instead.
      (deprecated) Email settings for a user pool.

      Default: - see defaults on each property of EmailSettings.

      Parameters:
      emailSettings - Email settings for a user pool. This parameter is required.
      Returns:
      this

    • enableSmsRole

      @Stability(Stable) public UserPool.Builder enableSmsRole(Boolean enableSmsRole)
      Setting this would explicitly enable or disable SMS role creation.

      When left unspecified, CDK will determine based on other properties if a role is needed or not.

      Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.

      Parameters:
      enableSmsRole - Setting this would explicitly enable or disable SMS role creation. This parameter is required.
      Returns:
      this

    • lambdaTriggers

      @Stability(Stable) public UserPool.Builder lambdaTriggers(UserPoolTriggers lambdaTriggers)
      Lambda functions to use for supported Cognito triggers.

      Default: - No Lambda triggers.

      Parameters:
      lambdaTriggers - Lambda functions to use for supported Cognito triggers. This parameter is required.
      Returns:
      this
      See Also:

    • mfa

      @Stability(Stable) public UserPool.Builder mfa(Mfa mfa)
      Configure whether users of this user pool can or are required use MFA to sign in.

      Default: Mfa.OFF

      Parameters:
      mfa - Configure whether users of this user pool can or are required use MFA to sign in. This parameter is required.
      Returns:
      this

    • mfaMessage

      @Stability(Stable) public UserPool.Builder mfaMessage(String mfaMessage)
      The SMS message template sent during MFA verification.

      Use '{####}' in the template where Cognito should insert the verification code.

      Default: 'Your authentication code is {####}.'

      Parameters:
      mfaMessage - The SMS message template sent during MFA verification. This parameter is required.
      Returns:
      this

    • mfaSecondFactor

      @Stability(Stable) public UserPool.Builder mfaSecondFactor(MfaSecondFactor mfaSecondFactor)
      Configure the MFA types that users can use in this user pool.

      Ignored if mfa is set to OFF.

      Default: - { sms: true, otp: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`. { sms: false, otp: false }, otherwise

      Parameters:
      mfaSecondFactor - Configure the MFA types that users can use in this user pool. This parameter is required.
      Returns:
      this

    • passwordPolicy

      @Stability(Stable) public UserPool.Builder passwordPolicy(PasswordPolicy passwordPolicy)
      Password policy for this user pool.

      Default: - see defaults on each property of PasswordPolicy.

      Parameters:
      passwordPolicy - Password policy for this user pool. This parameter is required.
      Returns:
      this

    • removalPolicy

      @Stability(Stable) public UserPool.Builder removalPolicy(RemovalPolicy removalPolicy)
      Policy to apply when the user pool is removed from the stack.

      Default: RemovalPolicy.RETAIN

      Parameters:
      removalPolicy - Policy to apply when the user pool is removed from the stack. This parameter is required.
      Returns:
      this

    • selfSignUpEnabled

      @Stability(Stable) public UserPool.Builder selfSignUpEnabled(Boolean selfSignUpEnabled)
      Whether self sign up should be enabled.

      This can be further configured via the selfSignUp property.

      Default: false

      Parameters:
      selfSignUpEnabled - Whether self sign up should be enabled. This parameter is required.
      Returns:
      this

    • signInAliases

      @Stability(Stable) public UserPool.Builder signInAliases(SignInAliases signInAliases)
      Methods in which a user registers or signs in to a user pool.

      Allows either username with aliases OR sign in with email, phone, or both.

      Read the sections on usernames and aliases to learn more - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      To match with 'Option 1' in the above link, with a verified email, this property should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

      Default: { username: true }

      Parameters:
      signInAliases - Methods in which a user registers or signs in to a user pool. This parameter is required.
      Returns:
      this

    • signInCaseSensitive

      @Stability(Stable) public UserPool.Builder signInCaseSensitive(Boolean signInCaseSensitive)
      Whether sign-in aliases should be evaluated with case sensitivity.

      For example, when this option is set to false, users will be able to sign in using either MyUsername or myusername.

      Default: true

      Parameters:
      signInCaseSensitive - Whether sign-in aliases should be evaluated with case sensitivity. This parameter is required.
      Returns:
      this

    • smsRole

      @Stability(Stable) public UserPool.Builder smsRole(IRole smsRole)
      The IAM role that Cognito will assume while sending SMS messages.

      Default: - a new IAM role is created

      Parameters:
      smsRole - The IAM role that Cognito will assume while sending SMS messages. This parameter is required.
      Returns:
      this

    • smsRoleExternalId

      @Stability(Stable) public UserPool.Builder smsRoleExternalId(String smsRoleExternalId)
      The 'ExternalId' that Cognito service must using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional.

      Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html

      This property will be ignored if smsRole is not specified.

      Default: - No external id will be configured

      Parameters:
      smsRoleExternalId - The 'ExternalId' that Cognito service must using when assuming the smsRole, if the role is restricted with an 'sts:ExternalId' conditional. This parameter is required.
      Returns:
      this

    • snsRegion

      @Stability(Stable) public UserPool.Builder snsRegion(String snsRegion)
      The region to integrate with SNS to send SMS messages.

      This property will do nothing if SMS configuration is not configured

      Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time

      Parameters:
      snsRegion - The region to integrate with SNS to send SMS messages. This parameter is required.
      Returns:
      this

    • standardAttributes

      @Stability(Stable) public UserPool.Builder standardAttributes(StandardAttributes standardAttributes)
      The set of attributes that are required for every user in the user pool.

      Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html

      Default: - All standard attributes are optional and mutable.

      Parameters:
      standardAttributes - The set of attributes that are required for every user in the user pool. This parameter is required.
      Returns:
      this

    • userInvitation

      @Stability(Stable) public UserPool.Builder userInvitation(UserInvitationConfig userInvitation)
      Configuration around admins signing up users into a user pool.

      Default: - see defaults in UserInvitationConfig

      Parameters:
      userInvitation - Configuration around admins signing up users into a user pool. This parameter is required.
      Returns:
      this

    • userPoolName

      @Stability(Stable) public UserPool.Builder userPoolName(String userPoolName)
      Name of the user pool.

      Default: - automatically generated name by CloudFormation at deploy time

      Parameters:
      userPoolName - Name of the user pool. This parameter is required.
      Returns:
      this

    • userVerification

      @Stability(Stable) public UserPool.Builder userVerification(UserVerificationConfig userVerification)
      Configuration around users signing themselves up to the user pool.

      Enable or disable self sign-up via the selfSignUpEnabled property.

      Default: - see defaults in UserVerificationConfig

      Parameters:
      userVerification - Configuration around users signing themselves up to the user pool. This parameter is required.
      Returns:
      this

    • build

      @Stability(Stable) public UserPool build()
      Specified by:
      build in interface software.amazon.jsii.Builder<UserPool>
      Returns:
      a newly built instance of UserPool.