The CDK Construct Library for AWS::Cognito
Project description
Amazon Cognito Construct Library
---
This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services.
This module is part of the AWS Cloud Development Kit project.
User Pools
User pools allow creating and managing your own directory of users that can sign up and sign in. They enable easy integration with social identity providers such as Facebook, Google, Amazon, Microsoft Active Directory, etc. through SAML.
Using the CDK, a new user pool can be created as part of the stack using the construct's constructor. You may specify
the userPoolName to give your own identifier to the user pool. If not, CloudFormation will generate a name.
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
UserPool(self, "myuserpool",
user_pool_name="myawesomeapp-userpool"
)
Sign Up
Users can either be signed up by the app's administrators or can sign themselves up. Once a user has signed up, their account needs to be confirmed. Cognito provides several ways to sign users up and confirm their accounts. Learn more about user sign up here.
When a user signs up, email and SMS messages are used to verify their account and contact methods. The following code snippet configures a user pool with properties relevant to these verification messages -
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
UserPool(self, "myuserpool",
# ...
self_sign_up_enabled=True,
user_verification={
"email_subject": "Verify your email for our awesome app!",
"email_body": "Hello {username}, Thanks for signing up to our awesome app! Your verification code is {####}",
"email_style": VerificationEmailStyle.CODE,
"sms_message": "Hello {username}, Thanks for signing up to our awesome app! Your verification code is {####}"
}
)
By default, self sign up is disabled. Learn more about email and SMS verification messages here.
Besides users signing themselves up, an administrator of any user pool can sign users up. The user then receives an invitation to join the user pool. The following code snippet configures a user pool with properties relevant to the invitation messages -
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
UserPool(self, "myuserpool",
# ...
user_invitation={
"email_subject": "Invite to join our awesome app!",
"email_body": "Hello {username}, you have been invited to join our awesome app! Your temporary password is {####}",
"sms_message": "Your temporary password for our awesome app is {####}"
}
)
All email subjects, bodies and SMS messages for both invitation and verification support Cognito's message templating. Learn more about message templates here.
Security
Cognito sends various messages to its users via SMS, for different actions, ranging from account verification to
marketing. In order to send SMS messages, Cognito needs an IAM role that it can assume, with permissions that allow it
to send SMS messages. By default, CDK will create this IAM role but can also be explicily specified to an existing IAM
role using the smsRole property.
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
from aws_cdk.aws_iam import Role
pool_sms_role = Role(self, "userpoolsmsrole")
UserPool(self, "myuserpool",
# ...
sms_role=pool_sms_role,
sms_role_external_id="c87467be-4f34-11ea-b77f-2e728ce88125"
)
When the smsRole property is specified, the smsRoleExternalId may also be specified. The value of
smsRoleExternalId will be used as the sts:ExternalId when the Cognito service assumes the role. In turn, the role's
assume role policy should be configured to accept this value as the ExternalId. Learn more about ExternalId
here.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-cognito-1.26.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d14a13857fd9b6208eaf6013909f5b98d99849eb6ac4647ef8613ac572c68976 |
|
| MD5 | 2ee58ca503d2247934d242d1068e6115 |
|
| BLAKE2b-256 | 8f4cb9e2278566c93bf289d5171146c3b3ca03e7c7688906be2321cc8acc3d76 |
Hashes for aws_cdk.aws_cognito-1.26.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0ab0afaebb398049c44cbd4e796052c21e829f8fc4ca9c4d5fc4404afbe466a0 |
|
| MD5 | 48de5f9f218b94a6ee193ac04f61bc2d |
|
| BLAKE2b-256 | 23ed9e6b81da07666ba9c7efca73e98794859bb6a7fe389eee9ace58795c3974 |
