Skip to content

Latest commit

 

History

History
78 lines (74 loc) · 10.7 KB

io.md

File metadata and controls

78 lines (74 loc) · 10.7 KB

Inputs

Name Description Type Default Required
advanced_security_mode Mode for advanced security, must be one of OFF, AUDIT or ENFORCED. string "OFF" no
alias_attributes Attributes supported as an alias for this user pool. Valid values: phone_number, email, or preferred_username. Conflicts with username_attributes. list(any) [] no
allow_software_mfa_token (Optional) Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA when 'sms_configuration' is not present, the 'mfa_configuration' argument must be set to OFF and the 'software_token_mfa_configuration' configuration block must be fully removed. bool true no
allow_unauthenticated_identities Whether the identity pool supports unauthenticated logins or not. bool false no
auto_verified_attributes Attributes to be auto-verified. Valid values: email, phone_number. list(any)
[
"email"
]
no
case_sensitive Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs. bool true no
client_access_token_validity (Optional) Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in 'default_client_token_validity_units'. number null no
client_allowed_oauth_flows (Optional) List of allowed OAuth flows. Possible flows are 'code', 'implicit', and 'client_credentials'. list(string) null no
client_allowed_oauth_flows_user_pool_client (Optional) Whether the client is allowed to follow the OAuth protocol when interacting with Cognito User Pools. bool null no
client_allowed_oauth_scopes (Optional) List of allowed OAuth scopes. Possible values are 'phone', 'email', 'openid', 'profile', and 'aws.cognito.signin.user.admin'. list(string) null no
client_callback_urls (Optional) List of allowed callback URLs for the identity providers. list(string) null no
client_default_redirect_uri (Optional) The default redirect URI. Must be in the list of callback URLs. string null no
client_enable_token_revocation (Optional) Enables or disables token revocation. bool null no
client_explicit_auth_flows (Optional) List of authentication flows. Possible values are 'ADMIN_NO_SRP_AUTH', 'CUSTOM_AUTH_FLOW_ONLY', 'USER_PASSWORD_AUTH', 'ALLOW_ADMIN_USER_PASSWORD_AUTH', 'ALLOW_CUSTOM_AUTH', 'ALLOW_USER_PASSWORD_AUTH', 'ALLOW_USER_SRP_AUTH', and 'ALLOW_REFRESH_TOKEN_AUTH'. list(string) null no
client_generate_secret Should an application secret be generated bool true no
client_id_token_validity (Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in 'default_client_token_validity_units'. number null no
client_logout_urls (Optional) List of allowed logout URLs for the identity providers. list(string) null no
client_name The name of the application client string null no
client_prevent_user_existence_errors (Optional) Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the Cognito User Pool. When set to 'ENABLED' and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to 'LEGACY', those APIs will return a 'UserNotFoundException' exception if the user does not exist in the Cognito User Pool. string null no
client_read_attributes (Optional) List of Cognito User Pool attributes the application client can read from. list(string)
[
"address",
"birthdate",
"email",
"email_verified",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
no
client_refresh_token_validity (Optional) The time limit in days refresh tokens are valid for. number 30 no
client_supported_identity_providers (Optional) List of provider names for the identity providers that are supported on this client. list(string) null no
client_token_validity_units (Optional) Configuration block for units in which the validity times are represented in. any null no
client_write_attributes (Optional) List of Cognito User Pool attributes the application client can write to. list(string)
[
"address",
"birthdate",
"email",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"phone_number",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo"
]
no
clients A container with the clients definitions any [] no
desired_delivery_mediums A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. list(string)
[
"EMAIL"
]
no
domain Cognito User Pool domain string null no
domain_certificate_arn The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain string null no
email_message n/a string "" no
email_subject The name of the email subject string "Sign up for <project_name>." no
enabled Flag to control the cognito creation. bool true no
environment Environment (e.g. prod, dev, staging). string "" no
label_order Label order, e.g. name,application. list(any) [] no
lambda_create_auth_challenge (Optional) The ARN of an AWS Lambda creating an authentication challenge. string null no
lambda_custom_message (Optional) The ARN of a custom message AWS Lambda trigger. string null no
lambda_define_auth_challenge (Optional) The ARN of an AWS Lambda that defines the authentication challenge. string null no
lambda_post_authentication (Optional) The ARN of a post-authentication AWS Lambda trigger. string null no
lambda_post_confirmation (Optional) The ARN of a post-confirmation AWS Lambda trigger. string null no
lambda_pre_authentication (Optional) The ARN of a pre-authentication AWS Lambda trigger. string null no
lambda_pre_sign_up (Optional) The ARN of a pre-registration AWS Lambda trigger. string null no
lambda_pre_token_generation (Optional) The ARN of an AWS Lambda that allows customization of identity token claims before token generation. string null no
lambda_user_migration (Optional) The ARN of the user migration AWS Lambda config type. string null no
lambda_verify_auth_challenge_response (Optional) The ARN of an AWS Lambda that verifies the authentication challenge response. string null no
managedby ManagedBy, eg 'CloudDrove' string "hello@clouddrove.com" no
mfa_configuration Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of OFF. Valid values are OFF, ON and OPTIONAL. string "OFF" no
minimum_length (Optional) The minimum length of the password policy that you have set. number 12 no
module_depends_on (Optional) A list of external resources the module depends_on. any [] no
name Name (e.g. app or cluster). string "" no
repository Terraform current module repo string "https://github.com/clouddrove/terraform-aws-cognito" no
require_lowercase (Optional) Whether you have required users to use at least one lowercase letter in their password. bool true no
require_numbers Whether you have required users to use at least one number in their password. bool true no
require_symbols Whether you have required users to use at least one symbol in their password. bool true no
require_uppercase Whether you have required users to use at least one uppercase letter in their password. bool true no
resource_servers A list of Resource Server configuration. list(any) [] no
schema_attributes (Optional) A list of schema attributes of a user pool. You can add a maximum of 25 custom attributes. any [] no
sms_authentication_message String representing the SMS authentication message. The Message must contain the {####} placeholder, which will be replaced with the code. string "Your username is {username}. Sign up at {####}" no
temporary_password_validity_days (Optional) In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. number 1 no
user_group_description The description of the user group string null no
user_group_name The name of the user group string null no
user_group_precedence The precedence of the user group number null no
user_group_role_arn The ARN of the IAM role to be associated with the user group string null no
user_groups A container with the user_groups definitions list(any) [] no
username_attributes Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with alias_attributes. list(any)
[
"email"
]
no
users Dynamic list of Cognito Users to create (email)
map(
object({
email = string
})
)
{} no

Outputs

Name Description
app_client_id ID of the user pool client.
name (Required) Name of the application client.
tags A mapping of tags to assign to the resource.
user_pool_id (Required) User pool the client belongs to.