/AWS1/CL_CGP=>CREATEUSERPOOL()
¶
About CreateUserPool¶
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Method Signature¶
IMPORTING¶
Required arguments:¶
IV_POOLNAME
TYPE /AWS1/CGPUSERPOOLNAMETYPE
/AWS1/CGPUSERPOOLNAMETYPE
¶
A string used to name the user pool.
Optional arguments:¶
IO_POLICIES
TYPE REF TO /AWS1/CL_CGPUSERPOOLPOLICYTYPE
/AWS1/CL_CGPUSERPOOLPOLICYTYPE
¶
The policies associated with the new user pool.
IV_DELETIONPROTECTION
TYPE /AWS1/CGPDELETIONPROTECTIONT00
/AWS1/CGPDELETIONPROTECTIONT00
¶
When active,
DeletionProtection
prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature.When you try to delete a protected user pool in a
DeleteUserPool
API request, Amazon Cognito returns anInvalidParameterException
error. To delete a protected user pool, send a newDeleteUserPool
request after you deactivate deletion protection in anUpdateUserPool
API request.
IO_LAMBDACONFIG
TYPE REF TO /AWS1/CL_CGPLAMBDACONFIGTYPE
/AWS1/CL_CGPLAMBDACONFIGTYPE
¶
The Lambda trigger configuration information for the new user pool.
In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
For more information on using the Lambda API to add permission, see AddPermission .
For adding permission using the CLI, see add-permission .
IT_AUTOVERIFIEDATTRIBUTES
TYPE /AWS1/CL_CGPVERIFIEDATTRSLST00=>TT_VERIFIEDATTRIBUTESLISTTYPE
TT_VERIFIEDATTRIBUTESLISTTYPE
¶
The attributes to be auto-verified. Possible values: email, phone_number.
IT_ALIASATTRIBUTES
TYPE /AWS1/CL_CGPALIASATTRSLSTTYP00=>TT_ALIASATTRIBUTESLISTTYPE
TT_ALIASATTRIBUTESLISTTYPE
¶
Attributes supported as an alias for this user pool. Possible values: phone_number, email, or preferred_username.
IT_USERNAMEATTRIBUTES
TYPE /AWS1/CL_CGPUSERNAMEATTRSLST00=>TT_USERNAMEATTRIBUTESLISTTYPE
TT_USERNAMEATTRIBUTESLISTTYPE
¶
Specifies whether a user can use an email address or phone number as a username when they sign up.
IV_SMSVERIFICATIONMESSAGE
TYPE /AWS1/CGPSMSVERIFICATIONMSGT00
/AWS1/CGPSMSVERIFICATIONMSGT00
¶
This parameter is no longer used. See VerificationMessageTemplateType.
IV_EMAILVERIFICATIONMESSAGE
TYPE /AWS1/CGPEMAILVERIFICATIONMS00
/AWS1/CGPEMAILVERIFICATIONMS00
¶
This parameter is no longer used. See VerificationMessageTemplateType.
IV_EMAILVERIFICATIONSUBJECT
TYPE /AWS1/CGPEMAILVERIFICATIONSU00
/AWS1/CGPEMAILVERIFICATIONSU00
¶
This parameter is no longer used. See VerificationMessageTemplateType.
IO_VERIFICATIONMESSAGETMPL
TYPE REF TO /AWS1/CL_CGPVERIFICATIONMSGT00
/AWS1/CL_CGPVERIFICATIONMSGT00
¶
The template for the verification message that the user sees when the app requests permission to access the user's information.
IV_SMSAUTHENTICATIONMESSAGE
TYPE /AWS1/CGPSMSVERIFICATIONMSGT00
/AWS1/CGPSMSVERIFICATIONMSGT00
¶
A string representing the SMS authentication message.
IV_MFACONFIGURATION
TYPE /AWS1/CGPUSERPOOLMFATYPE
/AWS1/CGPUSERPOOLMFATYPE
¶
Specifies MFA configuration details.
IO_USERATTRUPDATESETTINGS
TYPE REF TO /AWS1/CL_CGPUSERATTRUPSTGSTYPE
/AWS1/CL_CGPUSERATTRUPSTGSTYPE
¶
The settings for updates to user attributes. These settings include the property
AttributesRequireVerificationBeforeUpdate
, a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see Verifying updates to email addresses and phone numbers.
IO_DEVICECONFIGURATION
TYPE REF TO /AWS1/CL_CGPDEVICECONFTYPE
/AWS1/CL_CGPDEVICECONFTYPE
¶
The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.
When you provide a value for any
DeviceConfiguration
field, you activate the Amazon Cognito device-remembering feature.
IO_EMAILCONFIGURATION
TYPE REF TO /AWS1/CL_CGPEMAILCONFTYPE
/AWS1/CL_CGPEMAILCONFTYPE
¶
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
IO_SMSCONFIGURATION
TYPE REF TO /AWS1/CL_CGPSMSCONFTYPE
/AWS1/CL_CGPSMSCONFTYPE
¶
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role in your Amazon Web Services account.
IT_USERPOOLTAGS
TYPE /AWS1/CL_CGPUSERPOOLTAGSTYPE_W=>TT_USERPOOLTAGSTYPE
TT_USERPOOLTAGSTYPE
¶
The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
IO_ADMINCREATEUSERCONFIG
TYPE REF TO /AWS1/CL_CGPADMINCREUSERCFGT00
/AWS1/CL_CGPADMINCREUSERCFGT00
¶
The configuration for
AdminCreateUser
requests.
IT_SCHEMA
TYPE /AWS1/CL_CGPSCHEMAATTRTYPE=>TT_SCHEMAATTRIBUTESLISTTYPE
TT_SCHEMAATTRIBUTESLISTTYPE
¶
An array of schema attributes for the new user pool. These attributes can be standard or custom attributes.
IO_USERPOOLADDONS
TYPE REF TO /AWS1/CL_CGPUSERPOOLADDONSTYPE
/AWS1/CL_CGPUSERPOOLADDONSTYPE
¶
User pool add-ons. Contains settings for activation of advanced security features. To log user security information but take no action, set to
AUDIT
. To configure automatic security responses to risky traffic to your user pool, set toENFORCED
.For more information, see Adding advanced security to a user pool.
IO_USERNAMECONFIGURATION
TYPE REF TO /AWS1/CL_CGPUSERNAMECONFTYPE
/AWS1/CL_CGPUSERNAMECONFTYPE
¶
Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set to
False
(case insensitive), users can sign in with any combination of capital and lowercase letters. For example,username
,USERNAME
, orUserName
, or for email,email@example.com
orEMaiL@eXamplE.Com
. For most use cases, set case sensitivity toFalse
(case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.This configuration is immutable after you set it. For more information, see UsernameConfigurationType.
IO_ACCOUNTRECOVERYSETTING
TYPE REF TO /AWS1/CL_CGPACCTRECSETTINGTYPE
/AWS1/CL_CGPACCTRECSETTINGTYPE
¶
The available verified method a user can use to recover their password when they call
ForgotPassword
. You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email.