@@ -29,6 +29,16 @@ other AWS services.
2929
3030This module is part of the [ AWS Cloud Development Kit] ( https://github.com/aws/aws-cdk ) project.
3131
32+ ## Table of Contents
33+
34+ - [ User Pools] ( #user-pools )
35+ - [ Sign Up] ( #sign-up )
36+ - [ Sign In] ( #sign-in )
37+ - [ Security] ( #security )
38+ - [ Multi-factor Authentication] ( #multi-factor-authentication )
39+ - [ Emails] ( #emails )
40+ - [ Import] ( #importing-user-pools )
41+
3242## User Pools
3343
3444User pools allow creating and managing your own directory of users that can sign up and sign in. They enable easy
@@ -162,15 +172,18 @@ When the `smsRole` property is specified, the `smsRoleExternalId` may also be sp
162172assume role policy should be configured to accept this value as the ExternalId. Learn more about [ ExternalId
163173here] ( https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html ) .
164174
165- User pools can be configured to enable MFA. It can either be turned off, set to optional or made required. Setting MFA
166- to optional means that individual users can choose to enable it.
175+ #### Multi-factor Authentication (MFA)
176+
177+ User pools can be configured to enable multi-factor authentication (MFA). It can either be turned off, set to optional
178+ or made required. Setting MFA to optional means that individual users can choose to enable it.
167179Additionally, the MFA code can be sent either via SMS text message or via a time-based software token.
168180See the [ documentation on MFA] ( https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html ) to
169181learn more.
170182
171183The following code snippet marks MFA for the user pool as required. This means that all users are required to
172184configure an MFA token and use it for sign in. It also allows for the users to use both SMS based MFA, as well,
173- time-based one time password.
185+ [ time-based one time password
186+ (TOTP)] ( https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html ) .
174187
175188``` ts
176189new UserPool (this , ' myuserpool'
@@ -206,12 +219,13 @@ new UserPool(this, 'myuserpool', {
206219});
207220```
208221
209- Note that, ` tempPasswordValidity ` can be specified only in days.
222+ Note that, ` tempPasswordValidity ` can be specified only in whole days. Specifying fractional days would throw an error .
210223
211224### Emails
212225
213226Cognito sends emails to users in the user pool, when particular actions take place, such as welcome emails, invitation
214227emails, password resets, etc. The address from which these emails are sent can be configured on the user pool.
228+ Read more about [ email settings here] ( https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html ) .
215229
216230``` ts
217231new UserPool (this , ' myuserpool'
@@ -224,9 +238,9 @@ new UserPool(this, 'myuserpool', {
224238```
225239
226240By default, user pools are configured to use Cognito's built-in email capability, but it can also be configured to use
227- Amazon SES, however, support for Amazon SES is not available in the CDK yet. You may use the [ cfn
228- layer ] ( https://docs.aws.amazon. com/cdk/latest/guide/cfn_layer.html ) to configure this. Read more about [ email settings
229- here ] ( https://docs.aws.amazon.com/cognito /latest/developerguide/user-pool-email .html ) .
241+ Amazon SES, however, support for Amazon SES is not available in the CDK yet. If you would like this to be implemented,
242+ give [ this issue ] ( https://github. com/aws/aws- cdk/issues/6768 ) a +1. Until then, you can use the [ cfn
243+ layer ] ( https://docs.aws.amazon.com/cdk /latest/guide/cfn_layer .html ) to configure this .
230244
231245### Importing User Pools
232246
0 commit comments