awscognito

package
v2.139.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 11 Imported by: 14

README

Amazon Cognito Construct Library

Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, Google or Apple.

The two main components of Amazon Cognito are user pools and identity pools. User pools are user directories that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to other AWS services. Identity Pool L2 Constructs can be found here.

This module is part of the AWS Cloud Development Kit project.

Table of Contents

User Pools

User pools allow creating and managing your own directory of users that can sign up and sign in. They enable easy integration with social identity providers such as Facebook, Google, Amazon, Microsoft Active Directory, etc. through SAML.

Using the CDK, a new user pool can be created as part of the stack using the construct's constructor. You may specify the userPoolName to give your own identifier to the user pool. If not, CloudFormation will generate a name.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	UserPoolName: jsii.String("myawesomeapp-userpool"),
	SignInCaseSensitive: jsii.Boolean(false),
})

By default, usernames and email addresses in user pools are case sensitive, which means user@example.com and User@example.com are considered different. In most situations it is preferred to have usernames and email addresses be case insensitive so that capitalization differences are ignored. As shown above, you can make a user pool case insensitive by setting signInCaseSensitive to false. The case sensitivity cannot be changed once a user pool is created.

The default set up for the user pool is configured such that only administrators will be allowed to create users. Features such as Multi-factor authentication (MFAs) and Lambda Triggers are not configured by default.

Use the grant() method to add an IAM policy statement associated with the user pool to an IAM principal's policy.

userPool := cognito.NewUserPool(this, jsii.String("myuserpool"))
role := iam.NewRole(this, jsii.String("role"), &RoleProps{
	AssumedBy: iam.NewServicePrincipal(jsii.String("foo")),
})
userPool.grant(role, jsii.String("cognito-idp:AdminCreateUser"))
Sign Up

Users can either be signed up by the app's administrators or can sign themselves up. Once a user has signed up, their account needs to be confirmed. Cognito provides several ways to sign users up and confirm their accounts. Learn more about user sign up here.

To verify the email address of a user in your user pool with Amazon Cognito, you can send the user an email message with a link that they can select, or you can send them a code that they can enter.

Code Verification

When a user signs up, email and SMS messages are used to verify their account and contact methods. The following code snippet configures a user pool with properties relevant to these verification messages -

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SelfSignUpEnabled: jsii.Boolean(true),
	UserVerification: &UserVerificationConfig{
		EmailSubject: jsii.String("Verify your email for our awesome app!"),
		EmailBody: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
		EmailStyle: cognito.VerificationEmailStyle_CODE,
		SmsMessage: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
	},
})

By default, self sign up is disabled. Learn more about email and SMS verification messages here.

Besides users signing themselves up, an administrator of any user pool can sign users up. The user then receives an invitation to join the user pool. The following code snippet configures a user pool with properties relevant to the invitation messages -

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	UserInvitation: &UserInvitationConfig{
		EmailSubject: jsii.String("Invite to join our awesome app!"),
		EmailBody: jsii.String("Hello {username}, you have been invited to join our awesome app! Your temporary password is {####}"),
		SmsMessage: jsii.String("Hello {username}, your temporary password for our awesome app is {####}"),
	},
})

Alternatively, users can use link as a verification method. The following code snippet configures a user pool with properties relevant to these verification messages and link verification method.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	UserVerification: &UserVerificationConfig{
		EmailStyle: cognito.VerificationEmailStyle_LINK,
		EmailSubject: jsii.String("Invite to join our awesome app!"),
		EmailBody: jsii.String("You have been invited to join our awesome app! {##Verify Your Email##}"),
	},
})

All email subjects, bodies and SMS messages for both invitation and verification support Cognito's message templating. Learn more about message templates here.

Sign In

Users registering or signing in into your application can do so with multiple identifiers. There are 4 options available:

  • username: Allow signing in using the one time immutable user name that the user chose at the time of sign up.
  • email: Allow signing in using the email address that is associated with the account.
  • phone: Allow signing in using the phone number that is associated with the account.
  • preferredUsername: Allow signing in with an alternate user name that the user can change at any time. However, this is not available if the username option is not chosen.

The following code sets up a user pool so that the user can sign in with either their username or their email address -

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
		Email: jsii.Boolean(true),
	},
})

User pools can either be configured so that user name is primary sign in form, but also allows for the other three to be used additionally; or it can be configured so that email and/or phone numbers are the only ways a user can register and sign in. Read more about this here.

⚠️ The Cognito service prevents changing the signInAlias property for an existing user pool.

To match with 'Option 1' in the above link, with a verified email, signInAliases should be set to { username: true, email: true }. To match with 'Option 2' in the above link with both a verified email and phone number, this property should be set to { email: true, phone: true }.

Cognito recommends that email and phone number be automatically verified, if they are one of the sign in methods for the user pool. Read more about that here. The CDK does this by default, when email and/or phone number are specified as part of signInAliases. This can be overridden by specifying the autoVerify property.

The following code snippet sets up only email as a sign in alias, but both email and phone number to be auto-verified.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
		Email: jsii.Boolean(true),
	},
	AutoVerify: &AutoVerifiedAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
})

A user pool can optionally ignore case when evaluating sign-ins. When signInCaseSensitive is false, Cognito will not check the capitalization of the alias when signing in. Default is true.

Attributes

Attributes represent the various properties of each user that's collected and stored in the user pool. Cognito provides a set of standard attributes that are available for all user pools. Users are allowed to select any of these standard attributes to be required. Users will not be able to sign up to the user pool without providing the required attributes. Besides these, additional attributes can be further defined, and are known as custom attributes.

Learn more on attributes in Cognito's documentation.

The following code configures a user pool with two standard attributes (name and address) as required and mutable, and adds four custom attributes.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

As shown in the code snippet, there are data types that are available for custom attributes. The 'String' and 'Number' data types allow for further constraints on their length and values, respectively.

Custom attributes cannot be marked as required.

All custom attributes share the property mutable that specifies whether the value of the attribute can be changed. The default value is false.

User pools come with two 'built-in' attributes - email_verified and phone_number_verified. These cannot be configured (required-ness or mutability) as part of user pool creation. However, user pool administrators can modify them for specific users using the AdminUpdateUserAttributes API.

Attribute verification

When your user updates an email address or phone number attribute, Amazon Cognito marks it unverified until they verify the new value. You can’t send messages to an unverified email address or phone number. Your user can’t sign in with an unverified alias attribute. You can choose how Amazon Cognito handles an updated email address or phone number after the update and before the verification.

Learn more on configuring email or phone verification in Cognito's documentation.

The following code configures a user pool that keeps the original value for the two standard attributes (email and phone_number) until the new values are verified.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
	},
	AutoVerify: &AutoVerifiedAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
	KeepOriginal: &KeepOriginalAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
})
Security

Cognito sends various messages to its users via SMS, for different actions, ranging from account verification to marketing. In order to send SMS messages, Cognito needs an IAM role that it can assume, with permissions that allow it to send SMS messages.

By default, the CDK looks at all of the specified properties (and their defaults when not explicitly specified) and automatically creates an SMS role, when needed. For example, if MFA second factor by SMS is enabled, the CDK will create a new role. The smsRole property can be used to specify the user supplied role that should be used instead. Additionally, the property enableSmsRole can be used to override the CDK's default behaviour to either enable or suppress automatic role creation.

poolSmsRole := iam.NewRole(this, jsii.String("userpoolsmsrole"), &RoleProps{
	AssumedBy: iam.NewServicePrincipal(jsii.String("foo")),
})

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SmsRole: poolSmsRole,
	SmsRoleExternalId: jsii.String("c87467be-4f34-11ea-b77f-2e728ce88125"),
})

When the smsRole property is specified, the smsRoleExternalId may also be specified. The value of smsRoleExternalId will be used as the sts:ExternalId when the Cognito service assumes the role. In turn, the role's assume role policy should be configured to accept this value as the ExternalId. Learn more about ExternalId here.

Multi-factor Authentication (MFA)

User pools can be configured to enable multi-factor authentication (MFA). It can either be turned off, set to optional or made required. Setting MFA to optional means that individual users can choose to enable it. Additionally, the MFA code can be sent either via SMS text message or via a time-based software token. See the documentation on MFA to learn more.

The following code snippet marks MFA for the user pool as required. This means that all users are required to configure an MFA token and use it for sign in. It also allows for the users to use both SMS based MFA, as well, time-based one time password (TOTP).

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	Mfa: cognito.Mfa_REQUIRED,
	MfaSecondFactor: &MfaSecondFactor{
		Sms: jsii.Boolean(true),
		Otp: jsii.Boolean(true),
	},
})

User pools can be configured with policies around a user's password. This includes the password length and the character sets that they must contain.

Further to this, it can also be configured with the validity of the auto-generated temporary password. A temporary password is generated by the user pool either when an admin signs up a user or when a password reset is requested. The validity of this password dictates how long to give the user to use this password before expiring it.

The following code snippet configures these properties -

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	PasswordPolicy: &PasswordPolicy{
		MinLength: jsii.Number(12),
		RequireLowercase: jsii.Boolean(true),
		RequireUppercase: jsii.Boolean(true),
		RequireDigits: jsii.Boolean(true),
		RequireSymbols: jsii.Boolean(true),
		TempPasswordValidity: awscdk.Duration_Days(jsii.Number(3)),
	},
})

Note that, tempPasswordValidity can be specified only in whole days. Specifying fractional days would throw an error.

Account Recovery Settings

User pools can be configured on which method a user should use when recovering the password for their account. This can either be email and/or SMS. Read more at Recovering User Accounts

cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
	// ...
	AccountRecovery: cognito.AccountRecovery_EMAIL_ONLY,
})

The default for account recovery is by phone if available and by email otherwise. A user will not be allowed to reset their password via phone if they are also using it for MFA.

Advanced Security Mode

User pools can be configured to use Advanced security. You can turn the user pool advanced security features on, and customize the actions that are taken in response to different risks. Or you can use audit mode to gather metrics on detected risks without taking action. In audit mode, the advanced security features publish metrics to Amazon CloudWatch. See the documentation on Advanced security to learn more.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	AdvancedSecurityMode: cognito.AdvancedSecurityMode_ENFORCED,
})
Emails

Cognito sends emails to users in the user pool, when particular actions take place, such as welcome emails, invitation emails, password resets, etc. The address from which these emails are sent can be configured on the user pool. Read more at Email settings for User Pools.

By default, user pools are configured to use Cognito's built in email capability, which will send emails from no-reply@verificationemail.com. If you want to use a custom email address you can configure Cognito to send emails through Amazon SES, which is detailed below.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithCognito(jsii.String("support@myawesomeapp.com")),
})

For typical production environments, the default email limit is below the required delivery volume. To enable a higher delivery volume, you can configure the UserPool to send emails through Amazon SES. To do so, follow the steps in the Cognito Developer Guide to verify an email address, move the account out of the SES sandbox, and grant Cognito email permissions via an authorization policy.

Once the SES setup is complete, the UserPool can be configured to use the SES email.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("Awesome App"),
		ReplyTo: jsii.String("support@myawesomeapp.com"),
	}),
})

Sending emails through SES requires that SES be configured (as described above) in a valid SES region. If the UserPool is being created in a different region, sesRegion must be used to specify the correct SES region.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		SesRegion: jsii.String("us-east-1"),
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("Awesome App"),
		ReplyTo: jsii.String("support@myawesomeapp.com"),
	}),
})

When sending emails from an SES verified domain, sesVerifiedDomain can be used to specify the domain. The email address does not need to be verified when sending emails from a verified domain, because the identity of the email configuration is can be determined from the domain alone.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		SesRegion: jsii.String("us-east-1"),
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("Awesome App"),
		ReplyTo: jsii.String("support@myawesomeapp.com"),
		SesVerifiedDomain: jsii.String("myawesomeapp.com"),
	}),
})

If fromName does not comply RFC 5322 atom or quoted-string, it will be quoted or mime-encoded.

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("myname@mycompany.com"),
	}),
})
Device Tracking

User pools can be configured to track devices that users have logged in to. Read more at Device Tracking

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	DeviceTracking: &DeviceTracking{
		ChallengeRequiredOnNewDevice: jsii.Boolean(true),
		DeviceOnlyRememberedOnUserPrompt: jsii.Boolean(true),
	},
})

The default is to not track devices.

Lambda Triggers

User pools can be configured such that AWS Lambda functions can be triggered when certain user operations or actions occur, such as, sign up, user confirmation, sign in, etc. They can also be used to add custom authentication challenges, user migrations and custom verification messages. Learn more about triggers at User Pool Workflows with Triggers.

Lambda triggers can either be specified as part of the UserPool initialization, or it can be added later, via methods on the construct, as so -

authChallengeFn := lambda.NewFunction(this, jsii.String("authChallengeFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
})

userpool := cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	LambdaTriggers: &UserPoolTriggers{
		CreateAuthChallenge: authChallengeFn,
	},
})

userpool.AddTrigger(cognito.UserPoolOperation_USER_MIGRATION(), lambda.NewFunction(this, jsii.String("userMigrationFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_*FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
}))

Additionally, only the pre token generation Lambda trigger supports trigger events with lambda version V2.0:

var userpool userPool
var preTokenGenerationFn function


userpool.AddTrigger(cognito.UserPoolOperation_PRE_TOKEN_GENERATION_CONFIG(), preTokenGenerationFn, cognito.LambdaVersion_V2_0)

The following table lists the set of triggers available, and their corresponding method to add it to the user pool. For more information on the function of these triggers and how to configure them, read User Pool Workflows with Triggers.

Trigger Permissions

The function.attachToRolePolicy() API can be used to add additional IAM permissions to the lambda trigger as necessary.

⚠️ Using the attachToRolePolicy API to provide permissions to your user pool will result in a circular dependency. See aws/aws-cdk#7016. Error message when running cdk synth or cdk deploy:

Circular dependency between resources: [pool056F3F7E, fnPostAuthFnCognitoA630A2B1, ...]

To work around the circular dependency issue, use the attachInlinePolicy() API instead, as shown below.

var postAuthFn function


userpool := cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	LambdaTriggers: &UserPoolTriggers{
		PostAuthentication: postAuthFn,
	},
})

// provide permissions to describe the user pool scoped to the ARN the user pool
postAuthFn.Role.AttachInlinePolicy(iam.NewPolicy(this, jsii.String("userpool-policy"), &PolicyProps{
	Statements: []policyStatement{
		iam.NewPolicyStatement(&PolicyStatementProps{
			Actions: []*string{
				jsii.String("cognito-idp:DescribeUserPool"),
			},
			Resources: []*string{
				userpool.UserPoolArn,
			},
		}),
	},
}))
Importing User Pools

Any user pool that has been created outside of this stack, can be imported into the CDK app. Importing a user pool allows for it to be used in other parts of the CDK app that reference an IUserPool. However, imported user pools have limited configurability. As a rule of thumb, none of the properties that are part of the AWS::Cognito::UserPool CloudFormation resource can be configured.

User pools can be imported either using their id via the UserPool.fromUserPoolId(), or by using their ARN, via the UserPool.fromUserPoolArn() API.

awesomePool := cognito.UserPool_FromUserPoolId(this, jsii.String("awesome-user-pool"), jsii.String("us-east-1_oiuR12Abd"))

otherAwesomePool := cognito.UserPool_FromUserPoolArn(this, jsii.String("other-awesome-user-pool"), jsii.String("arn:aws:cognito-idp:eu-west-1:123456789012:userpool/us-east-1_mtRyYQ14D"))
Identity Providers

Users that are part of a user pool can sign in either directly through a user pool, or federate through a third-party identity provider. Once configured, the Cognito backend will take care of integrating with the third-party provider. Read more about Adding User Pool Sign-in Through a Third Party.

The following third-party identity providers are currently supported in the CDK -

The following code configures a user pool to federate with the third party provider, 'Login with Amazon'. The identity provider needs to be configured with a set of credentials that the Cognito backend can use to federate with the third-party identity provider.

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

provider := cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
	UserPool: userpool,
})

Using Google identity provider is possible to use clientSecretValue with SecretValue from secrets manager.

userpool := cognito.NewUserPool(this, jsii.String("Pool"))
secret := secretsmanager.Secret_FromSecretAttributes(this, jsii.String("CognitoClientSecret"), &SecretAttributes{
	SecretCompleteArn: jsii.String("arn:aws:secretsmanager:xxx:xxx:secret:xxx-xxx"),
}).SecretValue

provider := cognito.NewUserPoolIdentityProviderGoogle(this, jsii.String("Google"), &UserPoolIdentityProviderGoogleProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecretValue: secret,
	UserPool: userpool,
})

Using SAML identity provider is possible to use SAML metadata file content or SAML metadata file url.

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

// specify the metadata as a file content
// specify the metadata as a file content
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolIdpFile"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_File(jsii.String("my-file-contents")),
	// Whether to require encrypted SAML assertions from IdP
	EncryptedResponses: jsii.Boolean(true),
	// The signing algorithm for the SAML requests
	RequestSigningAlgorithm: cognito.SigningAlgorithm_RSA_SHA256,
	// Enable IdP initiated SAML auth flow
	IdpInitiated: jsii.Boolean(true),
})

// specify the metadata as a URL
// specify the metadata as a URL
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolidpUrl"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_Url(jsii.String("https://my-metadata-url.com")),
})

Attribute mapping allows mapping attributes provided by the third-party identity providers to standard and custom attributes of the user pool. Learn more about Specifying Identity Provider Attribute Mappings for Your User Pool.

The following code shows how different attributes provided by 'Login With Amazon' can be mapped to standard and custom user pool attributes.

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
	UserPool: userpool,
	AttributeMapping: &AttributeMapping{
		Email: cognito.ProviderAttribute_AMAZON_EMAIL(),
		Website: cognito.ProviderAttribute_Other(jsii.String("url")),
		 // use other() when an attribute is not pre-defined in the CDK
		Custom: map[string]providerAttribute{
			// custom user pool attributes go here
			"uniqueId": cognito.*providerAttribute_AMAZON_USER_ID(),
		},
	},
})
App Clients

An app is an entity within a user pool that has permission to call unauthenticated APIs (APIs that do not have an authenticated user), such as APIs to register, sign in, and handle forgotten passwords. To call these APIs, you need an app client ID and an optional client secret. Read Configuring a User Pool App Client to learn more.

The following code creates an app client and retrieves the client id -

pool := cognito.NewUserPool(this, jsii.String("pool"))
client := pool.addClient(jsii.String("customer-app-client"))
clientId := client.UserPoolClientId

Existing app clients can be imported into the CDK app using the UserPoolClient.fromUserPoolClientId() API. For new and imported user pools, clients can also be created via the UserPoolClient constructor, as so -

importedPool := cognito.UserPool_FromUserPoolId(this, jsii.String("imported-pool"), jsii.String("us-east-1_oiuR12Abd"))
cognito.NewUserPoolClient(this, jsii.String("customer-app-client"), &UserPoolClientProps{
	UserPool: importedPool,
})

Clients can be configured with authentication flows. Authentication flows allow users on a client to be authenticated with a user pool. Cognito user pools provide several different types of authentication, such as, SRP (Secure Remote Password) authentication, username-and-password authentication, etc. Learn more about this at UserPool Authentication Flow.

The following code configures a client to use both SRP and username-and-password authentication -

pool := cognito.NewUserPool(this, jsii.String("pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	AuthFlows: &AuthFlow{
		UserPassword: jsii.Boolean(true),
		UserSrp: jsii.Boolean(true),
	},
})

Custom authentication protocols can be configured by setting the custom property under authFlow and defining lambda functions for the corresponding user pool triggers. Learn more at Custom Authentication Flow.

In addition to these authentication mechanisms, Cognito user pools also support using OAuth 2.0 framework for authenticating users. User pool clients can be configured with OAuth 2.0 authorization flows and scopes. Learn more about the OAuth 2.0 authorization framework and Cognito user pool's implementation of OAuth2.0.

The following code configures an app client with the authorization code grant flow and registers the the app's welcome page as a callback (or redirect) URL. It also configures the access token scope to 'openid'. All of these concepts can be found in the OAuth 2.0 RFC.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			AuthorizationCodeGrant: jsii.Boolean(true),
		},
		Scopes: []oAuthScope{
			cognito.*oAuthScope_OPENID(),
		},
		CallbackUrls: []*string{
			jsii.String("https://my-app-domain.com/welcome"),
		},
		LogoutUrls: []*string{
			jsii.String("https://my-app-domain.com/signin"),
		},
	},
})

An app client can be configured to prevent user existence errors. This instructs the Cognito authentication API to return generic authentication failure responses instead of an UserNotFoundException. By default, the flag is not set, which means the CloudFormation default (false) will be used. See the documentation for the full details on the behavior of this flag.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	PreventUserExistenceErrors: jsii.Boolean(true),
})

All identity providers created in the CDK app are automatically registered into the corresponding user pool. All app clients created in the CDK have all of the identity providers enabled by default. The 'Cognito' identity provider, that allows users to register and sign in directly with the Cognito user pool, is also enabled by default. Alternatively, the list of supported identity providers for a client can be explicitly specified -

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
		cognito.*userPoolClientIdentityProvider_COGNITO(),
	},
})

If the identity provider and the app client are created in the same stack, specify the dependency between both constructs to make sure that the identity provider already exists when the app client will be created. The app client cannot handle the dependency to the identity provider automatically because the client does not have access to the provider's construct.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
provider := cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	UserPool: pool,
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
})

client := pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
	},
})

client.Node.AddDependency(provider)

The property authSessionValidity is the session token for each API request in the authentication flow. Valid duration is from 3 to 15 minutes.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	AuthSessionValidity: awscdk.Duration_Minutes(jsii.Number(15)),
})

In accordance with the OIDC open standard, Cognito user pool clients provide access tokens, ID tokens and refresh tokens. More information is available at Using Tokens with User Pools. The expiration time for these tokens can be configured as shown below.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	AccessTokenValidity: awscdk.Duration_Minutes(jsii.Number(60)),
	IdTokenValidity: awscdk.Duration_*Minutes(jsii.Number(60)),
	RefreshTokenValidity: awscdk.Duration_Days(jsii.Number(30)),
})

Clients can (and should) be allowed to read and write relevant user attributes only. Usually every client can be allowed to read the given_name attribute but not every client should be allowed to set the email_verified attribute. The same criteria applies for both standard and custom attributes, more info is available at Attribute Permissions and Scopes. The default behaviour is to allow read and write permissions on all attributes. The following code shows how this can be configured for a client.

pool := cognito.NewUserPool(this, jsii.String("Pool"))

clientWriteAttributes := (cognito.NewClientAttributes()).WithStandardAttributes(&StandardAttributesMask{
	Fullname: jsii.Boolean(true),
	Email: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("favouritePizza"), jsii.String("favouriteBeverage"))

clientReadAttributes := clientWriteAttributes.WithStandardAttributes(&StandardAttributesMask{
	EmailVerified: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("pointsEarned"))

pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	ReadAttributes: clientReadAttributes,
	WriteAttributes: clientWriteAttributes,
})

Token revocation can be configured to be able to revoke refresh tokens in app clients. By default, token revocation is enabled for new user pools. The property can be used to enable the token revocation in existing app clients or to change the default behavior.

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	EnableTokenRevocation: jsii.Boolean(true),
})

User Pool clients can generate a client ID as well as a client secret, to support more advanced authentication workflows.

To create a client with an autogenerated client secret, pass the generateSecret: true prop:

var importedPool userPool


userPoolClient := cognito.NewUserPoolClient(this, jsii.String("UserPoolClient"), &UserPoolClientProps{
	UserPool: importedPool,
	GenerateSecret: jsii.Boolean(true),
})

// Allows you to pass the generated secret to other pieces of infrastructure
secret := userPoolClient.userPoolClientSecret
Resource Servers

A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an access token. See Defining Resource Servers for more information.

An application may choose to model custom permissions via OAuth. Resource Servers provide this capability via custom scopes that are attached to an app client. The following example sets up a resource server for the 'users' resource for two different app clients and configures the clients to use these scopes.

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})
Domains

After setting up an app client, the address for the user pool's sign-up and sign-in webpages can be configured using domains. There are two ways to set up a domain - either the Amazon Cognito hosted domain can be chosen with an available domain prefix, or a custom domain name can be chosen. The custom domain must be one that is already owned, and whose certificate is registered in AWS Certificate Manager.

The following code sets up a user pool domain in Amazon Cognito hosted domain with the prefix 'my-awesome-app', and another domain with the custom domain 'user.myapp.com' -

pool := cognito.NewUserPool(this, jsii.String("Pool"))

pool.addDomain(jsii.String("CognitoDomain"), &UserPoolDomainOptions{
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("my-awesome-app"),
	},
})

certificateArn := "arn:aws:acm:us-east-1:123456789012:certificate/11-3336f1-44483d-adc7-9cd375c5169d"

domainCert := certificatemanager.Certificate_FromCertificateArn(this, jsii.String("domainCert"), certificateArn)
pool.addDomain(jsii.String("CustomDomain"), &UserPoolDomainOptions{
	CustomDomain: &CustomDomainOptions{
		DomainName: jsii.String("user.myapp.com"),
		Certificate: domainCert,
	},
})

Read more about Using the Amazon Cognito Domain and Using Your Own Domain.

The signInUrl() methods returns the fully qualified URL to the login page for the user pool. This page comes from the hosted UI configured with Cognito. Learn more at Hosted UI with the Amazon Cognito Console.

userpool := cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
})
client := userpool.addClient(jsii.String("Client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			ImplicitCodeGrant: jsii.Boolean(true),
		},
		CallbackUrls: []*string{
			jsii.String("https://myapp.com/home"),
			jsii.String("https://myapp.com/users"),
		},
	},
})
domain := userpool.addDomain(jsii.String("Domain"), &UserPoolDomainOptions{
})
signInUrl := domain.SignInUrl(client, &SignInUrlOptions{
	RedirectUri: jsii.String("https://myapp.com/home"),
})

Existing domains can be imported into CDK apps using UserPoolDomain.fromDomainName() API

myUserPoolDomain := cognito.UserPoolDomain_FromDomainName(this, jsii.String("my-user-pool-domain"), jsii.String("domain-name"))
Deletion protection

Deletion protection can be enabled on a user pool to prevent accidental deletion:

userpool := cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
	// ...
	DeletionProtection: jsii.Boolean(true),
})

By default deletion protection is disabled.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CfnIdentityPoolPrincipalTag_CFN_RESOURCE_TYPE_NAME added in v2.82.0 

func CfnIdentityPoolPrincipalTag_CFN_RESOURCE_TYPE_NAME() *string

func CfnIdentityPoolPrincipalTag_IsCfnElement added in v2.82.0 

func CfnIdentityPoolPrincipalTag_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnIdentityPoolPrincipalTag_IsCfnResource added in v2.82.0 

func CfnIdentityPoolPrincipalTag_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnIdentityPoolPrincipalTag_IsConstruct added in v2.82.0 

func CfnIdentityPoolPrincipalTag_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnIdentityPoolRoleAttachment_CFN_RESOURCE_TYPE_NAME 

func CfnIdentityPoolRoleAttachment_CFN_RESOURCE_TYPE_NAME() *string

func CfnIdentityPoolRoleAttachment_IsCfnElement 

func CfnIdentityPoolRoleAttachment_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnIdentityPoolRoleAttachment_IsCfnResource 

func CfnIdentityPoolRoleAttachment_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnIdentityPoolRoleAttachment_IsConstruct 

func CfnIdentityPoolRoleAttachment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnIdentityPool_CFN_RESOURCE_TYPE_NAME 

func CfnIdentityPool_CFN_RESOURCE_TYPE_NAME() *string

func CfnIdentityPool_IsCfnElement 

func CfnIdentityPool_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnIdentityPool_IsCfnResource 

func CfnIdentityPool_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnIdentityPool_IsConstruct 

func CfnIdentityPool_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnLogDeliveryConfiguration_CFN_RESOURCE_TYPE_NAME added in v2.101.0 

func CfnLogDeliveryConfiguration_CFN_RESOURCE_TYPE_NAME() *string

func CfnLogDeliveryConfiguration_IsCfnElement added in v2.101.0 

func CfnLogDeliveryConfiguration_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnLogDeliveryConfiguration_IsCfnResource added in v2.101.0 

func CfnLogDeliveryConfiguration_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnLogDeliveryConfiguration_IsConstruct added in v2.101.0 

func CfnLogDeliveryConfiguration_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolClient_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolClient_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolClient_IsCfnElement 

func CfnUserPoolClient_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolClient_IsCfnResource 

func CfnUserPoolClient_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolClient_IsConstruct 

func CfnUserPoolClient_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolDomain_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolDomain_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolDomain_IsCfnElement 

func CfnUserPoolDomain_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolDomain_IsCfnResource 

func CfnUserPoolDomain_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolDomain_IsConstruct 

func CfnUserPoolDomain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolGroup_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolGroup_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolGroup_IsCfnElement 

func CfnUserPoolGroup_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolGroup_IsCfnResource 

func CfnUserPoolGroup_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolGroup_IsConstruct 

func CfnUserPoolGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolIdentityProvider_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolIdentityProvider_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolIdentityProvider_IsCfnElement 

func CfnUserPoolIdentityProvider_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolIdentityProvider_IsCfnResource 

func CfnUserPoolIdentityProvider_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolIdentityProvider_IsConstruct 

func CfnUserPoolIdentityProvider_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolResourceServer_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolResourceServer_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolResourceServer_IsCfnElement 

func CfnUserPoolResourceServer_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolResourceServer_IsCfnResource 

func CfnUserPoolResourceServer_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolResourceServer_IsConstruct 

func CfnUserPoolResourceServer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolRiskConfigurationAttachment_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolRiskConfigurationAttachment_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolRiskConfigurationAttachment_IsCfnElement 

func CfnUserPoolRiskConfigurationAttachment_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolRiskConfigurationAttachment_IsCfnResource 

func CfnUserPoolRiskConfigurationAttachment_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolRiskConfigurationAttachment_IsConstruct 

func CfnUserPoolRiskConfigurationAttachment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolUICustomizationAttachment_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolUICustomizationAttachment_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolUICustomizationAttachment_IsCfnElement 

func CfnUserPoolUICustomizationAttachment_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolUICustomizationAttachment_IsCfnResource 

func CfnUserPoolUICustomizationAttachment_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolUICustomizationAttachment_IsConstruct 

func CfnUserPoolUICustomizationAttachment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolUserToGroupAttachment_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolUserToGroupAttachment_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolUserToGroupAttachment_IsCfnElement 

func CfnUserPoolUserToGroupAttachment_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolUserToGroupAttachment_IsCfnResource 

func CfnUserPoolUserToGroupAttachment_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolUserToGroupAttachment_IsConstruct 

func CfnUserPoolUserToGroupAttachment_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPoolUser_CFN_RESOURCE_TYPE_NAME 

func CfnUserPoolUser_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPoolUser_IsCfnElement 

func CfnUserPoolUser_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPoolUser_IsCfnResource 

func CfnUserPoolUser_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPoolUser_IsConstruct 

func CfnUserPoolUser_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnUserPool_CFN_RESOURCE_TYPE_NAME 

func CfnUserPool_CFN_RESOURCE_TYPE_NAME() *string

func CfnUserPool_IsCfnElement 

func CfnUserPool_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnUserPool_IsCfnResource 

func CfnUserPool_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnUserPool_IsConstruct 

func CfnUserPool_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NewBooleanAttribute_Override 

func NewBooleanAttribute_Override(b BooleanAttribute, props *CustomAttributeProps)

func NewCfnIdentityPoolPrincipalTag_Override added in v2.82.0 

func NewCfnIdentityPoolPrincipalTag_Override(c CfnIdentityPoolPrincipalTag, scope constructs.Construct, id *string, props *CfnIdentityPoolPrincipalTagProps)

func NewCfnIdentityPoolRoleAttachment_Override 

func NewCfnIdentityPoolRoleAttachment_Override(c CfnIdentityPoolRoleAttachment, scope constructs.Construct, id *string, props *CfnIdentityPoolRoleAttachmentProps)

func NewCfnIdentityPool_Override 

func NewCfnIdentityPool_Override(c CfnIdentityPool, scope constructs.Construct, id *string, props *CfnIdentityPoolProps)

func NewCfnLogDeliveryConfiguration_Override added in v2.101.0 

func NewCfnLogDeliveryConfiguration_Override(c CfnLogDeliveryConfiguration, scope constructs.Construct, id *string, props *CfnLogDeliveryConfigurationProps)

func NewCfnUserPoolClient_Override 

func NewCfnUserPoolClient_Override(c CfnUserPoolClient, scope constructs.Construct, id *string, props *CfnUserPoolClientProps)

func NewCfnUserPoolDomain_Override 

func NewCfnUserPoolDomain_Override(c CfnUserPoolDomain, scope constructs.Construct, id *string, props *CfnUserPoolDomainProps)

func NewCfnUserPoolGroup_Override 

func NewCfnUserPoolGroup_Override(c CfnUserPoolGroup, scope constructs.Construct, id *string, props *CfnUserPoolGroupProps)

func NewCfnUserPoolIdentityProvider_Override 

func NewCfnUserPoolIdentityProvider_Override(c CfnUserPoolIdentityProvider, scope constructs.Construct, id *string, props *CfnUserPoolIdentityProviderProps)

func NewCfnUserPoolResourceServer_Override 

func NewCfnUserPoolResourceServer_Override(c CfnUserPoolResourceServer, scope constructs.Construct, id *string, props *CfnUserPoolResourceServerProps)

func NewCfnUserPoolRiskConfigurationAttachment_Override 

func NewCfnUserPoolRiskConfigurationAttachment_Override(c CfnUserPoolRiskConfigurationAttachment, scope constructs.Construct, id *string, props *CfnUserPoolRiskConfigurationAttachmentProps)

func NewCfnUserPoolUICustomizationAttachment_Override 

func NewCfnUserPoolUICustomizationAttachment_Override(c CfnUserPoolUICustomizationAttachment, scope constructs.Construct, id *string, props *CfnUserPoolUICustomizationAttachmentProps)

func NewCfnUserPoolUserToGroupAttachment_Override 

func NewCfnUserPoolUserToGroupAttachment_Override(c CfnUserPoolUserToGroupAttachment, scope constructs.Construct, id *string, props *CfnUserPoolUserToGroupAttachmentProps)

func NewCfnUserPoolUser_Override 

func NewCfnUserPoolUser_Override(c CfnUserPoolUser, scope constructs.Construct, id *string, props *CfnUserPoolUserProps)

func NewCfnUserPool_Override 

func NewCfnUserPool_Override(c CfnUserPool, scope constructs.Construct, id *string, props *CfnUserPoolProps)

func NewClientAttributes_Override 

func NewClientAttributes_Override(c ClientAttributes)

Creates a ClientAttributes with the specified attributes. Default: - a ClientAttributes object without any attributes.

func NewDateTimeAttribute_Override 

func NewDateTimeAttribute_Override(d DateTimeAttribute, props *CustomAttributeProps)

func NewNumberAttribute_Override 

func NewNumberAttribute_Override(n NumberAttribute, props *NumberAttributeProps)

func NewResourceServerScope_Override 

func NewResourceServerScope_Override(r ResourceServerScope, props *ResourceServerScopeProps)

func NewStringAttribute_Override 

func NewStringAttribute_Override(s StringAttribute, props *StringAttributeProps)

func NewUserPoolClient_Override 

func NewUserPoolClient_Override(u UserPoolClient, scope constructs.Construct, id *string, props *UserPoolClientProps)

func NewUserPoolDomain_Override 

func NewUserPoolDomain_Override(u UserPoolDomain, scope constructs.Construct, id *string, props *UserPoolDomainProps)

func NewUserPoolEmail_Override 

func NewUserPoolEmail_Override(u UserPoolEmail)

func NewUserPoolIdentityProviderAmazon_Override 

func NewUserPoolIdentityProviderAmazon_Override(u UserPoolIdentityProviderAmazon, scope constructs.Construct, id *string, props *UserPoolIdentityProviderAmazonProps)

func NewUserPoolIdentityProviderApple_Override 

func NewUserPoolIdentityProviderApple_Override(u UserPoolIdentityProviderApple, scope constructs.Construct, id *string, props *UserPoolIdentityProviderAppleProps)

func NewUserPoolIdentityProviderFacebook_Override 

func NewUserPoolIdentityProviderFacebook_Override(u UserPoolIdentityProviderFacebook, scope constructs.Construct, id *string, props *UserPoolIdentityProviderFacebookProps)

func NewUserPoolIdentityProviderGoogle_Override 

func NewUserPoolIdentityProviderGoogle_Override(u UserPoolIdentityProviderGoogle, scope constructs.Construct, id *string, props *UserPoolIdentityProviderGoogleProps)

func NewUserPoolIdentityProviderOidc_Override added in v2.27.0 

func NewUserPoolIdentityProviderOidc_Override(u UserPoolIdentityProviderOidc, scope constructs.Construct, id *string, props *UserPoolIdentityProviderOidcProps)

func NewUserPoolIdentityProviderSaml_Override added in v2.42.0 

func NewUserPoolIdentityProviderSaml_Override(u UserPoolIdentityProviderSaml, scope constructs.Construct, id *string, props *UserPoolIdentityProviderSamlProps)

func NewUserPoolResourceServer_Override 

func NewUserPoolResourceServer_Override(u UserPoolResourceServer, scope constructs.Construct, id *string, props *UserPoolResourceServerProps)

func NewUserPool_Override 

func NewUserPool_Override(u UserPool, scope constructs.Construct, id *string, props *UserPoolProps)

func UserPoolClient_IsConstruct 

func UserPoolClient_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolClient_IsOwnedResource added in v2.32.0 

func UserPoolClient_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolClient_IsResource 

func UserPoolClient_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolDomain_IsConstruct 

func UserPoolDomain_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolDomain_IsOwnedResource added in v2.32.0 

func UserPoolDomain_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolDomain_IsResource 

func UserPoolDomain_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderAmazon_IsConstruct 

func UserPoolIdentityProviderAmazon_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderAmazon_IsOwnedResource added in v2.32.0 

func UserPoolIdentityProviderAmazon_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderAmazon_IsResource 

func UserPoolIdentityProviderAmazon_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderApple_IsConstruct 

func UserPoolIdentityProviderApple_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderApple_IsOwnedResource added in v2.32.0 

func UserPoolIdentityProviderApple_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderApple_IsResource 

func UserPoolIdentityProviderApple_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderFacebook_IsConstruct 

func UserPoolIdentityProviderFacebook_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderFacebook_IsOwnedResource added in v2.32.0 

func UserPoolIdentityProviderFacebook_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderFacebook_IsResource 

func UserPoolIdentityProviderFacebook_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderGoogle_IsConstruct 

func UserPoolIdentityProviderGoogle_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderGoogle_IsOwnedResource added in v2.32.0 

func UserPoolIdentityProviderGoogle_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderGoogle_IsResource 

func UserPoolIdentityProviderGoogle_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderOidc_IsConstruct added in v2.27.0 

func UserPoolIdentityProviderOidc_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderOidc_IsOwnedResource added in v2.32.0 

func UserPoolIdentityProviderOidc_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderOidc_IsResource added in v2.27.0 

func UserPoolIdentityProviderOidc_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolIdentityProviderSaml_IsConstruct added in v2.42.0 

func UserPoolIdentityProviderSaml_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolIdentityProviderSaml_IsOwnedResource added in v2.42.0 

func UserPoolIdentityProviderSaml_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolIdentityProviderSaml_IsResource added in v2.42.0 

func UserPoolIdentityProviderSaml_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPoolResourceServer_IsConstruct 

func UserPoolResourceServer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPoolResourceServer_IsOwnedResource added in v2.32.0 

func UserPoolResourceServer_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPoolResourceServer_IsResource 

func UserPoolResourceServer_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func UserPool_IsConstruct 

func UserPool_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func UserPool_IsOwnedResource added in v2.32.0 

func UserPool_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func UserPool_IsResource 

func UserPool_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

Types

type AccountRecovery 

type AccountRecovery string

How will a user be able to recover their account?

When a user forgets their password, they can have a code sent to their verified email or verified phone to recover their account. You can choose the preferred way to send codes below. We recommend not allowing phone to be used for both password resets and multi-factor authentication (MFA).

Example: 

cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
	// ...
	AccountRecovery: cognito.AccountRecovery_EMAIL_ONLY,
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html 

const (
	// Email if available, otherwise phone, but don’t allow a user to reset their password via phone if they are also using it for MFA.
	AccountRecovery_EMAIL_AND_PHONE_WITHOUT_MFA AccountRecovery = "EMAIL_AND_PHONE_WITHOUT_MFA"
	// Phone if available, otherwise email, but don’t allow a user to reset their password via phone if they are also using it for MFA.
	AccountRecovery_PHONE_WITHOUT_MFA_AND_EMAIL AccountRecovery = "PHONE_WITHOUT_MFA_AND_EMAIL"
	// Email only.
	AccountRecovery_EMAIL_ONLY AccountRecovery = "EMAIL_ONLY"
	// Phone only, but don’t allow a user to reset their password via phone if they are also using it for MFA.
	AccountRecovery_PHONE_ONLY_WITHOUT_MFA AccountRecovery = "PHONE_ONLY_WITHOUT_MFA"
	// (Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.
	AccountRecovery_PHONE_AND_EMAIL AccountRecovery = "PHONE_AND_EMAIL"
	// None – users will have to contact an administrator to reset their passwords.
	AccountRecovery_NONE AccountRecovery = "NONE"
)

type AdvancedSecurityMode added in v2.55.0 

type AdvancedSecurityMode string

The different ways in which a user pool's Advanced Security Mode can be configured.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	AdvancedSecurityMode: cognito.AdvancedSecurityMode_ENFORCED,
})

See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode 

const (
	// Enable advanced security mode.
	AdvancedSecurityMode_ENFORCED AdvancedSecurityMode = "ENFORCED"
	// gather metrics on detected risks without taking action.
	//
	// Metrics are published to Amazon CloudWatch.
	AdvancedSecurityMode_AUDIT AdvancedSecurityMode = "AUDIT"
	// Advanced security mode is disabled.
	AdvancedSecurityMode_OFF AdvancedSecurityMode = "OFF"
)

type AttributeMapping 

type AttributeMapping struct {
	// The user's postal address is a required attribute.
	// Default: - not mapped.
	//
	Address ProviderAttribute `field:"optional" json:"address" yaml:"address"`
	// The user's birthday.
	// Default: - not mapped.
	//
	Birthdate ProviderAttribute `field:"optional" json:"birthdate" yaml:"birthdate"`
	// Specify custom attribute mapping here and mapping for any standard attributes not supported yet.
	// Default: - no custom attribute mapping.
	//
	Custom *map[string]ProviderAttribute `field:"optional" json:"custom" yaml:"custom"`
	// The user's e-mail address.
	// Default: - not mapped.
	//
	Email ProviderAttribute `field:"optional" json:"email" yaml:"email"`
	// The surname or last name of user.
	// Default: - not mapped.
	//
	FamilyName ProviderAttribute `field:"optional" json:"familyName" yaml:"familyName"`
	// The user's full name in displayable form.
	// Default: - not mapped.
	//
	Fullname ProviderAttribute `field:"optional" json:"fullname" yaml:"fullname"`
	// The user's gender.
	// Default: - not mapped.
	//
	Gender ProviderAttribute `field:"optional" json:"gender" yaml:"gender"`
	// The user's first name or give name.
	// Default: - not mapped.
	//
	GivenName ProviderAttribute `field:"optional" json:"givenName" yaml:"givenName"`
	// Time, the user's information was last updated.
	// Default: - not mapped.
	//
	LastUpdateTime ProviderAttribute `field:"optional" json:"lastUpdateTime" yaml:"lastUpdateTime"`
	// The user's locale.
	// Default: - not mapped.
	//
	Locale ProviderAttribute `field:"optional" json:"locale" yaml:"locale"`
	// The user's middle name.
	// Default: - not mapped.
	//
	MiddleName ProviderAttribute `field:"optional" json:"middleName" yaml:"middleName"`
	// The user's nickname or casual name.
	// Default: - not mapped.
	//
	Nickname ProviderAttribute `field:"optional" json:"nickname" yaml:"nickname"`
	// The user's telephone number.
	// Default: - not mapped.
	//
	PhoneNumber ProviderAttribute `field:"optional" json:"phoneNumber" yaml:"phoneNumber"`
	// The user's preferred username.
	// Default: - not mapped.
	//
	PreferredUsername ProviderAttribute `field:"optional" json:"preferredUsername" yaml:"preferredUsername"`
	// The URL to the user's profile page.
	// Default: - not mapped.
	//
	ProfilePage ProviderAttribute `field:"optional" json:"profilePage" yaml:"profilePage"`
	// The URL to the user's profile picture.
	// Default: - not mapped.
	//
	ProfilePicture ProviderAttribute `field:"optional" json:"profilePicture" yaml:"profilePicture"`
	// The user's time zone.
	// Default: - not mapped.
	//
	Timezone ProviderAttribute `field:"optional" json:"timezone" yaml:"timezone"`
	// The URL to the user's web page or blog.
	// Default: - not mapped.
	//
	Website ProviderAttribute `field:"optional" json:"website" yaml:"website"`
}

The mapping of user pool attributes to the attributes provided by the identity providers.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
	UserPool: userpool,
	AttributeMapping: &AttributeMapping{
		Email: cognito.ProviderAttribute_AMAZON_EMAIL(),
		Website: cognito.ProviderAttribute_Other(jsii.String("url")),
		 // use other() when an attribute is not pre-defined in the CDK
		Custom: map[string]providerAttribute{
			// custom user pool attributes go here
			"uniqueId": cognito.*providerAttribute_AMAZON_USER_ID(),
		},
	},
})

type AuthFlow 

type AuthFlow struct {
	// Enable admin based user password authentication flow.
	// Default: false.
	//
	AdminUserPassword *bool `field:"optional" json:"adminUserPassword" yaml:"adminUserPassword"`
	// Enable custom authentication flow.
	// Default: false.
	//
	Custom *bool `field:"optional" json:"custom" yaml:"custom"`
	// Enable auth using username & password.
	// Default: false.
	//
	UserPassword *bool `field:"optional" json:"userPassword" yaml:"userPassword"`
	// Enable SRP based authentication.
	// Default: false.
	//
	UserSrp *bool `field:"optional" json:"userSrp" yaml:"userSrp"`
}

Types of authentication flow.

Example: 

pool := cognito.NewUserPool(this, jsii.String("pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	AuthFlows: &AuthFlow{
		UserPassword: jsii.Boolean(true),
		UserSrp: jsii.Boolean(true),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html

type AutoVerifiedAttrs 

type AutoVerifiedAttrs struct {
	// Whether the email address of the user should be auto verified at sign up.
	//
	// Note: If both `email` and `phone` is set, Cognito only verifies the phone number. To also verify email, see here -
	// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html
	// Default: - true, if email is turned on for `signIn`. false, otherwise.
	//
	Email *bool `field:"optional" json:"email" yaml:"email"`
	// Whether the phone number of the user should be auto verified at sign up.
	// Default: - true, if phone is turned on for `signIn`. false, otherwise.
	//
	Phone *bool `field:"optional" json:"phone" yaml:"phone"`
}

Attributes that can be automatically verified for users in a user pool.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
		Email: jsii.Boolean(true),
	},
	AutoVerify: &AutoVerifiedAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
})

type BaseUrlOptions added in v2.24.0 

type BaseUrlOptions struct {
	// Whether to return the FIPS-compliant endpoint.
	// Default: return the standard URL.
	//
	Fips *bool `field:"optional" json:"fips" yaml:"fips"`
}

Options to customize the behaviour of `baseUrl()`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

baseUrlOptions := &BaseUrlOptions{
	Fips: jsii.Boolean(false),
}

type BooleanAttribute 

type BooleanAttribute interface {
	ICustomAttribute
	// Bind this custom attribute type to the values as expected by CloudFormation.
	Bind() *CustomAttributeConfig
}

The Boolean custom attribute type.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

func NewBooleanAttribute 

func NewBooleanAttribute(props *CustomAttributeProps) BooleanAttribute

type CfnIdentityPool 

type CfnIdentityPool interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Enables the Basic (Classic) authentication flow.
	AllowClassicFlow() interface{}
	SetAllowClassicFlow(val interface{})
	// Specifies whether the identity pool supports unauthenticated logins.
	AllowUnauthenticatedIdentities() interface{}
	SetAllowUnauthenticatedIdentities(val interface{})
	AttrId() *string
	// The name of the Amazon Cognito identity pool, returned as a string.
	AttrName() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The events to configure.
	CognitoEvents() interface{}
	SetCognitoEvents(val interface{})
	// The Amazon Cognito user pools and their client IDs.
	CognitoIdentityProviders() interface{}
	SetCognitoIdentityProviders(val interface{})
	// Configuration options for configuring Amazon Cognito streams.
	CognitoStreams() interface{}
	SetCognitoStreams(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The "domain" Amazon Cognito uses when referencing your users.
	DeveloperProviderName() *string
	SetDeveloperProviderName(val *string)
	// The name of your Amazon Cognito identity pool.
	IdentityPoolName() *string
	SetIdentityPoolName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The Amazon Resource Names (ARNs) of the OpenID connect providers.
	OpenIdConnectProviderArns() *[]*string
	SetOpenIdConnectProviderArns(val *[]*string)
	// The configuration options to be applied to the identity pool.
	PushSync() interface{}
	SetPushSync(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
	SamlProviderArns() *[]*string
	SetSamlProviderArns(val *[]*string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Key-value pairs that map provider names to provider app IDs.
	SupportedLoginProviders() interface{}
	SetSupportedLoginProviders(val interface{})
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::IdentityPool` resource creates an Amazon Cognito identity pool.

To avoid deleting the resource accidentally from AWS CloudFormation , use [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) and the [UpdateReplacePolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) to retain the resource on deletion or replacement.

Example: 

import cognito "github.com/aws/aws-cdk-go/awscdk"

var myProvider openIdConnectProvider

cognito.NewCfnIdentityPool(this, jsii.String("IdentityPool"), &CfnIdentityPoolProps{
	OpenIdConnectProviderArns: []*string{
		myProvider.OpenIdConnectProviderArn,
	},
	// And the other properties for your identity pool
	AllowUnauthenticatedIdentities: jsii.Boolean(false),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html

func NewCfnIdentityPool 

func NewCfnIdentityPool(scope constructs.Construct, id *string, props *CfnIdentityPoolProps) CfnIdentityPool

type CfnIdentityPoolPrincipalTag added in v2.82.0 

type CfnIdentityPoolPrincipalTag interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The identity pool that you want to associate with this principal tag map.
	IdentityPoolId() *string
	SetIdentityPoolId(val *string)
	// The identity pool identity provider (IdP) that you want to associate with this principal tag map.
	IdentityProviderName() *string
	SetIdentityProviderName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// A JSON-formatted list of user claims and the principal tags that you want to associate with them.
	PrincipalTags() interface{}
	SetPrincipalTags(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Use a default set of mappings between claims and tags for this provider, instead of a custom map.
	UseDefaults() interface{}
	SetUseDefaults(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

A list of the identity pool principal tag assignments for attributes for access control.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var principalTags interface{}

cfnIdentityPoolPrincipalTag := awscdk.Aws_cognito.NewCfnIdentityPoolPrincipalTag(this, jsii.String("MyCfnIdentityPoolPrincipalTag"), &CfnIdentityPoolPrincipalTagProps{
	IdentityPoolId: jsii.String("identityPoolId"),
	IdentityProviderName: jsii.String("identityProviderName"),

	// the properties below are optional
	PrincipalTags: principalTags,
	UseDefaults: jsii.Boolean(false),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html

func NewCfnIdentityPoolPrincipalTag added in v2.82.0 

func NewCfnIdentityPoolPrincipalTag(scope constructs.Construct, id *string, props *CfnIdentityPoolPrincipalTagProps) CfnIdentityPoolPrincipalTag

type CfnIdentityPoolPrincipalTagProps added in v2.82.0 

type CfnIdentityPoolPrincipalTagProps struct {
	// The identity pool that you want to associate with this principal tag map.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-identitypoolid
	//
	IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"`
	// The identity pool identity provider (IdP) that you want to associate with this principal tag map.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-identityprovidername
	//
	IdentityProviderName *string `field:"required" json:"identityProviderName" yaml:"identityProviderName"`
	// A JSON-formatted list of user claims and the principal tags that you want to associate with them.
	//
	// When Amazon Cognito requests credentials, it sets the value of the principal tag to the value of the user's claim.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-principaltags
	//
	PrincipalTags interface{} `field:"optional" json:"principalTags" yaml:"principalTags"`
	// Use a default set of mappings between claims and tags for this provider, instead of a custom map.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-usedefaults
	//
	UseDefaults interface{} `field:"optional" json:"useDefaults" yaml:"useDefaults"`
}

Properties for defining a `CfnIdentityPoolPrincipalTag`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var principalTags interface{}

cfnIdentityPoolPrincipalTagProps := &CfnIdentityPoolPrincipalTagProps{
	IdentityPoolId: jsii.String("identityPoolId"),
	IdentityProviderName: jsii.String("identityProviderName"),

	// the properties below are optional
	PrincipalTags: principalTags,
	UseDefaults: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html

type CfnIdentityPoolProps 

type CfnIdentityPoolProps struct {
	// Specifies whether the identity pool supports unauthenticated logins.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-allowunauthenticatedidentities
	//
	AllowUnauthenticatedIdentities interface{} `field:"required" json:"allowUnauthenticatedIdentities" yaml:"allowUnauthenticatedIdentities"`
	// Enables the Basic (Classic) authentication flow.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-allowclassicflow
	//
	AllowClassicFlow interface{} `field:"optional" json:"allowClassicFlow" yaml:"allowClassicFlow"`
	// The events to configure.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitoevents
	//
	CognitoEvents interface{} `field:"optional" json:"cognitoEvents" yaml:"cognitoEvents"`
	// The Amazon Cognito user pools and their client IDs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitoidentityproviders
	//
	CognitoIdentityProviders interface{} `field:"optional" json:"cognitoIdentityProviders" yaml:"cognitoIdentityProviders"`
	// Configuration options for configuring Amazon Cognito streams.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitostreams
	//
	CognitoStreams interface{} `field:"optional" json:"cognitoStreams" yaml:"cognitoStreams"`
	// The "domain" Amazon Cognito uses when referencing your users.
	//
	// This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the `DeveloperProviderName` , you can use letters and periods (.), underscores (_), and dashes (-).
	//
	// *Minimum length* : 1
	//
	// *Maximum length* : 100.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-developerprovidername
	//
	DeveloperProviderName *string `field:"optional" json:"developerProviderName" yaml:"developerProviderName"`
	// The name of your Amazon Cognito identity pool.
	//
	// *Minimum length* : 1
	//
	// *Maximum length* : 128
	//
	// *Pattern* : `[\w\s+=,.@-]+`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-identitypoolname
	//
	IdentityPoolName *string `field:"optional" json:"identityPoolName" yaml:"identityPoolName"`
	// The Amazon Resource Names (ARNs) of the OpenID connect providers.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-openidconnectproviderarns
	//
	OpenIdConnectProviderArns *[]*string `field:"optional" json:"openIdConnectProviderArns" yaml:"openIdConnectProviderArns"`
	// The configuration options to be applied to the identity pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-pushsync
	//
	PushSync interface{} `field:"optional" json:"pushSync" yaml:"pushSync"`
	// The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-samlproviderarns
	//
	SamlProviderArns *[]*string `field:"optional" json:"samlProviderArns" yaml:"samlProviderArns"`
	// Key-value pairs that map provider names to provider app IDs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-supportedloginproviders
	//
	SupportedLoginProviders interface{} `field:"optional" json:"supportedLoginProviders" yaml:"supportedLoginProviders"`
}

Properties for defining a `CfnIdentityPool`.

Example: 

import cognito "github.com/aws/aws-cdk-go/awscdk"

var myProvider openIdConnectProvider

cognito.NewCfnIdentityPool(this, jsii.String("IdentityPool"), &CfnIdentityPoolProps{
	OpenIdConnectProviderArns: []*string{
		myProvider.OpenIdConnectProviderArn,
	},
	// And the other properties for your identity pool
	AllowUnauthenticatedIdentities: jsii.Boolean(false),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html

type CfnIdentityPoolRoleAttachment 

type CfnIdentityPoolRoleAttachment interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The resource ID.
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// An identity pool ID in the format `REGION:GUID` .
	IdentityPoolId() *string
	SetIdentityPoolId(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// How users for a specific identity provider are mapped to roles.
	RoleMappings() interface{}
	SetRoleMappings(val interface{})
	// The map of the roles associated with this pool.
	Roles() interface{}
	SetRoles(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::IdentityPoolRoleAttachment` resource manages the role configuration for an Amazon Cognito identity pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var roles interface{}

cfnIdentityPoolRoleAttachment := awscdk.Aws_cognito.NewCfnIdentityPoolRoleAttachment(this, jsii.String("MyCfnIdentityPoolRoleAttachment"), &CfnIdentityPoolRoleAttachmentProps{
	IdentityPoolId: jsii.String("identityPoolId"),

	// the properties below are optional
	RoleMappings: map[string]interface{}{
		"roleMappingsKey": &RoleMappingProperty{
			"type": jsii.String("type"),

			// the properties below are optional
			"ambiguousRoleResolution": jsii.String("ambiguousRoleResolution"),
			"identityProvider": jsii.String("identityProvider"),
			"rulesConfiguration": &RulesConfigurationTypeProperty{
				"rules": []interface{}{
					&MappingRuleProperty{
						"claim": jsii.String("claim"),
						"matchType": jsii.String("matchType"),
						"roleArn": jsii.String("roleArn"),
						"value": jsii.String("value"),
					},
				},
			},
		},
	},
	Roles: roles,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

func NewCfnIdentityPoolRoleAttachment 

func NewCfnIdentityPoolRoleAttachment(scope constructs.Construct, id *string, props *CfnIdentityPoolRoleAttachmentProps) CfnIdentityPoolRoleAttachment

type CfnIdentityPoolRoleAttachmentProps 

type CfnIdentityPoolRoleAttachmentProps struct {
	// An identity pool ID in the format `REGION:GUID` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-identitypoolid
	//
	IdentityPoolId *string `field:"required" json:"identityPoolId" yaml:"identityPoolId"`
	// How users for a specific identity provider are mapped to roles.
	//
	// This is a string to the `RoleMapping` object map. The string identifies the identity provider. For example: `graph.facebook.com` or `cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id` .
	//
	// If the `IdentityProvider` field isn't provided in this object, the string is used as the identity provider name.
	//
	// For more information, see the [RoleMapping property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-rolemappings
	//
	RoleMappings interface{} `field:"optional" json:"roleMappings" yaml:"roleMappings"`
	// The map of the roles associated with this pool.
	//
	// For a given role, the key is either "authenticated" or "unauthenticated". The value is the role ARN.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-roles
	//
	Roles interface{} `field:"optional" json:"roles" yaml:"roles"`
}

Properties for defining a `CfnIdentityPoolRoleAttachment`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var roles interface{}

cfnIdentityPoolRoleAttachmentProps := &CfnIdentityPoolRoleAttachmentProps{
	IdentityPoolId: jsii.String("identityPoolId"),

	// the properties below are optional
	RoleMappings: map[string]interface{}{
		"roleMappingsKey": &RoleMappingProperty{
			"type": jsii.String("type"),

			// the properties below are optional
			"ambiguousRoleResolution": jsii.String("ambiguousRoleResolution"),
			"identityProvider": jsii.String("identityProvider"),
			"rulesConfiguration": &RulesConfigurationTypeProperty{
				"rules": []interface{}{
					&MappingRuleProperty{
						"claim": jsii.String("claim"),
						"matchType": jsii.String("matchType"),
						"roleArn": jsii.String("roleArn"),
						"value": jsii.String("value"),
					},
				},
			},
		},
	},
	Roles: roles,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html

type CfnIdentityPoolRoleAttachment_MappingRuleProperty 

type CfnIdentityPoolRoleAttachment_MappingRuleProperty struct {
	// The claim name that must be present in the token.
	//
	// For example: "isAdmin" or "paid".
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-claim
	//
	Claim *string `field:"required" json:"claim" yaml:"claim"`
	// The match condition that specifies how closely the claim value in the IdP token must match `Value` .
	//
	// Valid values are: `Equals` , `Contains` , `StartsWith` , and `NotEqual` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-matchtype
	//
	MatchType *string `field:"required" json:"matchType" yaml:"matchType"`
	// The Amazon Resource Name (ARN) of the role.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-rolearn
	//
	RoleArn *string `field:"required" json:"roleArn" yaml:"roleArn"`
	// A brief string that the claim must match.
	//
	// For example, "paid" or "yes".
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-value
	//
	Value *string `field:"required" json:"value" yaml:"value"`
}

Defines how to map a claim to a role ARN.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

mappingRuleProperty := &MappingRuleProperty{
	Claim: jsii.String("claim"),
	MatchType: jsii.String("matchType"),
	RoleArn: jsii.String("roleArn"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html

type CfnIdentityPoolRoleAttachment_RoleMappingProperty 

type CfnIdentityPoolRoleAttachment_RoleMappingProperty struct {
	// The role mapping type.
	//
	// Token will use `cognito:roles` and `cognito:preferred_role` claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-type
	//
	Type *string `field:"required" json:"type" yaml:"type"`
	// If you specify Token or Rules as the `Type` , `AmbiguousRoleResolution` is required.
	//
	// Specifies the action to be taken if either no rules match the claim value for the `Rules` type, or there is no `cognito:preferred_role` claim and there are multiple `cognito:roles` matches for the `Token` type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-ambiguousroleresolution
	//
	AmbiguousRoleResolution *string `field:"optional" json:"ambiguousRoleResolution" yaml:"ambiguousRoleResolution"`
	// Identifier for the identity provider for which the role is mapped.
	//
	// For example: `graph.facebook.com` or `cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)` . This is the identity provider that is used by the user for authentication.
	//
	// If the identity provider property isn't provided, the key of the entry in the `RoleMappings` map is used as the identity provider.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-identityprovider
	//
	IdentityProvider *string `field:"optional" json:"identityProvider" yaml:"identityProvider"`
	// The rules to be used for mapping users to roles.
	//
	// If you specify "Rules" as the role-mapping type, RulesConfiguration is required.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-rulesconfiguration
	//
	RulesConfiguration interface{} `field:"optional" json:"rulesConfiguration" yaml:"rulesConfiguration"`
}

One of a set of `RoleMappings` , a property of the [AWS::Cognito::IdentityPoolRoleAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html) resource that defines the role-mapping attributes of an Amazon Cognito identity pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

roleMappingProperty := &RoleMappingProperty{
	Type: jsii.String("type"),

	// the properties below are optional
	AmbiguousRoleResolution: jsii.String("ambiguousRoleResolution"),
	IdentityProvider: jsii.String("identityProvider"),
	RulesConfiguration: &RulesConfigurationTypeProperty{
		Rules: []interface{}{
			&MappingRuleProperty{
				Claim: jsii.String("claim"),
				MatchType: jsii.String("matchType"),
				RoleArn: jsii.String("roleArn"),
				Value: jsii.String("value"),
			},
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html

type CfnIdentityPoolRoleAttachment_RulesConfigurationTypeProperty 

type CfnIdentityPoolRoleAttachment_RulesConfigurationTypeProperty struct {
	// The rules.
	//
	// You can specify up to 25 rules per identity provider.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html#cfn-cognito-identitypoolroleattachment-rulesconfigurationtype-rules
	//
	Rules interface{} `field:"required" json:"rules" yaml:"rules"`
}

`RulesConfigurationType` is a subproperty of the [RoleMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html) property that defines the rules to be used for mapping users to roles.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

rulesConfigurationTypeProperty := &RulesConfigurationTypeProperty{
	Rules: []interface{}{
		&MappingRuleProperty{
			Claim: jsii.String("claim"),
			MatchType: jsii.String("matchType"),
			RoleArn: jsii.String("roleArn"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html

type CfnIdentityPool_CognitoIdentityProviderProperty 

type CfnIdentityPool_CognitoIdentityProviderProperty struct {
	// The client ID for the Amazon Cognito user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The provider name for an Amazon Cognito user pool.
	//
	// For example: `cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-providername
	//
	ProviderName *string `field:"required" json:"providerName" yaml:"providerName"`
	// TRUE if server-side token validation is enabled for the identity provider’s token.
	//
	// After you set the `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user.
	//
	// If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-serversidetokencheck
	//
	ServerSideTokenCheck interface{} `field:"optional" json:"serverSideTokenCheck" yaml:"serverSideTokenCheck"`
}

`CognitoIdentityProvider` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that represents an Amazon Cognito user pool and its client ID.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cognitoIdentityProviderProperty := &CognitoIdentityProviderProperty{
	ClientId: jsii.String("clientId"),
	ProviderName: jsii.String("providerName"),

	// the properties below are optional
	ServerSideTokenCheck: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html

type CfnIdentityPool_CognitoStreamsProperty 

type CfnIdentityPool_CognitoStreamsProperty struct {
	// The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream.
	//
	// This role must grant access to Amazon Cognito (cognito-sync) to invoke `PutRecord` on your Amazon Cognito stream.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
	// Status of the Amazon Cognito streams.
	//
	// Valid values are: `ENABLED` or `DISABLED` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-streamingstatus
	//
	StreamingStatus *string `field:"optional" json:"streamingStatus" yaml:"streamingStatus"`
	// The name of the Amazon Cognito stream to receive updates.
	//
	// This stream must be in the developer's account and in the same Region as the identity pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-streamname
	//
	StreamName *string `field:"optional" json:"streamName" yaml:"streamName"`
}

`CognitoStreams` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines configuration options for Amazon Cognito streams.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cognitoStreamsProperty := &CognitoStreamsProperty{
	RoleArn: jsii.String("roleArn"),
	StreamingStatus: jsii.String("streamingStatus"),
	StreamName: jsii.String("streamName"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html

type CfnIdentityPool_PushSyncProperty 

type CfnIdentityPool_PushSyncProperty struct {
	// The ARNs of the Amazon SNS platform applications that could be used by clients.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html#cfn-cognito-identitypool-pushsync-applicationarns
	//
	ApplicationArns *[]*string `field:"optional" json:"applicationArns" yaml:"applicationArns"`
	// An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html#cfn-cognito-identitypool-pushsync-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
}

`PushSync` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines the configuration options to be applied to an Amazon Cognito identity pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

pushSyncProperty := &PushSyncProperty{
	ApplicationArns: []*string{
		jsii.String("applicationArns"),
	},
	RoleArn: jsii.String("roleArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html

type CfnLogDeliveryConfiguration added in v2.101.0 

type CfnLogDeliveryConfiguration interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// A user pool ID, for example `us-east-1_EXAMPLE` .
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The detailed activity logging destination of a user pool.
	LogConfigurations() interface{}
	SetLogConfigurations(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The ID of the user pool where you configured detailed activity logging.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The logging parameters of a user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLogDeliveryConfiguration := awscdk.Aws_cognito.NewCfnLogDeliveryConfiguration(this, jsii.String("MyCfnLogDeliveryConfiguration"), &CfnLogDeliveryConfigurationProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	LogConfigurations: []interface{}{
		&LogConfigurationProperty{
			CloudWatchLogsConfiguration: &CloudWatchLogsConfigurationProperty{
				LogGroupArn: jsii.String("logGroupArn"),
			},
			EventSource: jsii.String("eventSource"),
			LogLevel: jsii.String("logLevel"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-logdeliveryconfiguration.html

func NewCfnLogDeliveryConfiguration added in v2.101.0 

func NewCfnLogDeliveryConfiguration(scope constructs.Construct, id *string, props *CfnLogDeliveryConfigurationProps) CfnLogDeliveryConfiguration

type CfnLogDeliveryConfigurationProps added in v2.101.0 

type CfnLogDeliveryConfigurationProps struct {
	// The ID of the user pool where you configured detailed activity logging.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-logdeliveryconfiguration.html#cfn-cognito-logdeliveryconfiguration-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// The detailed activity logging destination of a user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-logdeliveryconfiguration.html#cfn-cognito-logdeliveryconfiguration-logconfigurations
	//
	LogConfigurations interface{} `field:"optional" json:"logConfigurations" yaml:"logConfigurations"`
}

Properties for defining a `CfnLogDeliveryConfiguration`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLogDeliveryConfigurationProps := &CfnLogDeliveryConfigurationProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	LogConfigurations: []interface{}{
		&LogConfigurationProperty{
			CloudWatchLogsConfiguration: &CloudWatchLogsConfigurationProperty{
				LogGroupArn: jsii.String("logGroupArn"),
			},
			EventSource: jsii.String("eventSource"),
			LogLevel: jsii.String("logLevel"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-logdeliveryconfiguration.html

type CfnLogDeliveryConfiguration_CloudWatchLogsConfigurationProperty added in v2.101.0 

type CfnLogDeliveryConfiguration_CloudWatchLogsConfigurationProperty struct {
	// The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user pool sends logs.
	//
	// The log group must not be encrypted with AWS Key Management Service and must be in the same AWS account as your user pool.
	//
	// To send logs to log groups with a resource policy of a size greater than 5120 characters, configure a log group with a path that starts with `/aws/vendedlogs` . For more information, see [Enabling logging from certain AWS services](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-cloudwatchlogsconfiguration.html#cfn-cognito-logdeliveryconfiguration-cloudwatchlogsconfiguration-loggrouparn
	//
	LogGroupArn *string `field:"optional" json:"logGroupArn" yaml:"logGroupArn"`
}

The CloudWatch logging destination of a user pool detailed activity logging configuration.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cloudWatchLogsConfigurationProperty := &CloudWatchLogsConfigurationProperty{
	LogGroupArn: jsii.String("logGroupArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-cloudwatchlogsconfiguration.html

type CfnLogDeliveryConfiguration_LogConfigurationProperty added in v2.101.0 

type CfnLogDeliveryConfiguration_LogConfigurationProperty struct {
	// The CloudWatch logging destination of a user pool detailed activity logging configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-logconfiguration.html#cfn-cognito-logdeliveryconfiguration-logconfiguration-cloudwatchlogsconfiguration
	//
	CloudWatchLogsConfiguration interface{} `field:"optional" json:"cloudWatchLogsConfiguration" yaml:"cloudWatchLogsConfiguration"`
	// The source of events that your user pool sends for detailed activity logging.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-logconfiguration.html#cfn-cognito-logdeliveryconfiguration-logconfiguration-eventsource
	//
	EventSource *string `field:"optional" json:"eventSource" yaml:"eventSource"`
	// The `errorlevel` selection of logs that a user pool sends for detailed activity logging.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-logconfiguration.html#cfn-cognito-logdeliveryconfiguration-logconfiguration-loglevel
	//
	LogLevel *string `field:"optional" json:"logLevel" yaml:"logLevel"`
}

The logging parameters of a user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

logConfigurationProperty := &LogConfigurationProperty{
	CloudWatchLogsConfiguration: &CloudWatchLogsConfigurationProperty{
		LogGroupArn: jsii.String("logGroupArn"),
	},
	EventSource: jsii.String("eventSource"),
	LogLevel: jsii.String("logLevel"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-logdeliveryconfiguration-logconfiguration.html

type CfnUserPool 

type CfnUserPool interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` .
	AccountRecoverySetting() interface{}
	SetAccountRecoverySetting(val interface{})
	// The configuration for creating a new user profile.
	AdminCreateUserConfig() interface{}
	SetAdminCreateUserConfig(val interface{})
	// Attributes supported as an alias for this user pool.
	//
	// Possible values: *phone_number* , *email* , or *preferred_username* .
	AliasAttributes() *[]*string
	SetAliasAttributes(val *[]*string)
	// The Amazon Resource Name (ARN) of the user pool, such as `arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341` .
	AttrArn() *string
	// The provider name of the Amazon Cognito user pool, specified as a `String` .
	AttrProviderName() *string
	// The URL of the provider of the Amazon Cognito user pool, specified as a `String` .
	AttrProviderUrl() *string
	// The ID of the user pool.
	AttrUserPoolId() *string
	// The attributes to be auto-verified.
	AutoVerifiedAttributes() *[]*string
	SetAutoVerifiedAttributes(val *[]*string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// When active, `DeletionProtection` prevents accidental deletion of your user pool.
	DeletionProtection() *string
	SetDeletionProtection(val *string)
	// The device-remembering configuration for a user pool.
	DeviceConfiguration() interface{}
	SetDeviceConfiguration(val interface{})
	// The email configuration of your user pool.
	EmailConfiguration() interface{}
	SetEmailConfiguration(val interface{})
	// This parameter is no longer used.
	EmailVerificationMessage() *string
	SetEmailVerificationMessage(val *string)
	// This parameter is no longer used.
	EmailVerificationSubject() *string
	SetEmailVerificationSubject(val *string)
	// Enables MFA on a specified user pool.
	EnabledMfas() *[]*string
	SetEnabledMfas(val *[]*string)
	// The Lambda trigger configuration information for the new user pool.
	LambdaConfig() interface{}
	SetLambdaConfig(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The multi-factor authentication (MFA) configuration.
	//
	// Valid values include:.
	MfaConfiguration() *string
	SetMfaConfiguration(val *string)
	// The tree node.
	Node() constructs.Node
	// The policy associated with a user pool.
	Policies() interface{}
	SetPolicies(val interface{})
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The schema attributes for the new user pool.
	//
	// These attributes can be standard or custom attributes.
	Schema() interface{}
	SetSchema(val interface{})
	// A string representing the SMS authentication message.
	SmsAuthenticationMessage() *string
	SetSmsAuthenticationMessage(val *string)
	// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
	SmsConfiguration() interface{}
	SetSmsConfiguration(val interface{})
	// This parameter is no longer used.
	SmsVerificationMessage() *string
	SetSmsVerificationMessage(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The settings for updates to user attributes.
	UserAttributeUpdateSettings() interface{}
	SetUserAttributeUpdateSettings(val interface{})
	// Determines whether email addresses or phone numbers can be specified as user names when a user signs up.
	UsernameAttributes() *[]*string
	SetUsernameAttributes(val *[]*string)
	// You can choose to set case sensitivity on the username input for the selected sign-in option.
	UsernameConfiguration() interface{}
	SetUsernameConfiguration(val interface{})
	// User pool add-ons.
	UserPoolAddOns() interface{}
	SetUserPoolAddOns(val interface{})
	// A string used to name the user pool.
	UserPoolName() *string
	SetUserPoolName(val *string)
	// The tag keys and values to assign to the user pool.
	UserPoolTagsRaw() interface{}
	SetUserPoolTagsRaw(val interface{})
	// The template for the verification message that the user sees when the app requests permission to access the user's information.
	VerificationMessageTemplate() interface{}
	SetVerificationMessageTemplate(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool.

For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) .

> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var userPoolTags interface{}

cfnUserPool := awscdk.Aws_cognito.NewCfnUserPool(this, jsii.String("MyCfnUserPool"), &CfnUserPoolProps{
	AccountRecoverySetting: &AccountRecoverySettingProperty{
		RecoveryMechanisms: []interface{}{
			&RecoveryOptionProperty{
				Name: jsii.String("name"),
				Priority: jsii.Number(123),
			},
		},
	},
	AdminCreateUserConfig: &AdminCreateUserConfigProperty{
		AllowAdminCreateUserOnly: jsii.Boolean(false),
		InviteMessageTemplate: &InviteMessageTemplateProperty{
			EmailMessage: jsii.String("emailMessage"),
			EmailSubject: jsii.String("emailSubject"),
			SmsMessage: jsii.String("smsMessage"),
		},
		UnusedAccountValidityDays: jsii.Number(123),
	},
	AliasAttributes: []*string{
		jsii.String("aliasAttributes"),
	},
	AutoVerifiedAttributes: []*string{
		jsii.String("autoVerifiedAttributes"),
	},
	DeletionProtection: jsii.String("deletionProtection"),
	DeviceConfiguration: &DeviceConfigurationProperty{
		ChallengeRequiredOnNewDevice: jsii.Boolean(false),
		DeviceOnlyRememberedOnUserPrompt: jsii.Boolean(false),
	},
	EmailConfiguration: &EmailConfigurationProperty{
		ConfigurationSet: jsii.String("configurationSet"),
		EmailSendingAccount: jsii.String("emailSendingAccount"),
		From: jsii.String("from"),
		ReplyToEmailAddress: jsii.String("replyToEmailAddress"),
		SourceArn: jsii.String("sourceArn"),
	},
	EmailVerificationMessage: jsii.String("emailVerificationMessage"),
	EmailVerificationSubject: jsii.String("emailVerificationSubject"),
	EnabledMfas: []*string{
		jsii.String("enabledMfas"),
	},
	LambdaConfig: &LambdaConfigProperty{
		CreateAuthChallenge: jsii.String("createAuthChallenge"),
		CustomEmailSender: &CustomEmailSenderProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		CustomMessage: jsii.String("customMessage"),
		CustomSmsSender: &CustomSMSSenderProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		DefineAuthChallenge: jsii.String("defineAuthChallenge"),
		KmsKeyId: jsii.String("kmsKeyId"),
		PostAuthentication: jsii.String("postAuthentication"),
		PostConfirmation: jsii.String("postConfirmation"),
		PreAuthentication: jsii.String("preAuthentication"),
		PreSignUp: jsii.String("preSignUp"),
		PreTokenGeneration: jsii.String("preTokenGeneration"),
		PreTokenGenerationConfig: &PreTokenGenerationConfigProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		UserMigration: jsii.String("userMigration"),
		VerifyAuthChallengeResponse: jsii.String("verifyAuthChallengeResponse"),
	},
	MfaConfiguration: jsii.String("mfaConfiguration"),
	Policies: &PoliciesProperty{
		PasswordPolicy: &PasswordPolicyProperty{
			MinimumLength: jsii.Number(123),
			RequireLowercase: jsii.Boolean(false),
			RequireNumbers: jsii.Boolean(false),
			RequireSymbols: jsii.Boolean(false),
			RequireUppercase: jsii.Boolean(false),
			TemporaryPasswordValidityDays: jsii.Number(123),
		},
	},
	Schema: []interface{}{
		&SchemaAttributeProperty{
			AttributeDataType: jsii.String("attributeDataType"),
			DeveloperOnlyAttribute: jsii.Boolean(false),
			Mutable: jsii.Boolean(false),
			Name: jsii.String("name"),
			NumberAttributeConstraints: &NumberAttributeConstraintsProperty{
				MaxValue: jsii.String("maxValue"),
				MinValue: jsii.String("minValue"),
			},
			Required: jsii.Boolean(false),
			StringAttributeConstraints: &StringAttributeConstraintsProperty{
				MaxLength: jsii.String("maxLength"),
				MinLength: jsii.String("minLength"),
			},
		},
	},
	SmsAuthenticationMessage: jsii.String("smsAuthenticationMessage"),
	SmsConfiguration: &SmsConfigurationProperty{
		ExternalId: jsii.String("externalId"),
		SnsCallerArn: jsii.String("snsCallerArn"),
		SnsRegion: jsii.String("snsRegion"),
	},
	SmsVerificationMessage: jsii.String("smsVerificationMessage"),
	UserAttributeUpdateSettings: &UserAttributeUpdateSettingsProperty{
		AttributesRequireVerificationBeforeUpdate: []*string{
			jsii.String("attributesRequireVerificationBeforeUpdate"),
		},
	},
	UsernameAttributes: []*string{
		jsii.String("usernameAttributes"),
	},
	UsernameConfiguration: &UsernameConfigurationProperty{
		CaseSensitive: jsii.Boolean(false),
	},
	UserPoolAddOns: &UserPoolAddOnsProperty{
		AdvancedSecurityMode: jsii.String("advancedSecurityMode"),
	},
	UserPoolName: jsii.String("userPoolName"),
	UserPoolTags: userPoolTags,
	VerificationMessageTemplate: &VerificationMessageTemplateProperty{
		DefaultEmailOption: jsii.String("defaultEmailOption"),
		EmailMessage: jsii.String("emailMessage"),
		EmailMessageByLink: jsii.String("emailMessageByLink"),
		EmailSubject: jsii.String("emailSubject"),
		EmailSubjectByLink: jsii.String("emailSubjectByLink"),
		SmsMessage: jsii.String("smsMessage"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html

func NewCfnUserPool 

func NewCfnUserPool(scope constructs.Construct, id *string, props *CfnUserPoolProps) CfnUserPool

type CfnUserPoolClient 

type CfnUserPoolClient interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The access token time limit.
	AccessTokenValidity() *float64
	SetAccessTokenValidity(val *float64)
	// The OAuth grant types that you want your app client to generate.
	AllowedOAuthFlows() *[]*string
	SetAllowedOAuthFlows(val *[]*string)
	// Set to `true` to use OAuth 2.0 features in your user pool app client.
	AllowedOAuthFlowsUserPoolClient() interface{}
	SetAllowedOAuthFlowsUserPoolClient(val interface{})
	// The allowed OAuth scopes.
	AllowedOAuthScopes() *[]*string
	SetAllowedOAuthScopes(val *[]*string)
	// The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.
	AnalyticsConfiguration() interface{}
	SetAnalyticsConfiguration(val interface{})
	// The ID of the app client, for example `1example23456789` .
	AttrClientId() *string
	AttrClientSecret() *string
	AttrName() *string
	// Amazon Cognito creates a session token for each API request in an authentication flow.
	AuthSessionValidity() *float64
	SetAuthSessionValidity(val *float64)
	// A list of allowed redirect (callback) URLs for the IdPs.
	CallbackUrLs() *[]*string
	SetCallbackUrLs(val *[]*string)
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The client name for the user pool client you would like to create.
	ClientName() *string
	SetClientName(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The default redirect URI.
	//
	// Must be in the `CallbackURLs` list.
	DefaultRedirectUri() *string
	SetDefaultRedirectUri(val *string)
	// Activates the propagation of additional user context data.
	EnablePropagateAdditionalUserContextData() interface{}
	SetEnablePropagateAdditionalUserContextData(val interface{})
	// Activates or deactivates token revocation.
	//
	// For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .
	EnableTokenRevocation() interface{}
	SetEnableTokenRevocation(val interface{})
	// The authentication flows that you want your user pool client to support.
	ExplicitAuthFlows() *[]*string
	SetExplicitAuthFlows(val *[]*string)
	// Boolean to specify whether you want to generate a secret for the user pool client being created.
	GenerateSecret() interface{}
	SetGenerateSecret(val interface{})
	// The ID token time limit.
	IdTokenValidity() *float64
	SetIdTokenValidity(val *float64)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// A list of allowed logout URLs for the IdPs.
	LogoutUrLs() *[]*string
	SetLogoutUrLs(val *[]*string)
	// The tree node.
	Node() constructs.Node
	// Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.
	PreventUserExistenceErrors() *string
	SetPreventUserExistenceErrors(val *string)
	// The list of user attributes that you want your app client to have read-only access to.
	ReadAttributes() *[]*string
	SetReadAttributes(val *[]*string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The refresh token time limit.
	RefreshTokenValidity() *float64
	SetRefreshTokenValidity(val *float64)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// A list of provider names for the identity providers (IdPs) that are supported on this client.
	SupportedIdentityProviders() *[]*string
	SetSupportedIdentityProviders(val *[]*string)
	// The units in which the validity times are represented.
	TokenValidityUnits() interface{}
	SetTokenValidityUnits(val interface{})
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID for the user pool where you want to create a user pool client.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// The list of user attributes that you want your app client to have write access to.
	WriteAttributes() *[]*string
	SetWriteAttributes(val *[]*string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolClient` resource specifies an Amazon Cognito user pool client.

> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Example: 

import "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc
var certificate certificate

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

userPool := awscdk.Aws_cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := awscdk.Aws_cognito.NewUserPoolClient(this, jsii.String("Client"), &UserPoolClientProps{
	UserPool: UserPool,

	// Required minimal configuration for use with an ELB
	GenerateSecret: jsii.Boolean(true),
	AuthFlows: &AuthFlow{
		UserPassword: jsii.Boolean(true),
	},
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			AuthorizationCodeGrant: jsii.Boolean(true),
		},
		Scopes: []oAuthScope{
			awscdk.*Aws_cognito.*oAuthScope_EMAIL(),
		},
		CallbackUrls: []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.LoadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.Node.defaultChild.(cfnUserPoolClient)
cfnClient.AddPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.AddPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := awscdk.Aws_cognito.NewUserPoolDomain(this, jsii.String("Domain"), &UserPoolDomainProps{
	UserPool: UserPool,
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("test-cdk-prefix"),
	},
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Certificates: []iListenerCertificate{
		certificate,
	},
	DefaultAction: actions.NewAuthenticateCognitoAction(&AuthenticateCognitoActionProps{
		UserPool: *UserPool,
		UserPoolClient: *UserPoolClient,
		UserPoolDomain: *UserPoolDomain,
		Next: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
			ContentType: jsii.String("text/plain"),
			MessageBody: jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{
	Value: lb.*LoadBalancerDnsName,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html

func NewCfnUserPoolClient 

func NewCfnUserPoolClient(scope constructs.Construct, id *string, props *CfnUserPoolClientProps) CfnUserPoolClient

type CfnUserPoolClientProps 

type CfnUserPoolClientProps struct {
	// The user pool ID for the user pool where you want to create a user pool client.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// The access token time limit.
	//
	// After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.
	//
	// For example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with their access token for 10 hours.
	//
	// The default time unit for `AccessTokenValidity` in an API request is hours.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-accesstokenvalidity
	//
	AccessTokenValidity *float64 `field:"optional" json:"accessTokenValidity" yaml:"accessTokenValidity"`
	// The OAuth grant types that you want your app client to generate.
	//
	// To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.
	//
	// - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.
	// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
	// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthflows
	//
	AllowedOAuthFlows *[]*string `field:"optional" json:"allowedOAuthFlows" yaml:"allowedOAuthFlows"`
	// Set to `true` to use OAuth 2.0 features in your user pool app client.
	//
	// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.
	//
	// - `CallBackURLs` : Callback URLs.
	// - `LogoutURLs` : Sign-out redirect URLs.
	// - `AllowedOAuthScopes` : OAuth 2.0 scopes.
	// - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.
	//
	// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthflowsuserpoolclient
	//
	AllowedOAuthFlowsUserPoolClient interface{} `field:"optional" json:"allowedOAuthFlowsUserPoolClient" yaml:"allowedOAuthFlowsUserPoolClient"`
	// The allowed OAuth scopes.
	//
	// Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
	//
	AllowedOAuthScopes *[]*string `field:"optional" json:"allowedOAuthScopes" yaml:"allowedOAuthScopes"`
	// The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.
	//
	// > In AWS Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in AWS Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-analyticsconfiguration
	//
	AnalyticsConfiguration interface{} `field:"optional" json:"analyticsConfiguration" yaml:"analyticsConfiguration"`
	// Amazon Cognito creates a session token for each API request in an authentication flow.
	//
	// `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity
	//
	AuthSessionValidity *float64 `field:"optional" json:"authSessionValidity" yaml:"authSessionValidity"`
	// A list of allowed redirect (callback) URLs for the IdPs.
	//
	// A redirect URI must:
	//
	// - Be an absolute URI.
	// - Be registered with the authorization server.
	// - Not include a fragment component.
	//
	// See [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .
	//
	// Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
	//
	// App callback URLs such as myapp://example are also supported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-callbackurls
	//
	CallbackUrLs *[]*string `field:"optional" json:"callbackUrLs" yaml:"callbackUrLs"`
	// The client name for the user pool client you would like to create.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-clientname
	//
	ClientName *string `field:"optional" json:"clientName" yaml:"clientName"`
	// The default redirect URI. Must be in the `CallbackURLs` list.
	//
	// A redirect URI must:
	//
	// - Be an absolute URI.
	// - Be registered with the authorization server.
	// - Not include a fragment component.
	//
	// See [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .
	//
	// Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
	//
	// App callback URLs such as myapp://example are also supported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-defaultredirecturi
	//
	DefaultRedirectUri *string `field:"optional" json:"defaultRedirectUri" yaml:"defaultRedirectUri"`
	// Activates the propagation of additional user context data.
	//
	// For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-enablepropagateadditionalusercontextdata
	//
	EnablePropagateAdditionalUserContextData interface{} `field:"optional" json:"enablePropagateAdditionalUserContextData" yaml:"enablePropagateAdditionalUserContextData"`
	// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .
	//
	// If you don't include this parameter, token revocation is automatically activated for the new user pool client.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-enabletokenrevocation
	//
	EnableTokenRevocation interface{} `field:"optional" json:"enableTokenRevocation" yaml:"enableTokenRevocation"`
	// The authentication flows that you want your user pool client to support.
	//
	// For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
	//
	// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` .
	//
	// Valid values include:
	//
	// - `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
	// - `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.
	// - `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
	// - `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.
	// - `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.
	//
	// In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,
	// like `ALLOW_USER_SRP_AUTH` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-explicitauthflows
	//
	ExplicitAuthFlows *[]*string `field:"optional" json:"explicitAuthFlows" yaml:"explicitAuthFlows"`
	// Boolean to specify whether you want to generate a secret for the user pool client being created.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-generatesecret
	//
	GenerateSecret interface{} `field:"optional" json:"generateSecret" yaml:"generateSecret"`
	// The ID token time limit.
	//
	// After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.
	//
	// For example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.
	//
	// The default time unit for `IdTokenValidity` in an API request is hours.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-idtokenvalidity
	//
	IdTokenValidity *float64 `field:"optional" json:"idTokenValidity" yaml:"idTokenValidity"`
	// A list of allowed logout URLs for the IdPs.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-logouturls
	//
	LogoutUrLs *[]*string `field:"optional" json:"logoutUrLs" yaml:"logoutUrLs"`
	// Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.
	//
	// When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-preventuserexistenceerrors
	//
	PreventUserExistenceErrors *string `field:"optional" json:"preventUserExistenceErrors" yaml:"preventUserExistenceErrors"`
	// The list of user attributes that you want your app client to have read-only access to.
	//
	// After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.
	//
	// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-readattributes
	//
	ReadAttributes *[]*string `field:"optional" json:"readAttributes" yaml:"readAttributes"`
	// The refresh token time limit.
	//
	// After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.
	//
	// For example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session and retrieve new access and ID tokens for 10 days.
	//
	// The default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-refreshtokenvalidity
	//
	RefreshTokenValidity *float64 `field:"optional" json:"refreshTokenValidity" yaml:"refreshTokenValidity"`
	// A list of provider names for the identity providers (IdPs) that are supported on this client.
	//
	// The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-supportedidentityproviders
	//
	SupportedIdentityProviders *[]*string `field:"optional" json:"supportedIdentityProviders" yaml:"supportedIdentityProviders"`
	// The units in which the validity times are represented.
	//
	// The default unit for RefreshToken is days, and default for ID and access tokens are hours.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-tokenvalidityunits
	//
	TokenValidityUnits interface{} `field:"optional" json:"tokenValidityUnits" yaml:"tokenValidityUnits"`
	// The list of user attributes that you want your app client to have write access to.
	//
	// After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.
	//
	// When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.
	//
	// If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-writeattributes
	//
	WriteAttributes *[]*string `field:"optional" json:"writeAttributes" yaml:"writeAttributes"`
}

Properties for defining a `CfnUserPoolClient`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolClientProps := &CfnUserPoolClientProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	AccessTokenValidity: jsii.Number(123),
	AllowedOAuthFlows: []*string{
		jsii.String("allowedOAuthFlows"),
	},
	AllowedOAuthFlowsUserPoolClient: jsii.Boolean(false),
	AllowedOAuthScopes: []*string{
		jsii.String("allowedOAuthScopes"),
	},
	AnalyticsConfiguration: &AnalyticsConfigurationProperty{
		ApplicationArn: jsii.String("applicationArn"),
		ApplicationId: jsii.String("applicationId"),
		ExternalId: jsii.String("externalId"),
		RoleArn: jsii.String("roleArn"),
		UserDataShared: jsii.Boolean(false),
	},
	AuthSessionValidity: jsii.Number(123),
	CallbackUrLs: []*string{
		jsii.String("callbackUrLs"),
	},
	ClientName: jsii.String("clientName"),
	DefaultRedirectUri: jsii.String("defaultRedirectUri"),
	EnablePropagateAdditionalUserContextData: jsii.Boolean(false),
	EnableTokenRevocation: jsii.Boolean(false),
	ExplicitAuthFlows: []*string{
		jsii.String("explicitAuthFlows"),
	},
	GenerateSecret: jsii.Boolean(false),
	IdTokenValidity: jsii.Number(123),
	LogoutUrLs: []*string{
		jsii.String("logoutUrLs"),
	},
	PreventUserExistenceErrors: jsii.String("preventUserExistenceErrors"),
	ReadAttributes: []*string{
		jsii.String("readAttributes"),
	},
	RefreshTokenValidity: jsii.Number(123),
	SupportedIdentityProviders: []*string{
		jsii.String("supportedIdentityProviders"),
	},
	TokenValidityUnits: &TokenValidityUnitsProperty{
		AccessToken: jsii.String("accessToken"),
		IdToken: jsii.String("idToken"),
		RefreshToken: jsii.String("refreshToken"),
	},
	WriteAttributes: []*string{
		jsii.String("writeAttributes"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html

type CfnUserPoolClient_AnalyticsConfigurationProperty 

type CfnUserPoolClient_AnalyticsConfigurationProperty struct {
	// The Amazon Resource Name (ARN) of an Amazon Pinpoint project.
	//
	// You can use the Amazon Pinpoint project for integration with the chosen user pool client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-applicationarn
	//
	ApplicationArn *string `field:"optional" json:"applicationArn" yaml:"applicationArn"`
	// The application ID for an Amazon Pinpoint application.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-applicationid
	//
	ApplicationId *string `field:"optional" json:"applicationId" yaml:"applicationId"`
	// The external ID.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-externalid
	//
	ExternalId *string `field:"optional" json:"externalId" yaml:"externalId"`
	// The ARN of an AWS Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
	// If `UserDataShared` is `true` , Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-userdatashared
	//
	UserDataShared interface{} `field:"optional" json:"userDataShared" yaml:"userDataShared"`
}

The Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool.

> In Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

analyticsConfigurationProperty := &AnalyticsConfigurationProperty{
	ApplicationArn: jsii.String("applicationArn"),
	ApplicationId: jsii.String("applicationId"),
	ExternalId: jsii.String("externalId"),
	RoleArn: jsii.String("roleArn"),
	UserDataShared: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html

type CfnUserPoolClient_TokenValidityUnitsProperty 

type CfnUserPoolClient_TokenValidityUnitsProperty struct {
	// A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `AccessTokenValidity` parameter.
	//
	// The default `AccessTokenValidity` time unit is hours. `AccessTokenValidity` duration can range from five minutes to one day.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-accesstoken
	//
	AccessToken *string `field:"optional" json:"accessToken" yaml:"accessToken"`
	// A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `IdTokenValidity` parameter.
	//
	// The default `IdTokenValidity` time unit is hours. `IdTokenValidity` duration can range from five minutes to one day.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-idtoken
	//
	IdToken *string `field:"optional" json:"idToken" yaml:"idToken"`
	// A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `RefreshTokenValidity` parameter.
	//
	// The default `RefreshTokenValidity` time unit is days. `RefreshTokenValidity` duration can range from 60 minutes to 10 years.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-refreshtoken
	//
	RefreshToken *string `field:"optional" json:"refreshToken" yaml:"refreshToken"`
}

The time units you use when you set the duration of ID, access, and refresh tokens.

The default unit for RefreshToken is days, and the default for ID and access tokens is hours.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

tokenValidityUnitsProperty := &TokenValidityUnitsProperty{
	AccessToken: jsii.String("accessToken"),
	IdToken: jsii.String("idToken"),
	RefreshToken: jsii.String("refreshToken"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html

type CfnUserPoolDomain 

type CfnUserPoolDomain interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider.
	AttrCloudFrontDistribution() *string
	// The resource ID.
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application.
	CustomDomainConfig() interface{}
	SetCustomDomainConfig(val interface{})
	// The domain name for the domain that hosts the sign-up and sign-in pages for your application.
	Domain() *string
	SetDomain(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID for the user pool where you want to associate a user pool domain.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The AWS::Cognito::UserPoolDomain resource creates a new domain for a user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolDomain := awscdk.Aws_cognito.NewCfnUserPoolDomain(this, jsii.String("MyCfnUserPoolDomain"), &CfnUserPoolDomainProps{
	Domain: jsii.String("domain"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	CustomDomainConfig: &CustomDomainConfigTypeProperty{
		CertificateArn: jsii.String("certificateArn"),
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html

func NewCfnUserPoolDomain 

func NewCfnUserPoolDomain(scope constructs.Construct, id *string, props *CfnUserPoolDomainProps) CfnUserPoolDomain

type CfnUserPoolDomainProps 

type CfnUserPoolDomainProps struct {
	// The domain name for the domain that hosts the sign-up and sign-in pages for your application.
	//
	// For example: `auth.example.com` . If you're using a prefix domain, this field denotes the first part of the domain before `.auth.[region].amazoncognito.com` .
	//
	// This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html#cfn-cognito-userpooldomain-domain
	//
	Domain *string `field:"required" json:"domain" yaml:"domain"`
	// The user pool ID for the user pool where you want to associate a user pool domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html#cfn-cognito-userpooldomain-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application.
	//
	// Use this object to specify an SSL certificate that is managed by ACM.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html#cfn-cognito-userpooldomain-customdomainconfig
	//
	CustomDomainConfig interface{} `field:"optional" json:"customDomainConfig" yaml:"customDomainConfig"`
}

Properties for defining a `CfnUserPoolDomain`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolDomainProps := &CfnUserPoolDomainProps{
	Domain: jsii.String("domain"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	CustomDomainConfig: &CustomDomainConfigTypeProperty{
		CertificateArn: jsii.String("certificateArn"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooldomain.html

type CfnUserPoolDomain_CustomDomainConfigTypeProperty 

type CfnUserPoolDomain_CustomDomainConfigTypeProperty struct {
	// The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate.
	//
	// You use this certificate for the subdomain of your custom domain.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpooldomain-customdomainconfigtype.html#cfn-cognito-userpooldomain-customdomainconfigtype-certificatearn
	//
	CertificateArn *string `field:"optional" json:"certificateArn" yaml:"certificateArn"`
}

The configuration for a custom domain that hosts the sign-up and sign-in webpages for your application.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customDomainConfigTypeProperty := &CustomDomainConfigTypeProperty{
	CertificateArn: jsii.String("certificateArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpooldomain-customdomainconfigtype.html

type CfnUserPoolGroup 

type CfnUserPoolGroup interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// A string containing the description of the group.
	Description() *string
	SetDescription(val *string)
	// The name of the group.
	GroupName() *string
	SetGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool.
	Precedence() *float64
	SetPrecedence(val *float64)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The role Amazon Resource Name (ARN) for the group.
	RoleArn() *string
	SetRoleArn(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID for the user pool.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

A user pool group that you can add a user to.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolGroup := awscdk.Aws_cognito.NewCfnUserPoolGroup(this, jsii.String("MyCfnUserPoolGroup"), &CfnUserPoolGroupProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Description: jsii.String("description"),
	GroupName: jsii.String("groupName"),
	Precedence: jsii.Number(123),
	RoleArn: jsii.String("roleArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html

func NewCfnUserPoolGroup 

func NewCfnUserPoolGroup(scope constructs.Construct, id *string, props *CfnUserPoolGroupProps) CfnUserPoolGroup

type CfnUserPoolGroupProps 

type CfnUserPoolGroupProps struct {
	// The user pool ID for the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// A string containing the description of the group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-description
	//
	Description *string `field:"optional" json:"description" yaml:"description"`
	// The name of the group.
	//
	// Must be unique.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-groupname
	//
	GroupName *string `field:"optional" json:"groupName" yaml:"groupName"`
	// A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool.
	//
	// Zero is the highest precedence value. Groups with lower `Precedence` values take precedence over groups with higher or null `Precedence` values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the `cognito:roles` and `cognito:preferred_role` claims.
	//
	// Two groups can have the same `Precedence` value. If this happens, neither group takes precedence over the other. If two groups with the same `Precedence` have the same role ARN, that role is used in the `cognito:preferred_role` claim in tokens for users in each group. If the two groups have different role ARNs, the `cognito:preferred_role` claim isn't set in users' tokens.
	//
	// The default `Precedence` value is null. The maximum `Precedence` value is `2^31-1` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-precedence
	//
	Precedence *float64 `field:"optional" json:"precedence" yaml:"precedence"`
	// The role Amazon Resource Name (ARN) for the group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html#cfn-cognito-userpoolgroup-rolearn
	//
	RoleArn *string `field:"optional" json:"roleArn" yaml:"roleArn"`
}

Properties for defining a `CfnUserPoolGroup`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolGroupProps := &CfnUserPoolGroupProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Description: jsii.String("description"),
	GroupName: jsii.String("groupName"),
	Precedence: jsii.Number(123),
	RoleArn: jsii.String("roleArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html

type CfnUserPoolIdentityProvider 

type CfnUserPoolIdentityProvider interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// A mapping of IdP attributes to standard and custom user pool attributes.
	AttributeMapping() interface{}
	SetAttributeMapping(val interface{})
	// The resource ID.
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// A list of IdP identifiers.
	IdpIdentifiers() *[]*string
	SetIdpIdentifiers(val *[]*string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The scopes, URLs, and identifiers for your external identity provider.
	ProviderDetails() interface{}
	SetProviderDetails(val interface{})
	// The IdP name.
	ProviderName() *string
	SetProviderName(val *string)
	// The IdP type.
	ProviderType() *string
	SetProviderType(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolIdentityProvider` resource creates an identity provider for a user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var attributeMapping interface{}
var providerDetails interface{}

cfnUserPoolIdentityProvider := awscdk.Aws_cognito.NewCfnUserPoolIdentityProvider(this, jsii.String("MyCfnUserPoolIdentityProvider"), &CfnUserPoolIdentityProviderProps{
	ProviderName: jsii.String("providerName"),
	ProviderType: jsii.String("providerType"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	AttributeMapping: attributeMapping,
	IdpIdentifiers: []*string{
		jsii.String("idpIdentifiers"),
	},
	ProviderDetails: providerDetails,
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html

func NewCfnUserPoolIdentityProvider 

func NewCfnUserPoolIdentityProvider(scope constructs.Construct, id *string, props *CfnUserPoolIdentityProviderProps) CfnUserPoolIdentityProvider

type CfnUserPoolIdentityProviderProps 

type CfnUserPoolIdentityProviderProps struct {
	// The IdP name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-providername
	//
	ProviderName *string `field:"required" json:"providerName" yaml:"providerName"`
	// The IdP type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-providertype
	//
	ProviderType *string `field:"required" json:"providerType" yaml:"providerType"`
	// The user pool ID.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// A mapping of IdP attributes to standard and custom user pool attributes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-attributemapping
	//
	AttributeMapping interface{} `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// A list of IdP identifiers.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-idpidentifiers
	//
	IdpIdentifiers *[]*string `field:"optional" json:"idpIdentifiers" yaml:"idpIdentifiers"`
	// The scopes, URLs, and identifiers for your external identity provider.
	//
	// The following
	// examples describe the provider detail keys for each IdP type. These values and their
	// schema are subject to change. Social IdP `authorize_scopes` values must match
	// the values listed here.
	//
	// - **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .
	//
	// Create or update request: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }`
	//
	// Describe response: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }`
	// - **SAML** - Create or update request with Metadata URL: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }`
	//
	// Create or update request with Metadata file: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }`
	//
	// The value of `MetadataFile` must be the plaintext metadata document with all quote (") characters escaped by backslashes.
	//
	// Describe response: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }`
	// - **LoginWithAmazon** - Create or update request: `"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"`
	//
	// Describe response: `"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }`
	// - **Google** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }`
	//
	// Describe response: `"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }`
	// - **SignInWithApple** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }`
	//
	// Describe response: `"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }`
	// - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }`
	//
	// Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-providerdetails
	//
	ProviderDetails interface{} `field:"optional" json:"providerDetails" yaml:"providerDetails"`
}

Properties for defining a `CfnUserPoolIdentityProvider`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var attributeMapping interface{}
var providerDetails interface{}

cfnUserPoolIdentityProviderProps := &CfnUserPoolIdentityProviderProps{
	ProviderName: jsii.String("providerName"),
	ProviderType: jsii.String("providerType"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	AttributeMapping: attributeMapping,
	IdpIdentifiers: []*string{
		jsii.String("idpIdentifiers"),
	},
	ProviderDetails: providerDetails,
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html

type CfnUserPoolProps 

type CfnUserPoolProps struct {
	// Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` .
	//
	// It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-accountrecoverysetting
	//
	AccountRecoverySetting interface{} `field:"optional" json:"accountRecoverySetting" yaml:"accountRecoverySetting"`
	// The configuration for creating a new user profile.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-admincreateuserconfig
	//
	AdminCreateUserConfig interface{} `field:"optional" json:"adminCreateUserConfig" yaml:"adminCreateUserConfig"`
	// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* .
	//
	// > This user pool property cannot be updated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-aliasattributes
	//
	AliasAttributes *[]*string `field:"optional" json:"aliasAttributes" yaml:"aliasAttributes"`
	// The attributes to be auto-verified.
	//
	// Possible values: *email* , *phone_number* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-autoverifiedattributes
	//
	AutoVerifiedAttributes *[]*string `field:"optional" json:"autoVerifiedAttributes" yaml:"autoVerifiedAttributes"`
	// When active, `DeletionProtection` prevents accidental deletion of your user pool.
	//
	// Before you can delete a user pool that you have protected against deletion, you
	// must deactivate this feature.
	//
	// When you try to delete a protected user pool in a `DeleteUserPool` API request, Amazon Cognito returns an `InvalidParameterException` error. To delete a protected user pool, send a new `DeleteUserPool` request after you deactivate deletion protection in an `UpdateUserPool` API request.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-deletionprotection
	//
	DeletionProtection *string `field:"optional" json:"deletionProtection" yaml:"deletionProtection"`
	// The device-remembering configuration for a user pool.
	//
	// A null value indicates that you have deactivated device remembering in your user pool.
	//
	// > When you provide a value for any `DeviceConfiguration` field, you activate the Amazon Cognito device-remembering feature.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-deviceconfiguration
	//
	DeviceConfiguration interface{} `field:"optional" json:"deviceConfiguration" yaml:"deviceConfiguration"`
	// The email configuration of your user pool.
	//
	// The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration
	//
	EmailConfiguration interface{} `field:"optional" json:"emailConfiguration" yaml:"emailConfiguration"`
	// This parameter is no longer used.
	//
	// See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailverificationmessage
	//
	EmailVerificationMessage *string `field:"optional" json:"emailVerificationMessage" yaml:"emailVerificationMessage"`
	// This parameter is no longer used.
	//
	// See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailverificationsubject
	//
	EmailVerificationSubject *string `field:"optional" json:"emailVerificationSubject" yaml:"emailVerificationSubject"`
	// Enables MFA on a specified user pool.
	//
	// To disable all MFAs after it has been enabled, set MfaConfiguration to “OFF” and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to “OFF”. Can be one of the following values:
	//
	// - `SMS_MFA` - Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided.
	// - `SOFTWARE_TOKEN_MFA` - Enables software token MFA for the user pool.
	//
	// Allowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-enabledmfas
	//
	EnabledMfas *[]*string `field:"optional" json:"enabledMfas" yaml:"enabledMfas"`
	// The Lambda trigger configuration information for the new user pool.
	//
	// > In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.
	// >
	// > For more information on using the Lambda API to add permission, see [AddPermission](https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html) .
	// >
	// > For adding permission using the AWS CLI , see [add-permission](https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-lambdaconfig
	//
	LambdaConfig interface{} `field:"optional" json:"lambdaConfig" yaml:"lambdaConfig"`
	// The multi-factor authentication (MFA) configuration. Valid values include:.
	//
	// - `OFF` MFA won't be used for any users.
	// - `ON` MFA is required for all users to sign in.
	// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-mfaconfiguration
	//
	MfaConfiguration *string `field:"optional" json:"mfaConfiguration" yaml:"mfaConfiguration"`
	// The policy associated with a user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-policies
	//
	Policies interface{} `field:"optional" json:"policies" yaml:"policies"`
	// The schema attributes for the new user pool. These attributes can be standard or custom attributes.
	//
	// > During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-schema
	//
	Schema interface{} `field:"optional" json:"schema" yaml:"schema"`
	// A string representing the SMS authentication message.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-smsauthenticationmessage
	//
	SmsAuthenticationMessage *string `field:"optional" json:"smsAuthenticationMessage" yaml:"smsAuthenticationMessage"`
	// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service.
	//
	// To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-smsconfiguration
	//
	SmsConfiguration interface{} `field:"optional" json:"smsConfiguration" yaml:"smsConfiguration"`
	// This parameter is no longer used.
	//
	// See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-smsverificationmessage
	//
	SmsVerificationMessage *string `field:"optional" json:"smsVerificationMessage" yaml:"smsVerificationMessage"`
	// The settings for updates to user attributes.
	//
	// These settings include the property `AttributesRequireVerificationBeforeUpdate` ,
	// a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For
	// more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userattributeupdatesettings
	//
	UserAttributeUpdateSettings interface{} `field:"optional" json:"userAttributeUpdateSettings" yaml:"userAttributeUpdateSettings"`
	// Determines whether email addresses or phone numbers can be specified as user names when a user signs up.
	//
	// Possible values: `phone_number` or `email` .
	//
	// This user pool property cannot be updated.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-usernameattributes
	//
	UsernameAttributes *[]*string `field:"optional" json:"usernameAttributes" yaml:"usernameAttributes"`
	// You can choose to set case sensitivity on the username input for the selected sign-in option.
	//
	// For example, when this is set to `False` , users will be able to sign in using either "username" or "Username". This configuration is immutable once it has been set.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-usernameconfiguration
	//
	UsernameConfiguration interface{} `field:"optional" json:"usernameConfiguration" yaml:"usernameConfiguration"`
	// User pool add-ons.
	//
	// Contains settings for activation of advanced security features. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .
	//
	// For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooladdons
	//
	UserPoolAddOns interface{} `field:"optional" json:"userPoolAddOns" yaml:"userPoolAddOns"`
	// A string used to name the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpoolname
	//
	UserPoolName *string `field:"optional" json:"userPoolName" yaml:"userPoolName"`
	// The tag keys and values to assign to the user pool.
	//
	// A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-userpooltags
	//
	UserPoolTags interface{} `field:"optional" json:"userPoolTags" yaml:"userPoolTags"`
	// The template for the verification message that the user sees when the app requests permission to access the user's information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-verificationmessagetemplate
	//
	VerificationMessageTemplate interface{} `field:"optional" json:"verificationMessageTemplate" yaml:"verificationMessageTemplate"`
}

Properties for defining a `CfnUserPool`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var userPoolTags interface{}

cfnUserPoolProps := &CfnUserPoolProps{
	AccountRecoverySetting: &AccountRecoverySettingProperty{
		RecoveryMechanisms: []interface{}{
			&RecoveryOptionProperty{
				Name: jsii.String("name"),
				Priority: jsii.Number(123),
			},
		},
	},
	AdminCreateUserConfig: &AdminCreateUserConfigProperty{
		AllowAdminCreateUserOnly: jsii.Boolean(false),
		InviteMessageTemplate: &InviteMessageTemplateProperty{
			EmailMessage: jsii.String("emailMessage"),
			EmailSubject: jsii.String("emailSubject"),
			SmsMessage: jsii.String("smsMessage"),
		},
		UnusedAccountValidityDays: jsii.Number(123),
	},
	AliasAttributes: []*string{
		jsii.String("aliasAttributes"),
	},
	AutoVerifiedAttributes: []*string{
		jsii.String("autoVerifiedAttributes"),
	},
	DeletionProtection: jsii.String("deletionProtection"),
	DeviceConfiguration: &DeviceConfigurationProperty{
		ChallengeRequiredOnNewDevice: jsii.Boolean(false),
		DeviceOnlyRememberedOnUserPrompt: jsii.Boolean(false),
	},
	EmailConfiguration: &EmailConfigurationProperty{
		ConfigurationSet: jsii.String("configurationSet"),
		EmailSendingAccount: jsii.String("emailSendingAccount"),
		From: jsii.String("from"),
		ReplyToEmailAddress: jsii.String("replyToEmailAddress"),
		SourceArn: jsii.String("sourceArn"),
	},
	EmailVerificationMessage: jsii.String("emailVerificationMessage"),
	EmailVerificationSubject: jsii.String("emailVerificationSubject"),
	EnabledMfas: []*string{
		jsii.String("enabledMfas"),
	},
	LambdaConfig: &LambdaConfigProperty{
		CreateAuthChallenge: jsii.String("createAuthChallenge"),
		CustomEmailSender: &CustomEmailSenderProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		CustomMessage: jsii.String("customMessage"),
		CustomSmsSender: &CustomSMSSenderProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		DefineAuthChallenge: jsii.String("defineAuthChallenge"),
		KmsKeyId: jsii.String("kmsKeyId"),
		PostAuthentication: jsii.String("postAuthentication"),
		PostConfirmation: jsii.String("postConfirmation"),
		PreAuthentication: jsii.String("preAuthentication"),
		PreSignUp: jsii.String("preSignUp"),
		PreTokenGeneration: jsii.String("preTokenGeneration"),
		PreTokenGenerationConfig: &PreTokenGenerationConfigProperty{
			LambdaArn: jsii.String("lambdaArn"),
			LambdaVersion: jsii.String("lambdaVersion"),
		},
		UserMigration: jsii.String("userMigration"),
		VerifyAuthChallengeResponse: jsii.String("verifyAuthChallengeResponse"),
	},
	MfaConfiguration: jsii.String("mfaConfiguration"),
	Policies: &PoliciesProperty{
		PasswordPolicy: &PasswordPolicyProperty{
			MinimumLength: jsii.Number(123),
			RequireLowercase: jsii.Boolean(false),
			RequireNumbers: jsii.Boolean(false),
			RequireSymbols: jsii.Boolean(false),
			RequireUppercase: jsii.Boolean(false),
			TemporaryPasswordValidityDays: jsii.Number(123),
		},
	},
	Schema: []interface{}{
		&SchemaAttributeProperty{
			AttributeDataType: jsii.String("attributeDataType"),
			DeveloperOnlyAttribute: jsii.Boolean(false),
			Mutable: jsii.Boolean(false),
			Name: jsii.String("name"),
			NumberAttributeConstraints: &NumberAttributeConstraintsProperty{
				MaxValue: jsii.String("maxValue"),
				MinValue: jsii.String("minValue"),
			},
			Required: jsii.Boolean(false),
			StringAttributeConstraints: &StringAttributeConstraintsProperty{
				MaxLength: jsii.String("maxLength"),
				MinLength: jsii.String("minLength"),
			},
		},
	},
	SmsAuthenticationMessage: jsii.String("smsAuthenticationMessage"),
	SmsConfiguration: &SmsConfigurationProperty{
		ExternalId: jsii.String("externalId"),
		SnsCallerArn: jsii.String("snsCallerArn"),
		SnsRegion: jsii.String("snsRegion"),
	},
	SmsVerificationMessage: jsii.String("smsVerificationMessage"),
	UserAttributeUpdateSettings: &UserAttributeUpdateSettingsProperty{
		AttributesRequireVerificationBeforeUpdate: []*string{
			jsii.String("attributesRequireVerificationBeforeUpdate"),
		},
	},
	UsernameAttributes: []*string{
		jsii.String("usernameAttributes"),
	},
	UsernameConfiguration: &UsernameConfigurationProperty{
		CaseSensitive: jsii.Boolean(false),
	},
	UserPoolAddOns: &UserPoolAddOnsProperty{
		AdvancedSecurityMode: jsii.String("advancedSecurityMode"),
	},
	UserPoolName: jsii.String("userPoolName"),
	UserPoolTags: userPoolTags,
	VerificationMessageTemplate: &VerificationMessageTemplateProperty{
		DefaultEmailOption: jsii.String("defaultEmailOption"),
		EmailMessage: jsii.String("emailMessage"),
		EmailMessageByLink: jsii.String("emailMessageByLink"),
		EmailSubject: jsii.String("emailSubject"),
		EmailSubjectByLink: jsii.String("emailSubjectByLink"),
		SmsMessage: jsii.String("smsMessage"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html

type CfnUserPoolResourceServer 

type CfnUserPoolResourceServer interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The resource ID.
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// A unique resource server identifier for the resource server.
	Identifier() *string
	SetIdentifier(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// A friendly name for the resource server.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// A list of scopes.
	Scopes() interface{}
	SetScopes(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID for the user pool.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolResourceServer` resource creates a new OAuth2.0 resource server and defines custom scopes in it.

> If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolResourceServer := awscdk.Aws_cognito.NewCfnUserPoolResourceServer(this, jsii.String("MyCfnUserPoolResourceServer"), &CfnUserPoolResourceServerProps{
	Identifier: jsii.String("identifier"),
	Name: jsii.String("name"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Scopes: []interface{}{
		&ResourceServerScopeTypeProperty{
			ScopeDescription: jsii.String("scopeDescription"),
			ScopeName: jsii.String("scopeName"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html

func NewCfnUserPoolResourceServer 

func NewCfnUserPoolResourceServer(scope constructs.Construct, id *string, props *CfnUserPoolResourceServerProps) CfnUserPoolResourceServer

type CfnUserPoolResourceServerProps 

type CfnUserPoolResourceServerProps struct {
	// A unique resource server identifier for the resource server.
	//
	// This could be an HTTPS endpoint where the resource server is located. For example: `https://my-weather-api.example.com` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html#cfn-cognito-userpoolresourceserver-identifier
	//
	Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
	// A friendly name for the resource server.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html#cfn-cognito-userpoolresourceserver-name
	//
	Name *string `field:"required" json:"name" yaml:"name"`
	// The user pool ID for the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html#cfn-cognito-userpoolresourceserver-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// A list of scopes.
	//
	// Each scope is a map with keys `ScopeName` and `ScopeDescription` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html#cfn-cognito-userpoolresourceserver-scopes
	//
	Scopes interface{} `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties for defining a `CfnUserPoolResourceServer`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolResourceServerProps := &CfnUserPoolResourceServerProps{
	Identifier: jsii.String("identifier"),
	Name: jsii.String("name"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Scopes: []interface{}{
		&ResourceServerScopeTypeProperty{
			ScopeDescription: jsii.String("scopeDescription"),
			ScopeName: jsii.String("scopeName"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolresourceserver.html

type CfnUserPoolResourceServer_ResourceServerScopeTypeProperty 

type CfnUserPoolResourceServer_ResourceServerScopeTypeProperty struct {
	// A description of the scope.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopedescription
	//
	ScopeDescription *string `field:"required" json:"scopeDescription" yaml:"scopeDescription"`
	// The name of the scope.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopename
	//
	ScopeName *string `field:"required" json:"scopeName" yaml:"scopeName"`
}

A resource server scope.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

resourceServerScopeTypeProperty := &ResourceServerScopeTypeProperty{
	ScopeDescription: jsii.String("scopeDescription"),
	ScopeName: jsii.String("scopeName"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html

type CfnUserPoolRiskConfigurationAttachment 

type CfnUserPoolRiskConfigurationAttachment interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The account takeover risk configuration object, including the `NotifyConfiguration` object and `Actions` to take if there is an account takeover.
	AccountTakeoverRiskConfiguration() interface{}
	SetAccountTakeoverRiskConfiguration(val interface{})
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The app client ID.
	ClientId() *string
	SetClientId(val *string)
	// The compromised credentials risk configuration object, including the `EventFilter` and the `EventAction` .
	CompromisedCredentialsRiskConfiguration() interface{}
	SetCompromisedCredentialsRiskConfiguration(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The configuration to override the risk decision.
	RiskExceptionConfiguration() interface{}
	SetRiskExceptionConfiguration(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolRiskConfigurationAttachment` resource sets the risk configuration that is used for Amazon Cognito advanced security features.

You can specify risk configuration for a single client (with a specific `clientId` ) or for all clients (by setting the `clientId` to `ALL` ). If you specify `ALL` , the default configuration is used for every client that has had no risk configuration set previously. If you specify risk configuration for a particular client, it no longer falls back to the `ALL` configuration.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolRiskConfigurationAttachment := awscdk.Aws_cognito.NewCfnUserPoolRiskConfigurationAttachment(this, jsii.String("MyCfnUserPoolRiskConfigurationAttachment"), &CfnUserPoolRiskConfigurationAttachmentProps{
	ClientId: jsii.String("clientId"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	AccountTakeoverRiskConfiguration: &AccountTakeoverRiskConfigurationTypeProperty{
		Actions: &AccountTakeoverActionsTypeProperty{
			HighAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
			LowAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
			MediumAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
		},

		// the properties below are optional
		NotifyConfiguration: &NotifyConfigurationTypeProperty{
			SourceArn: jsii.String("sourceArn"),

			// the properties below are optional
			BlockEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			From: jsii.String("from"),
			MfaEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			NoActionEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			ReplyTo: jsii.String("replyTo"),
		},
	},
	CompromisedCredentialsRiskConfiguration: &CompromisedCredentialsRiskConfigurationTypeProperty{
		Actions: &CompromisedCredentialsActionsTypeProperty{
			EventAction: jsii.String("eventAction"),
		},

		// the properties below are optional
		EventFilter: []*string{
			jsii.String("eventFilter"),
		},
	},
	RiskExceptionConfiguration: &RiskExceptionConfigurationTypeProperty{
		BlockedIpRangeList: []*string{
			jsii.String("blockedIpRangeList"),
		},
		SkippedIpRangeList: []*string{
			jsii.String("skippedIpRangeList"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html

func NewCfnUserPoolRiskConfigurationAttachment 

func NewCfnUserPoolRiskConfigurationAttachment(scope constructs.Construct, id *string, props *CfnUserPoolRiskConfigurationAttachmentProps) CfnUserPoolRiskConfigurationAttachment

type CfnUserPoolRiskConfigurationAttachmentProps 

type CfnUserPoolRiskConfigurationAttachmentProps struct {
	// The app client ID.
	//
	// You can specify the risk configuration for a single client (with a specific ClientId) or for all clients (by setting the ClientId to `ALL` ).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html#cfn-cognito-userpoolriskconfigurationattachment-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The user pool ID.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html#cfn-cognito-userpoolriskconfigurationattachment-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// The account takeover risk configuration object, including the `NotifyConfiguration` object and `Actions` to take if there is an account takeover.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfiguration
	//
	AccountTakeoverRiskConfiguration interface{} `field:"optional" json:"accountTakeoverRiskConfiguration" yaml:"accountTakeoverRiskConfiguration"`
	// The compromised credentials risk configuration object, including the `EventFilter` and the `EventAction` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfiguration
	//
	CompromisedCredentialsRiskConfiguration interface{} `field:"optional" json:"compromisedCredentialsRiskConfiguration" yaml:"compromisedCredentialsRiskConfiguration"`
	// The configuration to override the risk decision.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfiguration
	//
	RiskExceptionConfiguration interface{} `field:"optional" json:"riskExceptionConfiguration" yaml:"riskExceptionConfiguration"`
}

Properties for defining a `CfnUserPoolRiskConfigurationAttachment`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolRiskConfigurationAttachmentProps := &CfnUserPoolRiskConfigurationAttachmentProps{
	ClientId: jsii.String("clientId"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	AccountTakeoverRiskConfiguration: &AccountTakeoverRiskConfigurationTypeProperty{
		Actions: &AccountTakeoverActionsTypeProperty{
			HighAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
			LowAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
			MediumAction: &AccountTakeoverActionTypeProperty{
				EventAction: jsii.String("eventAction"),
				Notify: jsii.Boolean(false),
			},
		},

		// the properties below are optional
		NotifyConfiguration: &NotifyConfigurationTypeProperty{
			SourceArn: jsii.String("sourceArn"),

			// the properties below are optional
			BlockEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			From: jsii.String("from"),
			MfaEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			NoActionEmail: &NotifyEmailTypeProperty{
				Subject: jsii.String("subject"),

				// the properties below are optional
				HtmlBody: jsii.String("htmlBody"),
				TextBody: jsii.String("textBody"),
			},
			ReplyTo: jsii.String("replyTo"),
		},
	},
	CompromisedCredentialsRiskConfiguration: &CompromisedCredentialsRiskConfigurationTypeProperty{
		Actions: &CompromisedCredentialsActionsTypeProperty{
			EventAction: jsii.String("eventAction"),
		},

		// the properties below are optional
		EventFilter: []*string{
			jsii.String("eventFilter"),
		},
	},
	RiskExceptionConfiguration: &RiskExceptionConfigurationTypeProperty{
		BlockedIpRangeList: []*string{
			jsii.String("blockedIpRangeList"),
		},
		SkippedIpRangeList: []*string{
			jsii.String("skippedIpRangeList"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolriskconfigurationattachment.html

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverActionTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverActionTypeProperty struct {
	// The action to take in response to the account takeover action. Valid values are as follows:.
	//
	// - `BLOCK` Choosing this action will block the request.
	// - `MFA_IF_CONFIGURED` Present an MFA challenge if user has configured it, else allow the request.
	// - `MFA_REQUIRED` Present an MFA challenge if user has configured it, else block the request.
	// - `NO_ACTION` Allow the user to sign in.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-eventaction
	//
	EventAction *string `field:"required" json:"eventAction" yaml:"eventAction"`
	// Flag specifying whether to send a notification.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype-notify
	//
	Notify interface{} `field:"required" json:"notify" yaml:"notify"`
}

Account takeover action type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountTakeoverActionTypeProperty := &AccountTakeoverActionTypeProperty{
	EventAction: jsii.String("eventAction"),
	Notify: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractiontype.html

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverActionsTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverActionsTypeProperty struct {
	// Action to take for a high risk.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-highaction
	//
	HighAction interface{} `field:"optional" json:"highAction" yaml:"highAction"`
	// Action to take for a low risk.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-lowaction
	//
	LowAction interface{} `field:"optional" json:"lowAction" yaml:"lowAction"`
	// Action to take for a medium risk.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype-mediumaction
	//
	MediumAction interface{} `field:"optional" json:"mediumAction" yaml:"mediumAction"`
}

Account takeover actions type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountTakeoverActionsTypeProperty := &AccountTakeoverActionsTypeProperty{
	HighAction: &AccountTakeoverActionTypeProperty{
		EventAction: jsii.String("eventAction"),
		Notify: jsii.Boolean(false),
	},
	LowAction: &AccountTakeoverActionTypeProperty{
		EventAction: jsii.String("eventAction"),
		Notify: jsii.Boolean(false),
	},
	MediumAction: &AccountTakeoverActionTypeProperty{
		EventAction: jsii.String("eventAction"),
		Notify: jsii.Boolean(false),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoveractionstype.html

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverRiskConfigurationTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_AccountTakeoverRiskConfigurationTypeProperty struct {
	// Account takeover risk configuration actions.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-actions
	//
	Actions interface{} `field:"required" json:"actions" yaml:"actions"`
	// The notify configuration used to construct email notifications.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype-notifyconfiguration
	//
	NotifyConfiguration interface{} `field:"optional" json:"notifyConfiguration" yaml:"notifyConfiguration"`
}

Configuration for mitigation actions and notification for different levels of risk detected for a potential account takeover.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountTakeoverRiskConfigurationTypeProperty := &AccountTakeoverRiskConfigurationTypeProperty{
	Actions: &AccountTakeoverActionsTypeProperty{
		HighAction: &AccountTakeoverActionTypeProperty{
			EventAction: jsii.String("eventAction"),
			Notify: jsii.Boolean(false),
		},
		LowAction: &AccountTakeoverActionTypeProperty{
			EventAction: jsii.String("eventAction"),
			Notify: jsii.Boolean(false),
		},
		MediumAction: &AccountTakeoverActionTypeProperty{
			EventAction: jsii.String("eventAction"),
			Notify: jsii.Boolean(false),
		},
	},

	// the properties below are optional
	NotifyConfiguration: &NotifyConfigurationTypeProperty{
		SourceArn: jsii.String("sourceArn"),

		// the properties below are optional
		BlockEmail: &NotifyEmailTypeProperty{
			Subject: jsii.String("subject"),

			// the properties below are optional
			HtmlBody: jsii.String("htmlBody"),
			TextBody: jsii.String("textBody"),
		},
		From: jsii.String("from"),
		MfaEmail: &NotifyEmailTypeProperty{
			Subject: jsii.String("subject"),

			// the properties below are optional
			HtmlBody: jsii.String("htmlBody"),
			TextBody: jsii.String("textBody"),
		},
		NoActionEmail: &NotifyEmailTypeProperty{
			Subject: jsii.String("subject"),

			// the properties below are optional
			HtmlBody: jsii.String("htmlBody"),
			TextBody: jsii.String("textBody"),
		},
		ReplyTo: jsii.String("replyTo"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-accounttakeoverriskconfigurationtype.html

type CfnUserPoolRiskConfigurationAttachment_CompromisedCredentialsActionsTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_CompromisedCredentialsActionsTypeProperty struct {
	// The event action.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype.html#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype-eventaction
	//
	EventAction *string `field:"required" json:"eventAction" yaml:"eventAction"`
}

The compromised credentials actions type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

compromisedCredentialsActionsTypeProperty := &CompromisedCredentialsActionsTypeProperty{
	EventAction: jsii.String("eventAction"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsactionstype.html

type CfnUserPoolRiskConfigurationAttachment_CompromisedCredentialsRiskConfigurationTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_CompromisedCredentialsRiskConfigurationTypeProperty struct {
	// The compromised credentials risk configuration actions.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-actions
	//
	Actions interface{} `field:"required" json:"actions" yaml:"actions"`
	// Perform the action for these events.
	//
	// The default is to perform all events if no event filter is specified.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype-eventfilter
	//
	EventFilter *[]*string `field:"optional" json:"eventFilter" yaml:"eventFilter"`
}

The compromised credentials risk configuration type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

compromisedCredentialsRiskConfigurationTypeProperty := &CompromisedCredentialsRiskConfigurationTypeProperty{
	Actions: &CompromisedCredentialsActionsTypeProperty{
		EventAction: jsii.String("eventAction"),
	},

	// the properties below are optional
	EventFilter: []*string{
		jsii.String("eventFilter"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-compromisedcredentialsriskconfigurationtype.html

type CfnUserPoolRiskConfigurationAttachment_NotifyConfigurationTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_NotifyConfigurationTypeProperty struct {
	// The Amazon Resource Name (ARN) of the identity that is associated with the sending authorization policy.
	//
	// This identity permits Amazon Cognito to send for the email address specified in the `From` parameter.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-sourcearn
	//
	SourceArn *string `field:"required" json:"sourceArn" yaml:"sourceArn"`
	// Email template used when a detected risk event is blocked.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-blockemail
	//
	BlockEmail interface{} `field:"optional" json:"blockEmail" yaml:"blockEmail"`
	// The email address that is sending the email.
	//
	// The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-from
	//
	From *string `field:"optional" json:"from" yaml:"from"`
	// The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-mfaemail
	//
	MfaEmail interface{} `field:"optional" json:"mfaEmail" yaml:"mfaEmail"`
	// The email template used when a detected risk event is allowed.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-noactionemail
	//
	NoActionEmail interface{} `field:"optional" json:"noActionEmail" yaml:"noActionEmail"`
	// The destination to which the receiver of an email should reply to.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype-replyto
	//
	ReplyTo *string `field:"optional" json:"replyTo" yaml:"replyTo"`
}

The notify configuration type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

notifyConfigurationTypeProperty := &NotifyConfigurationTypeProperty{
	SourceArn: jsii.String("sourceArn"),

	// the properties below are optional
	BlockEmail: &NotifyEmailTypeProperty{
		Subject: jsii.String("subject"),

		// the properties below are optional
		HtmlBody: jsii.String("htmlBody"),
		TextBody: jsii.String("textBody"),
	},
	From: jsii.String("from"),
	MfaEmail: &NotifyEmailTypeProperty{
		Subject: jsii.String("subject"),

		// the properties below are optional
		HtmlBody: jsii.String("htmlBody"),
		TextBody: jsii.String("textBody"),
	},
	NoActionEmail: &NotifyEmailTypeProperty{
		Subject: jsii.String("subject"),

		// the properties below are optional
		HtmlBody: jsii.String("htmlBody"),
		TextBody: jsii.String("textBody"),
	},
	ReplyTo: jsii.String("replyTo"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyconfigurationtype.html

type CfnUserPoolRiskConfigurationAttachment_NotifyEmailTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_NotifyEmailTypeProperty struct {
	// The email subject.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-subject
	//
	Subject *string `field:"required" json:"subject" yaml:"subject"`
	// The email HTML body.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-htmlbody
	//
	HtmlBody *string `field:"optional" json:"htmlBody" yaml:"htmlBody"`
	// The email text body.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.html#cfn-cognito-userpoolriskconfigurationattachment-notifyemailtype-textbody
	//
	TextBody *string `field:"optional" json:"textBody" yaml:"textBody"`
}

The notify email type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

notifyEmailTypeProperty := &NotifyEmailTypeProperty{
	Subject: jsii.String("subject"),

	// the properties below are optional
	HtmlBody: jsii.String("htmlBody"),
	TextBody: jsii.String("textBody"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-notifyemailtype.html

type CfnUserPoolRiskConfigurationAttachment_RiskExceptionConfigurationTypeProperty 

type CfnUserPoolRiskConfigurationAttachment_RiskExceptionConfigurationTypeProperty struct {
	// Overrides the risk decision to always block the pre-authentication requests.
	//
	// The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-blockediprangelist
	//
	BlockedIpRangeList *[]*string `field:"optional" json:"blockedIpRangeList" yaml:"blockedIpRangeList"`
	// Risk detection isn't performed on the IP addresses in this range list.
	//
	// The IP range is in CIDR notation.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype.html#cfn-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype-skippediprangelist
	//
	SkippedIpRangeList *[]*string `field:"optional" json:"skippedIpRangeList" yaml:"skippedIpRangeList"`
}

The type of the configuration to override the risk decision.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

riskExceptionConfigurationTypeProperty := &RiskExceptionConfigurationTypeProperty{
	BlockedIpRangeList: []*string{
		jsii.String("blockedIpRangeList"),
	},
	SkippedIpRangeList: []*string{
		jsii.String("skippedIpRangeList"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolriskconfigurationattachment-riskexceptionconfigurationtype.html

type CfnUserPoolUICustomizationAttachment 

type CfnUserPoolUICustomizationAttachment interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The resource ID.
	AttrId() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The client ID for the client app.
	ClientId() *string
	SetClientId(val *string)
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The CSS values in the UI customization.
	Css() *string
	SetCss(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The user pool ID for the user pool.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolUICustomizationAttachment` resource sets the UI customization information for a user pool's built-in app UI.

You can specify app UI customization settings for a single client (with a specific `clientId` ) or for all clients (by setting the `clientId` to `ALL` ). If you specify `ALL` , the default configuration is used for every client that has had no UI customization set previously. If you specify UI customization settings for a particular client, it no longer falls back to the `ALL` configuration.

> Before you create this resource, your user pool must have a domain associated with it. You can create an `AWS::Cognito::UserPoolDomain` resource first in this user pool.

Setting a logo image isn't supported from AWS CloudFormation . Use the Amazon Cognito [SetUICustomization](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUICustomization.html#API_SetUICustomization_RequestSyntax) API operation to set the image.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUICustomizationAttachment := awscdk.Aws_cognito.NewCfnUserPoolUICustomizationAttachment(this, jsii.String("MyCfnUserPoolUICustomizationAttachment"), &CfnUserPoolUICustomizationAttachmentProps{
	ClientId: jsii.String("clientId"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Css: jsii.String("css"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluicustomizationattachment.html

func NewCfnUserPoolUICustomizationAttachment 

func NewCfnUserPoolUICustomizationAttachment(scope constructs.Construct, id *string, props *CfnUserPoolUICustomizationAttachmentProps) CfnUserPoolUICustomizationAttachment

type CfnUserPoolUICustomizationAttachmentProps 

type CfnUserPoolUICustomizationAttachmentProps struct {
	// The client ID for the client app.
	//
	// You can specify the UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to `ALL` ).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluicustomizationattachment.html#cfn-cognito-userpooluicustomizationattachment-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The user pool ID for the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluicustomizationattachment.html#cfn-cognito-userpooluicustomizationattachment-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// The CSS values in the UI customization.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluicustomizationattachment.html#cfn-cognito-userpooluicustomizationattachment-css
	//
	Css *string `field:"optional" json:"css" yaml:"css"`
}

Properties for defining a `CfnUserPoolUICustomizationAttachment`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUICustomizationAttachmentProps := &CfnUserPoolUICustomizationAttachmentProps{
	ClientId: jsii.String("clientId"),
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	Css: jsii.String("css"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluicustomizationattachment.html

type CfnUserPoolUser 

type CfnUserPoolUser interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
	ClientMetadata() interface{}
	SetClientMetadata(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Specify `"EMAIL"` if email will be used to send the welcome message.
	DesiredDeliveryMediums() *[]*string
	SetDesiredDeliveryMediums(val *[]*string)
	// This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` .
	ForceAliasCreation() interface{}
	SetForceAliasCreation(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account.
	MessageAction() *string
	SetMessageAction(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// An array of name-value pairs that contain user attributes and attribute values.
	UserAttributes() interface{}
	SetUserAttributes(val interface{})
	// The value that you want to set as the username sign-in attribute.
	Username() *string
	SetUsername(val *string)
	// The user pool ID for the user pool where the user will be created.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger.
	ValidationData() interface{}
	SetValidationData(val interface{})
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

The `AWS::Cognito::UserPoolUser` resource creates an Amazon Cognito user pool user.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUser := awscdk.Aws_cognito.NewCfnUserPoolUser(this, jsii.String("MyCfnUserPoolUser"), &CfnUserPoolUserProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	ClientMetadata: map[string]*string{
		"clientMetadataKey": jsii.String("clientMetadata"),
	},
	DesiredDeliveryMediums: []*string{
		jsii.String("desiredDeliveryMediums"),
	},
	ForceAliasCreation: jsii.Boolean(false),
	MessageAction: jsii.String("messageAction"),
	UserAttributes: []interface{}{
		&AttributeTypeProperty{
			Name: jsii.String("name"),
			Value: jsii.String("value"),
		},
	},
	Username: jsii.String("username"),
	ValidationData: []interface{}{
		&AttributeTypeProperty{
			Name: jsii.String("name"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html

func NewCfnUserPoolUser 

func NewCfnUserPoolUser(scope constructs.Construct, id *string, props *CfnUserPoolUserProps) CfnUserPoolUser

type CfnUserPoolUserProps 

type CfnUserPoolUserProps struct {
	// The user pool ID for the user pool where the user will be created.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
	// A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.
	//
	// You create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the *pre sign-up* trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a `clientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in AWS Lambda , you can process the `clientMetadata` value to enhance your workflow for your specific needs.
	//
	// For more information, see [Customizing user pool Workflows with Lambda Triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html) in the *Amazon Cognito Developer Guide* .
	//
	// > When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the following:
	// >
	// > - Store the ClientMetadata value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the ClientMetadata parameter serves no purpose.
	// > - Validate the ClientMetadata value.
	// > - Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-clientmetadata
	//
	ClientMetadata interface{} `field:"optional" json:"clientMetadata" yaml:"clientMetadata"`
	// Specify `"EMAIL"` if email will be used to send the welcome message.
	//
	// Specify `"SMS"` if the phone number will be used. The default value is `"SMS"` . You can specify more than one value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-desireddeliverymediums
	//
	DesiredDeliveryMediums *[]*string `field:"optional" json:"desiredDeliveryMediums" yaml:"desiredDeliveryMediums"`
	// This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` .
	//
	// Otherwise, it is ignored.
	//
	// If this parameter is set to `True` and the phone number or email address specified in the UserAttributes parameter already exists as an alias with a different user, the API call will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias.
	//
	// If this parameter is set to `False` , the API throws an `AliasExistsException` error if the alias already exists. The default value is `False` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-forcealiascreation
	//
	ForceAliasCreation interface{} `field:"optional" json:"forceAliasCreation" yaml:"forceAliasCreation"`
	// Set to `RESEND` to resend the invitation message to a user that already exists and reset the expiration limit on the user's account.
	//
	// Set to `SUPPRESS` to suppress sending the message. You can specify only one value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-messageaction
	//
	MessageAction *string `field:"optional" json:"messageAction" yaml:"messageAction"`
	// An array of name-value pairs that contain user attributes and attribute values.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-userattributes
	//
	UserAttributes interface{} `field:"optional" json:"userAttributes" yaml:"userAttributes"`
	// The value that you want to set as the username sign-in attribute.
	//
	// The following conditions apply to the username parameter.
	//
	// - The username can't be a duplicate of another username in the same user pool.
	// - You can't change the value of a username after you create it.
	// - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-username
	//
	Username *string `field:"optional" json:"username" yaml:"username"`
	// Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger.
	//
	// This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.
	//
	// Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.
	//
	// For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html#cfn-cognito-userpooluser-validationdata
	//
	ValidationData interface{} `field:"optional" json:"validationData" yaml:"validationData"`
}

Properties for defining a `CfnUserPoolUser`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUserProps := &CfnUserPoolUserProps{
	UserPoolId: jsii.String("userPoolId"),

	// the properties below are optional
	ClientMetadata: map[string]*string{
		"clientMetadataKey": jsii.String("clientMetadata"),
	},
	DesiredDeliveryMediums: []*string{
		jsii.String("desiredDeliveryMediums"),
	},
	ForceAliasCreation: jsii.Boolean(false),
	MessageAction: jsii.String("messageAction"),
	UserAttributes: []interface{}{
		&AttributeTypeProperty{
			Name: jsii.String("name"),
			Value: jsii.String("value"),
		},
	},
	Username: jsii.String("username"),
	ValidationData: []interface{}{
		&AttributeTypeProperty{
			Name: jsii.String("name"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html

type CfnUserPoolUserToGroupAttachment 

type CfnUserPoolUserToGroupAttachment interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The name of the group that you want to add your user to.
	GroupName() *string
	SetGroupName(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	Username() *string
	SetUsername(val *string)
	// The user pool ID for the user pool.
	UserPoolId() *string
	SetUserPoolId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Adds the specified user to the specified group.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUserToGroupAttachment := awscdk.Aws_cognito.NewCfnUserPoolUserToGroupAttachment(this, jsii.String("MyCfnUserPoolUserToGroupAttachment"), &CfnUserPoolUserToGroupAttachmentProps{
	GroupName: jsii.String("groupName"),
	Username: jsii.String("username"),
	UserPoolId: jsii.String("userPoolId"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html

func NewCfnUserPoolUserToGroupAttachment 

func NewCfnUserPoolUserToGroupAttachment(scope constructs.Construct, id *string, props *CfnUserPoolUserToGroupAttachmentProps) CfnUserPoolUserToGroupAttachment

type CfnUserPoolUserToGroupAttachmentProps 

type CfnUserPoolUserToGroupAttachmentProps struct {
	// The name of the group that you want to add your user to.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html#cfn-cognito-userpoolusertogroupattachment-groupname
	//
	GroupName *string `field:"required" json:"groupName" yaml:"groupName"`
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html#cfn-cognito-userpoolusertogroupattachment-username
	//
	Username *string `field:"required" json:"username" yaml:"username"`
	// The user pool ID for the user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html#cfn-cognito-userpoolusertogroupattachment-userpoolid
	//
	UserPoolId *string `field:"required" json:"userPoolId" yaml:"userPoolId"`
}

Properties for defining a `CfnUserPoolUserToGroupAttachment`.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnUserPoolUserToGroupAttachmentProps := &CfnUserPoolUserToGroupAttachmentProps{
	GroupName: jsii.String("groupName"),
	Username: jsii.String("username"),
	UserPoolId: jsii.String("userPoolId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html

type CfnUserPoolUser_AttributeTypeProperty 

type CfnUserPoolUser_AttributeTypeProperty struct {
	// The name of the attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpooluser-attributetype.html#cfn-cognito-userpooluser-attributetype-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The value of the attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpooluser-attributetype.html#cfn-cognito-userpooluser-attributetype-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Specifies whether the attribute is standard or custom.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

attributeTypeProperty := &AttributeTypeProperty{
	Name: jsii.String("name"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpooluser-attributetype.html

type CfnUserPool_AccountRecoverySettingProperty 

type CfnUserPool_AccountRecoverySettingProperty struct {
	// The list of `RecoveryOptionTypes` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-accountrecoverysetting.html#cfn-cognito-userpool-accountrecoverysetting-recoverymechanisms
	//
	RecoveryMechanisms interface{} `field:"optional" json:"recoveryMechanisms" yaml:"recoveryMechanisms"`
}

Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` .

It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

accountRecoverySettingProperty := &AccountRecoverySettingProperty{
	RecoveryMechanisms: []interface{}{
		&RecoveryOptionProperty{
			Name: jsii.String("name"),
			Priority: jsii.Number(123),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-accountrecoverysetting.html

type CfnUserPool_AdminCreateUserConfigProperty 

type CfnUserPool_AdminCreateUserConfigProperty struct {
	// Set to `True` if only the administrator is allowed to create user profiles.
	//
	// Set to `False` if users can sign themselves up via an app.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html#cfn-cognito-userpool-admincreateuserconfig-allowadmincreateuseronly
	//
	AllowAdminCreateUserOnly interface{} `field:"optional" json:"allowAdminCreateUserOnly" yaml:"allowAdminCreateUserOnly"`
	// The message template to be used for the welcome message to new users.
	//
	// See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html#cfn-cognito-userpool-admincreateuserconfig-invitemessagetemplate
	//
	InviteMessageTemplate interface{} `field:"optional" json:"inviteMessageTemplate" yaml:"inviteMessageTemplate"`
	// The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable.
	//
	// To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `"RESEND"` for the `MessageAction` parameter. The default value for this parameter is 7.
	//
	// > If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html#cfn-cognito-userpool-admincreateuserconfig-unusedaccountvaliditydays
	//
	UnusedAccountValidityDays *float64 `field:"optional" json:"unusedAccountValidityDays" yaml:"unusedAccountValidityDays"`
}

The configuration for `AdminCreateUser` requests.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

adminCreateUserConfigProperty := &AdminCreateUserConfigProperty{
	AllowAdminCreateUserOnly: jsii.Boolean(false),
	InviteMessageTemplate: &InviteMessageTemplateProperty{
		EmailMessage: jsii.String("emailMessage"),
		EmailSubject: jsii.String("emailSubject"),
		SmsMessage: jsii.String("smsMessage"),
	},
	UnusedAccountValidityDays: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-admincreateuserconfig.html

type CfnUserPool_CustomEmailSenderProperty 

type CfnUserPool_CustomEmailSenderProperty struct {
	// The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send email notifications to users.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customemailsender.html#cfn-cognito-userpool-customemailsender-lambdaarn
	//
	LambdaArn *string `field:"optional" json:"lambdaArn" yaml:"lambdaArn"`
	// The Lambda version represents the signature of the "request" attribute in the "event" information that Amazon Cognito passes to your custom email sender AWS Lambda function.
	//
	// The only supported value is `V1_0` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customemailsender.html#cfn-cognito-userpool-customemailsender-lambdaversion
	//
	LambdaVersion *string `field:"optional" json:"lambdaVersion" yaml:"lambdaVersion"`
}

A custom email sender AWS Lambda trigger.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customEmailSenderProperty := &CustomEmailSenderProperty{
	LambdaArn: jsii.String("lambdaArn"),
	LambdaVersion: jsii.String("lambdaVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customemailsender.html

type CfnUserPool_CustomSMSSenderProperty 

type CfnUserPool_CustomSMSSenderProperty struct {
	// The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send SMS notifications to users.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customsmssender.html#cfn-cognito-userpool-customsmssender-lambdaarn
	//
	LambdaArn *string `field:"optional" json:"lambdaArn" yaml:"lambdaArn"`
	// The Lambda version represents the signature of the "request" attribute in the "event" information Amazon Cognito passes to your custom SMS sender Lambda function.
	//
	// The only supported value is `V1_0` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customsmssender.html#cfn-cognito-userpool-customsmssender-lambdaversion
	//
	LambdaVersion *string `field:"optional" json:"lambdaVersion" yaml:"lambdaVersion"`
}

A custom SMS sender AWS Lambda trigger.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customSMSSenderProperty := &CustomSMSSenderProperty{
	LambdaArn: jsii.String("lambdaArn"),
	LambdaVersion: jsii.String("lambdaVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-customsmssender.html

type CfnUserPool_DeviceConfigurationProperty 

type CfnUserPool_DeviceConfigurationProperty struct {
	// When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).
	//
	// > Whether or not `ChallengeRequiredOnNewDevice` is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-deviceconfiguration.html#cfn-cognito-userpool-deviceconfiguration-challengerequiredonnewdevice
	//
	ChallengeRequiredOnNewDevice interface{} `field:"optional" json:"challengeRequiredOnNewDevice" yaml:"challengeRequiredOnNewDevice"`
	// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request.
	//
	// When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-deviceconfiguration.html#cfn-cognito-userpool-deviceconfiguration-deviceonlyrememberedonuserprompt
	//
	DeviceOnlyRememberedOnUserPrompt interface{} `field:"optional" json:"deviceOnlyRememberedOnUserPrompt" yaml:"deviceOnlyRememberedOnUserPrompt"`
}

The device-remembering configuration for a user pool.

A [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) request returns a null value for this object when the user pool isn't configured to remember devices. When device remembering is active, you can remember a user's device with a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. Additionally. when the property `DeviceOnlyRememberedOnUserPrompt` is `true` , you must follow `ConfirmDevice` with an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request that sets the user's device to `remembered` or `not_remembered` .

To sign in with a remembered device, include `DEVICE_KEY` in the authentication parameters in your user's [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html) request. If your app doesn't include a `DEVICE_KEY` parameter, the [response](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax) from Amazon Cognito includes newly-generated `DEVICE_KEY` and `DEVICE_GROUP_KEY` values under `NewDeviceMetadata` . Store these values to use in future device-authentication requests.

> When you provide a value for any property of `DeviceConfiguration` , you activate the device remembering for the user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

deviceConfigurationProperty := &DeviceConfigurationProperty{
	ChallengeRequiredOnNewDevice: jsii.Boolean(false),
	DeviceOnlyRememberedOnUserPrompt: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-deviceconfiguration.html

type CfnUserPool_EmailConfigurationProperty 

type CfnUserPool_EmailConfigurationProperty struct {
	// The set of configuration rules that can be applied to emails sent using Amazon SES.
	//
	// A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:
	//
	// - Event publishing – Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as SNS and CloudWatch.
	// - IP pool management – When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-configurationset
	//
	ConfigurationSet *string `field:"optional" json:"configurationSet" yaml:"configurationSet"`
	// Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration.
	//
	// Specify one of the following values:
	//
	// - **COGNITO_DEFAULT** - When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.
	//
	// To look up the email delivery limit for the default option, see [Limits](https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html) in the *Amazon Cognito Developer Guide* .
	//
	// The default FROM address is `no-reply@verificationemail.com` . To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the `SourceArn` parameter.
	// - **DEVELOPER** - When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your AWS account .
	//
	// If you use this option, provide the ARN of an Amazon SES verified email address for the `SourceArn` parameter.
	//
	// Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a *service-linked role* , which is a type of role in your AWS account . This role contains the permissions that allow you to access Amazon SES and send email messages from your email address. For more information about the service-linked role that Amazon Cognito creates, see [Using Service-Linked Roles for Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html) in the *Amazon Cognito Developer Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-emailsendingaccount
	//
	EmailSendingAccount *string `field:"optional" json:"emailSendingAccount" yaml:"emailSendingAccount"`
	// Identifies either the sender's email address or the sender's name with their email address.
	//
	// For example, `testuser@example.com` or `Test User <testuser@example.com>` . This address appears before the body of the email.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-from
	//
	From *string `field:"optional" json:"from" yaml:"from"`
	// The destination to which the receiver of the email should reply.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-replytoemailaddress
	//
	ReplyToEmailAddress *string `field:"optional" json:"replyToEmailAddress" yaml:"replyToEmailAddress"`
	// The ARN of a verified email address or an address from a verified domain in Amazon SES.
	//
	// You can set a `SourceArn` email from a verified domain only with an API request. You can set a verified email address, but not an address in a verified domain, in the Amazon Cognito console. Amazon Cognito uses the email address that you provide in one of the following ways, depending on the value that you specify for the `EmailSendingAccount` parameter:
	//
	// - If you specify `COGNITO_DEFAULT` , Amazon Cognito uses this address as the custom FROM address when it emails your users using its built-in email account.
	// - If you specify `DEVELOPER` , Amazon Cognito emails your users with this address by calling Amazon SES on your behalf.
	//
	// The Region value of the `SourceArn` parameter must indicate a supported AWS Region of your user pool. Typically, the Region in the `SourceArn` and the user pool Region are the same. For more information, see [Amazon SES email configuration regions](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html#user-pool-email-developer-region-mapping) in the [Amazon Cognito Developer Guide](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-sourcearn
	//
	SourceArn *string `field:"optional" json:"sourceArn" yaml:"sourceArn"`
}

The email configuration of your user pool.

The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

emailConfigurationProperty := &EmailConfigurationProperty{
	ConfigurationSet: jsii.String("configurationSet"),
	EmailSendingAccount: jsii.String("emailSendingAccount"),
	From: jsii.String("from"),
	ReplyToEmailAddress: jsii.String("replyToEmailAddress"),
	SourceArn: jsii.String("sourceArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html

type CfnUserPool_InviteMessageTemplateProperty 

type CfnUserPool_InviteMessageTemplateProperty struct {
	// The message template for email messages.
	//
	// EmailMessage is allowed only if [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-invitemessagetemplate.html#cfn-cognito-userpool-invitemessagetemplate-emailmessage
	//
	EmailMessage *string `field:"optional" json:"emailMessage" yaml:"emailMessage"`
	// The subject line for email messages.
	//
	// EmailSubject is allowed only if [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is DEVELOPER.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-invitemessagetemplate.html#cfn-cognito-userpool-invitemessagetemplate-emailsubject
	//
	EmailSubject *string `field:"optional" json:"emailSubject" yaml:"emailSubject"`
	// The message template for SMS messages.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-invitemessagetemplate.html#cfn-cognito-userpool-invitemessagetemplate-smsmessage
	//
	SmsMessage *string `field:"optional" json:"smsMessage" yaml:"smsMessage"`
}

The message template to be used for the welcome message to new users.

See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

inviteMessageTemplateProperty := &InviteMessageTemplateProperty{
	EmailMessage: jsii.String("emailMessage"),
	EmailSubject: jsii.String("emailSubject"),
	SmsMessage: jsii.String("smsMessage"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-invitemessagetemplate.html

type CfnUserPool_LambdaConfigProperty 

type CfnUserPool_LambdaConfigProperty struct {
	// Creates an authentication challenge.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-createauthchallenge
	//
	CreateAuthChallenge *string `field:"optional" json:"createAuthChallenge" yaml:"createAuthChallenge"`
	// A custom email sender AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-customemailsender
	//
	CustomEmailSender interface{} `field:"optional" json:"customEmailSender" yaml:"customEmailSender"`
	// A custom Message AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-custommessage
	//
	CustomMessage *string `field:"optional" json:"customMessage" yaml:"customMessage"`
	// A custom SMS sender AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-customsmssender
	//
	CustomSmsSender interface{} `field:"optional" json:"customSmsSender" yaml:"customSmsSender"`
	// Defines the authentication challenge.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-defineauthchallenge
	//
	DefineAuthChallenge *string `field:"optional" json:"defineAuthChallenge" yaml:"defineAuthChallenge"`
	// The Amazon Resource Name of a AWS Key Management Service ( AWS KMS ) key.
	//
	// Amazon Cognito uses the key to encrypt codes and temporary passwords sent to `CustomEmailSender` and `CustomSMSSender` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-kmskeyid
	//
	KmsKeyId *string `field:"optional" json:"kmsKeyId" yaml:"kmsKeyId"`
	// A post-authentication AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-postauthentication
	//
	PostAuthentication *string `field:"optional" json:"postAuthentication" yaml:"postAuthentication"`
	// A post-confirmation AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-postconfirmation
	//
	PostConfirmation *string `field:"optional" json:"postConfirmation" yaml:"postConfirmation"`
	// A pre-authentication AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-preauthentication
	//
	PreAuthentication *string `field:"optional" json:"preAuthentication" yaml:"preAuthentication"`
	// A pre-registration AWS Lambda trigger.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-presignup
	//
	PreSignUp *string `field:"optional" json:"preSignUp" yaml:"preSignUp"`
	// The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
	//
	// Set this parameter for legacy purposes. If you also set an ARN in `PreTokenGenerationConfig` , its value must be identical to `PreTokenGeneration` . For new instances of pre token generation triggers, set the `LambdaArn` of `PreTokenGenerationConfig` .
	//
	// You can set “.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-pretokengeneration
	//
	PreTokenGeneration *string `field:"optional" json:"preTokenGeneration" yaml:"preTokenGeneration"`
	// The detailed configuration of a pre token generation trigger.
	//
	// If you also set an ARN in `PreTokenGeneration` , its value must be identical to `PreTokenGenerationConfig` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-pretokengenerationconfig
	//
	PreTokenGenerationConfig interface{} `field:"optional" json:"preTokenGenerationConfig" yaml:"preTokenGenerationConfig"`
	// The user migration Lambda config type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-usermigration
	//
	UserMigration *string `field:"optional" json:"userMigration" yaml:"userMigration"`
	// Verifies the authentication challenge response.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html#cfn-cognito-userpool-lambdaconfig-verifyauthchallengeresponse
	//
	VerifyAuthChallengeResponse *string `field:"optional" json:"verifyAuthChallengeResponse" yaml:"verifyAuthChallengeResponse"`
}

Specifies the configuration for AWS Lambda triggers.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

lambdaConfigProperty := &LambdaConfigProperty{
	CreateAuthChallenge: jsii.String("createAuthChallenge"),
	CustomEmailSender: &CustomEmailSenderProperty{
		LambdaArn: jsii.String("lambdaArn"),
		LambdaVersion: jsii.String("lambdaVersion"),
	},
	CustomMessage: jsii.String("customMessage"),
	CustomSmsSender: &CustomSMSSenderProperty{
		LambdaArn: jsii.String("lambdaArn"),
		LambdaVersion: jsii.String("lambdaVersion"),
	},
	DefineAuthChallenge: jsii.String("defineAuthChallenge"),
	KmsKeyId: jsii.String("kmsKeyId"),
	PostAuthentication: jsii.String("postAuthentication"),
	PostConfirmation: jsii.String("postConfirmation"),
	PreAuthentication: jsii.String("preAuthentication"),
	PreSignUp: jsii.String("preSignUp"),
	PreTokenGeneration: jsii.String("preTokenGeneration"),
	PreTokenGenerationConfig: &PreTokenGenerationConfigProperty{
		LambdaArn: jsii.String("lambdaArn"),
		LambdaVersion: jsii.String("lambdaVersion"),
	},
	UserMigration: jsii.String("userMigration"),
	VerifyAuthChallengeResponse: jsii.String("verifyAuthChallengeResponse"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-lambdaconfig.html

type CfnUserPool_NumberAttributeConstraintsProperty 

type CfnUserPool_NumberAttributeConstraintsProperty struct {
	// The maximum length of a number attribute value.
	//
	// Must be a number less than or equal to `2^1023` , represented as a string with a length of 131072 characters or fewer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-numberattributeconstraints.html#cfn-cognito-userpool-numberattributeconstraints-maxvalue
	//
	MaxValue *string `field:"optional" json:"maxValue" yaml:"maxValue"`
	// The minimum value of an attribute that is of the number data type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-numberattributeconstraints.html#cfn-cognito-userpool-numberattributeconstraints-minvalue
	//
	MinValue *string `field:"optional" json:"minValue" yaml:"minValue"`
}

The minimum and maximum values of an attribute that is of the number data type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

numberAttributeConstraintsProperty := &NumberAttributeConstraintsProperty{
	MaxValue: jsii.String("maxValue"),
	MinValue: jsii.String("minValue"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-numberattributeconstraints.html

type CfnUserPool_PasswordPolicyProperty 

type CfnUserPool_PasswordPolicyProperty struct {
	// The minimum length of the password in the policy that you have set.
	//
	// This value can't be less than 6.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-minimumlength
	//
	MinimumLength *float64 `field:"optional" json:"minimumLength" yaml:"minimumLength"`
	// In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-requirelowercase
	//
	RequireLowercase interface{} `field:"optional" json:"requireLowercase" yaml:"requireLowercase"`
	// In the password policy that you have set, refers to whether you have required users to use at least one number in their password.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-requirenumbers
	//
	RequireNumbers interface{} `field:"optional" json:"requireNumbers" yaml:"requireNumbers"`
	// In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-requiresymbols
	//
	RequireSymbols interface{} `field:"optional" json:"requireSymbols" yaml:"requireSymbols"`
	// In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-requireuppercase
	//
	RequireUppercase interface{} `field:"optional" json:"requireUppercase" yaml:"requireUppercase"`
	// The number of days a temporary password is valid in the password policy.
	//
	// If the user doesn't sign in during this time, an administrator must reset their password. Defaults to `7` . If you submit a value of `0` , Amazon Cognito treats it as a null value and sets `TemporaryPasswordValidityDays` to its default value.
	//
	// > When you set `TemporaryPasswordValidityDays` for a user pool, you can no longer set a value for the legacy `UnusedAccountValidityDays` parameter in that user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html#cfn-cognito-userpool-passwordpolicy-temporarypasswordvaliditydays
	//
	TemporaryPasswordValidityDays *float64 `field:"optional" json:"temporaryPasswordValidityDays" yaml:"temporaryPasswordValidityDays"`
}

The password policy type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

passwordPolicyProperty := &PasswordPolicyProperty{
	MinimumLength: jsii.Number(123),
	RequireLowercase: jsii.Boolean(false),
	RequireNumbers: jsii.Boolean(false),
	RequireSymbols: jsii.Boolean(false),
	RequireUppercase: jsii.Boolean(false),
	TemporaryPasswordValidityDays: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-passwordpolicy.html

type CfnUserPool_PoliciesProperty 

type CfnUserPool_PoliciesProperty struct {
	// The password policy.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-policies.html#cfn-cognito-userpool-policies-passwordpolicy
	//
	PasswordPolicy interface{} `field:"optional" json:"passwordPolicy" yaml:"passwordPolicy"`
}

The policy associated with a user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

policiesProperty := &PoliciesProperty{
	PasswordPolicy: &PasswordPolicyProperty{
		MinimumLength: jsii.Number(123),
		RequireLowercase: jsii.Boolean(false),
		RequireNumbers: jsii.Boolean(false),
		RequireSymbols: jsii.Boolean(false),
		RequireUppercase: jsii.Boolean(false),
		TemporaryPasswordValidityDays: jsii.Number(123),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-policies.html

type CfnUserPool_PreTokenGenerationConfigProperty added in v2.119.0 

type CfnUserPool_PreTokenGenerationConfigProperty struct {
	// The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.
	//
	// This parameter and the `PreTokenGeneration` property of `LambdaConfig` have the same value. For new instances of pre token generation triggers, set `LambdaArn` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html#cfn-cognito-userpool-pretokengenerationconfig-lambdaarn
	//
	LambdaArn *string `field:"optional" json:"lambdaArn" yaml:"lambdaArn"`
	// The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
	//
	// Higher-numbered versions add fields that support new features.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html#cfn-cognito-userpool-pretokengenerationconfig-lambdaversion
	//
	LambdaVersion *string `field:"optional" json:"lambdaVersion" yaml:"lambdaVersion"`
}

The properties of a pre token generation Lambda trigger.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

preTokenGenerationConfigProperty := &PreTokenGenerationConfigProperty{
	LambdaArn: jsii.String("lambdaArn"),
	LambdaVersion: jsii.String("lambdaVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-pretokengenerationconfig.html

type CfnUserPool_RecoveryOptionProperty 

type CfnUserPool_RecoveryOptionProperty struct {
	// Specifies the recovery method for a user.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-recoveryoption.html#cfn-cognito-userpool-recoveryoption-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// A positive integer specifying priority of a method with 1 being the highest priority.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-recoveryoption.html#cfn-cognito-userpool-recoveryoption-priority
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
}

A map containing a priority as a key, and recovery method name as a value.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

recoveryOptionProperty := &RecoveryOptionProperty{
	Name: jsii.String("name"),
	Priority: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-recoveryoption.html

type CfnUserPool_SchemaAttributeProperty 

type CfnUserPool_SchemaAttributeProperty struct {
	// The data format of the values for your attribute.
	//
	// When you choose an `AttributeDataType` , Amazon Cognito validates the input against the data type. A custom attribute value in your user's ID token is always a string, for example `"custom:isMember" : "true"` or `"custom:YearsAsMember" : "12"` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-attributedatatype
	//
	AttributeDataType *string `field:"optional" json:"attributeDataType" yaml:"attributeDataType"`
	// > We recommend that you use [WriteAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes) in the user pool client to control how attributes can be mutated for new use cases instead of using `DeveloperOnlyAttribute` .
	//
	// Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-developeronlyattribute
	//
	DeveloperOnlyAttribute interface{} `field:"optional" json:"developerOnlyAttribute" yaml:"developerOnlyAttribute"`
	// Specifies whether the value of the attribute can be changed.
	//
	// Any user pool attribute whose value you map from an IdP attribute must be mutable, with a parameter value of `true` . Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see [Specifying Identity Provider Attribute Mappings for Your User Pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-mutable
	//
	Mutable interface{} `field:"optional" json:"mutable" yaml:"mutable"`
	// The name of your user pool attribute.
	//
	// When you create or update a user pool, adding a schema attribute creates a custom or developer-only attribute. When you add an attribute with a `Name` value of `MyAttribute` , Amazon Cognito creates the custom attribute `custom:MyAttribute` . When `DeveloperOnlyAttribute` is `true` , Amazon Cognito creates your attribute as `dev:MyAttribute` . In an operation that describes a user pool, Amazon Cognito returns this value as `value` for standard attributes, `custom:value` for custom attributes, and `dev:value` for developer-only attributes..
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// Specifies the constraints for an attribute of the number type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-numberattributeconstraints
	//
	NumberAttributeConstraints interface{} `field:"optional" json:"numberAttributeConstraints" yaml:"numberAttributeConstraints"`
	// Specifies whether a user pool attribute is required.
	//
	// If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-required
	//
	Required interface{} `field:"optional" json:"required" yaml:"required"`
	// Specifies the constraints for an attribute of the string type.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html#cfn-cognito-userpool-schemaattribute-stringattributeconstraints
	//
	StringAttributeConstraints interface{} `field:"optional" json:"stringAttributeConstraints" yaml:"stringAttributeConstraints"`
}

A list of the user attributes and their properties in your user pool.

The attribute schema contains standard attributes, custom attributes with a `custom:` prefix, and developer attributes with a `dev:` prefix. For more information, see [User pool attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) .

Developer-only attributes are a legacy feature of user pools, are read-only to all app clients. You can create and update developer-only attributes only with IAM-authenticated API operations. Use app client read/write permissions instead.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

schemaAttributeProperty := &SchemaAttributeProperty{
	AttributeDataType: jsii.String("attributeDataType"),
	DeveloperOnlyAttribute: jsii.Boolean(false),
	Mutable: jsii.Boolean(false),
	Name: jsii.String("name"),
	NumberAttributeConstraints: &NumberAttributeConstraintsProperty{
		MaxValue: jsii.String("maxValue"),
		MinValue: jsii.String("minValue"),
	},
	Required: jsii.Boolean(false),
	StringAttributeConstraints: &StringAttributeConstraintsProperty{
		MaxLength: jsii.String("maxLength"),
		MinLength: jsii.String("minLength"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html

type CfnUserPool_SmsConfigurationProperty 

type CfnUserPool_SmsConfigurationProperty struct {
	// The external ID is a value.
	//
	// We recommend you use `ExternalId` to add security to your IAM role, which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an `ExternalId` , the Cognito User Pool uses it when attempting to assume your IAM role. You can also set your roles trust policy to require the `ExternalID` . If you use the Cognito Management Console to create a role for SMS MFA, Cognito creates a role with the required permissions and a trust policy that uses `ExternalId` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-smsconfiguration.html#cfn-cognito-userpool-smsconfiguration-externalid
	//
	ExternalId *string `field:"optional" json:"externalId" yaml:"externalId"`
	// The Amazon Resource Name (ARN) of the Amazon SNS caller.
	//
	// This is the ARN of the IAM role in your AWS account that Amazon Cognito will use to send SMS messages. SMS messages are subject to a [spending limit](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-smsconfiguration.html#cfn-cognito-userpool-smsconfiguration-snscallerarn
	//
	SnsCallerArn *string `field:"optional" json:"snsCallerArn" yaml:"snsCallerArn"`
	// The AWS Region to use with Amazon SNS integration.
	//
	// You can choose the same Region as your user pool, or a supported *Legacy Amazon SNS alternate Region* .
	//
	// Amazon Cognito resources in the Asia Pacific (Seoul) AWS Region must use your Amazon SNS configuration in the Asia Pacific (Tokyo) Region. For more information, see [SMS message settings for Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-smsconfiguration.html#cfn-cognito-userpool-smsconfiguration-snsregion
	//
	SnsRegion *string `field:"optional" json:"snsRegion" yaml:"snsRegion"`
}

The SMS configuration type that includes the settings the Cognito User Pool needs to call for the Amazon SNS service to send an SMS message from your AWS account .

The Cognito User Pool makes the request to the Amazon SNS Service by using an IAM role that you provide for your AWS account .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

smsConfigurationProperty := &SmsConfigurationProperty{
	ExternalId: jsii.String("externalId"),
	SnsCallerArn: jsii.String("snsCallerArn"),
	SnsRegion: jsii.String("snsRegion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-smsconfiguration.html

type CfnUserPool_StringAttributeConstraintsProperty 

type CfnUserPool_StringAttributeConstraintsProperty struct {
	// The maximum length of a string attribute value.
	//
	// Must be a number less than or equal to `2^1023` , represented as a string with a length of 131072 characters or fewer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-stringattributeconstraints.html#cfn-cognito-userpool-stringattributeconstraints-maxlength
	//
	MaxLength *string `field:"optional" json:"maxLength" yaml:"maxLength"`
	// The minimum length.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-stringattributeconstraints.html#cfn-cognito-userpool-stringattributeconstraints-minlength
	//
	MinLength *string `field:"optional" json:"minLength" yaml:"minLength"`
}

The `StringAttributeConstraints` property type defines the string attribute constraints of an Amazon Cognito user pool.

`StringAttributeConstraints` is a subproperty of the [SchemaAttribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-schemaattribute.html) property type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

stringAttributeConstraintsProperty := &StringAttributeConstraintsProperty{
	MaxLength: jsii.String("maxLength"),
	MinLength: jsii.String("minLength"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-stringattributeconstraints.html

type CfnUserPool_UserAttributeUpdateSettingsProperty added in v2.27.0 

type CfnUserPool_UserAttributeUpdateSettingsProperty struct {
	// Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute.
	//
	// When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.
	//
	// You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true.
	//
	// When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userattributeupdatesettings.html#cfn-cognito-userpool-userattributeupdatesettings-attributesrequireverificationbeforeupdate
	//
	AttributesRequireVerificationBeforeUpdate *[]*string `field:"required" json:"attributesRequireVerificationBeforeUpdate" yaml:"attributesRequireVerificationBeforeUpdate"`
}

The settings for updates to user attributes.

These settings include the property `AttributesRequireVerificationBeforeUpdate` , a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

userAttributeUpdateSettingsProperty := &UserAttributeUpdateSettingsProperty{
	AttributesRequireVerificationBeforeUpdate: []*string{
		jsii.String("attributesRequireVerificationBeforeUpdate"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userattributeupdatesettings.html

type CfnUserPool_UserPoolAddOnsProperty 

type CfnUserPool_UserPoolAddOnsProperty struct {
	// The operating mode of advanced security features in your user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html#cfn-cognito-userpool-userpooladdons-advancedsecuritymode
	//
	AdvancedSecurityMode *string `field:"optional" json:"advancedSecurityMode" yaml:"advancedSecurityMode"`
}

User pool add-ons.

Contains settings for activation of advanced security features. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .

For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) .

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

userPoolAddOnsProperty := &UserPoolAddOnsProperty{
	AdvancedSecurityMode: jsii.String("advancedSecurityMode"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html

type CfnUserPool_UsernameConfigurationProperty 

type CfnUserPool_UsernameConfigurationProperty struct {
	// Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.
	//
	// For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.
	//
	// Valid values include:
	//
	// - **True** - Enables case sensitivity for all username input. When this option is set to `True` , users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.
	// - **False** - Enables case insensitivity for all username input. For example, when this option is set to `False` , users can sign in using `username` , `USERNAME` , or `UserName` . This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-usernameconfiguration.html#cfn-cognito-userpool-usernameconfiguration-casesensitive
	//
	CaseSensitive interface{} `field:"optional" json:"caseSensitive" yaml:"caseSensitive"`
}

The `UsernameConfiguration` property type specifies case sensitivity on the username input for the selected sign-in option.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

usernameConfigurationProperty := &UsernameConfigurationProperty{
	CaseSensitive: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-usernameconfiguration.html

type CfnUserPool_VerificationMessageTemplateProperty 

type CfnUserPool_VerificationMessageTemplateProperty struct {
	// The default email option.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-defaultemailoption
	//
	DefaultEmailOption *string `field:"optional" json:"defaultEmailOption" yaml:"defaultEmailOption"`
	// The template for email messages that Amazon Cognito sends to your users.
	//
	// You can set an `EmailMessage` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-emailmessage
	//
	EmailMessage *string `field:"optional" json:"emailMessage" yaml:"emailMessage"`
	// The email message template for sending a confirmation link to the user.
	//
	// You can set an `EmailMessageByLink` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-emailmessagebylink
	//
	EmailMessageByLink *string `field:"optional" json:"emailMessageByLink" yaml:"emailMessageByLink"`
	// The subject line for the email message template.
	//
	// You can set an `EmailSubject` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-emailsubject
	//
	EmailSubject *string `field:"optional" json:"emailSubject" yaml:"emailSubject"`
	// The subject line for the email message template for sending a confirmation link to the user.
	//
	// You can set an `EmailSubjectByLink` template only if the value of [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` . When your [EmailSendingAccount](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) is `DEVELOPER` , your user pool sends email messages with your own Amazon SES configuration.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-emailsubjectbylink
	//
	EmailSubjectByLink *string `field:"optional" json:"emailSubjectByLink" yaml:"emailSubjectByLink"`
	// The template for SMS messages that Amazon Cognito sends to your users.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html#cfn-cognito-userpool-verificationmessagetemplate-smsmessage
	//
	SmsMessage *string `field:"optional" json:"smsMessage" yaml:"smsMessage"`
}

The template for verification messages.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

verificationMessageTemplateProperty := &VerificationMessageTemplateProperty{
	DefaultEmailOption: jsii.String("defaultEmailOption"),
	EmailMessage: jsii.String("emailMessage"),
	EmailMessageByLink: jsii.String("emailMessageByLink"),
	EmailSubject: jsii.String("emailSubject"),
	EmailSubjectByLink: jsii.String("emailSubjectByLink"),
	SmsMessage: jsii.String("smsMessage"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html

type ClientAttributes 

type ClientAttributes interface {
	// The list of attributes represented by this ClientAttributes.
	Attributes() *[]*string
	// Creates a custom ClientAttributes with the specified attributes.
	WithCustomAttributes(attributes ...*string) ClientAttributes
	// Creates a custom ClientAttributes with the specified attributes.
	WithStandardAttributes(attributes *StandardAttributesMask) ClientAttributes
}

A set of attributes, useful to set Read and Write attributes.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

clientWriteAttributes := (cognito.NewClientAttributes()).WithStandardAttributes(&StandardAttributesMask{
	Fullname: jsii.Boolean(true),
	Email: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("favouritePizza"), jsii.String("favouriteBeverage"))

clientReadAttributes := clientWriteAttributes.WithStandardAttributes(&StandardAttributesMask{
	EmailVerified: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("pointsEarned"))

pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	ReadAttributes: clientReadAttributes,
	WriteAttributes: clientWriteAttributes,
})

func NewClientAttributes 

func NewClientAttributes() ClientAttributes

Creates a ClientAttributes with the specified attributes. Default: - a ClientAttributes object without any attributes.

type CognitoDomainOptions 

type CognitoDomainOptions struct {
	// The prefix to the Cognito hosted domain name that will be associated with the user pool.
	DomainPrefix *string `field:"required" json:"domainPrefix" yaml:"domainPrefix"`
}

Options while specifying a cognito prefix domain.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

pool.addDomain(jsii.String("CognitoDomain"), &UserPoolDomainOptions{
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("my-awesome-app"),
	},
})

certificateArn := "arn:aws:acm:us-east-1:123456789012:certificate/11-3336f1-44483d-adc7-9cd375c5169d"

domainCert := certificatemanager.Certificate_FromCertificateArn(this, jsii.String("domainCert"), certificateArn)
pool.addDomain(jsii.String("CustomDomain"), &UserPoolDomainOptions{
	CustomDomain: &CustomDomainOptions{
		DomainName: jsii.String("user.myapp.com"),
		Certificate: domainCert,
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html

type CustomAttributeConfig 

type CustomAttributeConfig struct {
	// The data type of the custom attribute.
	// See: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html#CognitoUserPools-Type-SchemaAttributeType-AttributeDataType
	//
	DataType *string `field:"required" json:"dataType" yaml:"dataType"`
	// Specifies whether the value of the attribute can be changed.
	//
	// For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
	// Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
	// If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
	// Default: false.
	//
	Mutable *bool `field:"optional" json:"mutable" yaml:"mutable"`
	// The constraints for a custom attribute of the 'Number' data type.
	// Default: - None.
	//
	NumberConstraints *NumberAttributeConstraints `field:"optional" json:"numberConstraints" yaml:"numberConstraints"`
	// The constraints for a custom attribute of 'String' data type.
	// Default: - None.
	//
	StringConstraints *StringAttributeConstraints `field:"optional" json:"stringConstraints" yaml:"stringConstraints"`
}

Configuration that will be fed into CloudFormation for any custom attribute type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

customAttributeConfig := &CustomAttributeConfig{
	DataType: jsii.String("dataType"),

	// the properties below are optional
	Mutable: jsii.Boolean(false),
	NumberConstraints: &NumberAttributeConstraints{
		Max: jsii.Number(123),
		Min: jsii.Number(123),
	},
	StringConstraints: &StringAttributeConstraints{
		MaxLen: jsii.Number(123),
		MinLen: jsii.Number(123),
	},
}

type CustomAttributeProps 

type CustomAttributeProps struct {
	// Specifies whether the value of the attribute can be changed.
	//
	// For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
	// Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
	// If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
	// Default: false.
	//
	Mutable *bool `field:"optional" json:"mutable" yaml:"mutable"`
}

Constraints that can be applied to a custom attribute of any type.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

type CustomDomainOptions 

type CustomDomainOptions struct {
	// The certificate to associate with this domain.
	Certificate awscertificatemanager.ICertificate `field:"required" json:"certificate" yaml:"certificate"`
	// The custom domain name that you would like to associate with this User Pool.
	DomainName *string `field:"required" json:"domainName" yaml:"domainName"`
}

Options while specifying custom domain.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

pool.addDomain(jsii.String("CognitoDomain"), &UserPoolDomainOptions{
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("my-awesome-app"),
	},
})

certificateArn := "arn:aws:acm:us-east-1:123456789012:certificate/11-3336f1-44483d-adc7-9cd375c5169d"

domainCert := certificatemanager.Certificate_FromCertificateArn(this, jsii.String("domainCert"), certificateArn)
pool.addDomain(jsii.String("CustomDomain"), &UserPoolDomainOptions{
	CustomDomain: &CustomDomainOptions{
		DomainName: jsii.String("user.myapp.com"),
		Certificate: domainCert,
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html

type DateTimeAttribute 

type DateTimeAttribute interface {
	ICustomAttribute
	// Bind this custom attribute type to the values as expected by CloudFormation.
	Bind() *CustomAttributeConfig
}

The DateTime custom attribute type.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

func NewDateTimeAttribute 

func NewDateTimeAttribute(props *CustomAttributeProps) DateTimeAttribute

type DeviceTracking 

type DeviceTracking struct {
	// Indicates whether a challenge is required on a new device.
	//
	// Only applicable to a new device.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
	//
	// Default: false.
	//
	ChallengeRequiredOnNewDevice *bool `field:"required" json:"challengeRequiredOnNewDevice" yaml:"challengeRequiredOnNewDevice"`
	// If true, a device is only remembered on user prompt.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
	//
	// Default: false.
	//
	DeviceOnlyRememberedOnUserPrompt *bool `field:"required" json:"deviceOnlyRememberedOnUserPrompt" yaml:"deviceOnlyRememberedOnUserPrompt"`
}

Device tracking settings.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	DeviceTracking: &DeviceTracking{
		ChallengeRequiredOnNewDevice: jsii.Boolean(true),
		DeviceOnlyRememberedOnUserPrompt: jsii.Boolean(true),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html

type EmailSettings 

type EmailSettings struct {
	// The 'from' address on the emails received by the user.
	// Default: noreply@verificationemail.com
	//
	From *string `field:"optional" json:"from" yaml:"from"`
	// The 'replyTo' address on the emails received by the user as defined by IETF RFC-5322.
	//
	// When set, most email clients recognize to change 'to' line to this address when a reply is drafted.
	// Default: - Not set.
	//
	ReplyTo *string `field:"optional" json:"replyTo" yaml:"replyTo"`
}

Email settings for the user pool.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

emailSettings := &EmailSettings{
	From: jsii.String("from"),
	ReplyTo: jsii.String("replyTo"),
}

type ICustomAttribute 

type ICustomAttribute interface {
	// Bind this custom attribute type to the values as expected by CloudFormation.
	Bind() *CustomAttributeConfig
}

Represents a custom attribute type.

type IUserPool 

type IUserPool interface {
	awscdk.IResource
	// Add a new app client to this user pool.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
	//
	AddClient(id *string, options *UserPoolClientOptions) UserPoolClient
	// Associate a domain to this user pool.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html
	//
	AddDomain(id *string, options *UserPoolDomainOptions) UserPoolDomain
	// Add a new resource server to this user pool.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-resource-servers.html
	//
	AddResourceServer(id *string, options *UserPoolResourceServerOptions) UserPoolResourceServer
	// Adds an IAM policy statement associated with this user pool to an IAM principal's policy.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Register an identity provider with this user pool.
	RegisterIdentityProvider(provider IUserPoolIdentityProvider)
	// Get all identity providers registered with this user pool.
	IdentityProviders() *[]IUserPoolIdentityProvider
	// The ARN of this user pool resource.
	UserPoolArn() *string
	// The physical ID of this user pool resource.
	UserPoolId() *string
}

Represents a Cognito UserPool.

func UserPool_FromUserPoolArn 

func UserPool_FromUserPoolArn(scope constructs.Construct, id *string, userPoolArn *string) IUserPool

Import an existing user pool based on its ARN.

func UserPool_FromUserPoolId 

func UserPool_FromUserPoolId(scope constructs.Construct, id *string, userPoolId *string) IUserPool

Import an existing user pool based on its id.

type IUserPoolClient 

type IUserPoolClient interface {
	awscdk.IResource
	// Name of the application client.
	UserPoolClientId() *string
	// The generated client secret.
	//
	// Only available if the "generateSecret" props is set to true.
	UserPoolClientSecret() awscdk.SecretValue
}

Represents a Cognito user pool client.

func UserPoolClient_FromUserPoolClientId 

func UserPoolClient_FromUserPoolClientId(scope constructs.Construct, id *string, userPoolClientId *string) IUserPoolClient

Import a user pool client given its id.

type IUserPoolDomain 

type IUserPoolDomain interface {
	awscdk.IResource
	// The domain that was specified to be created.
	//
	// If `customDomain` was selected, this holds the full domain name that was specified.
	// If the `cognitoDomain` was used, it contains the prefix to the Cognito hosted domain.
	DomainName() *string
}

Represents a user pool domain.

func UserPoolDomain_FromDomainName 

func UserPoolDomain_FromDomainName(scope constructs.Construct, id *string, userPoolDomainName *string) IUserPoolDomain

Import a UserPoolDomain given its domain name.

type IUserPoolIdentityProvider 

type IUserPoolIdentityProvider interface {
	awscdk.IResource
	// The primary identifier of this identity provider.
	ProviderName() *string
}

Represents a UserPoolIdentityProvider.

func UserPoolIdentityProvider_FromProviderName 

func UserPoolIdentityProvider_FromProviderName(scope constructs.Construct, id *string, providerName *string) IUserPoolIdentityProvider

Import an existing UserPoolIdentityProvider.

type IUserPoolResourceServer 

type IUserPoolResourceServer interface {
	awscdk.IResource
	// Resource server id.
	UserPoolResourceServerId() *string
}

Represents a Cognito user pool resource server.

func UserPoolResourceServer_FromUserPoolResourceServerId 

func UserPoolResourceServer_FromUserPoolResourceServerId(scope constructs.Construct, id *string, userPoolResourceServerId *string) IUserPoolResourceServer

Import a user pool resource client given its id.

type KeepOriginalAttrs added in v2.33.0 

type KeepOriginalAttrs struct {
	// Whether the email address of the user should remain the original value until the new email address is verified.
	// Default: - false.
	//
	Email *bool `field:"optional" json:"email" yaml:"email"`
	// Whether the phone number of the user should remain the original value until the new phone number is verified.
	// Default: - false.
	//
	Phone *bool `field:"optional" json:"phone" yaml:"phone"`
}

Attributes that will be kept until the user verifies the changed attribute.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
	},
	AutoVerify: &AutoVerifiedAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
	KeepOriginal: &KeepOriginalAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
})

type LambdaVersion added in v2.127.0 

type LambdaVersion string

The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.

Example: 

var userpool userPool
var preTokenGenerationFn function

userpool.AddTrigger(cognito.UserPoolOperation_PRE_TOKEN_GENERATION_CONFIG(), preTokenGenerationFn, cognito.LambdaVersion_V2_0)

const (
	// V1_0 trigger.
	LambdaVersion_V1_0 LambdaVersion = "V1_0"
	// V2_0 trigger.
	//
	// This is supported only for PRE_TOKEN_GENERATION trigger.
	LambdaVersion_V2_0 LambdaVersion = "V2_0"
)

type Mfa 

type Mfa string

The different ways in which a user pool's MFA enforcement can be configured.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	Mfa: cognito.Mfa_REQUIRED,
	MfaSecondFactor: &MfaSecondFactor{
		Sms: jsii.Boolean(true),
		Otp: jsii.Boolean(true),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html 

const (
	// Users are not required to use MFA for sign in, and cannot configure one.
	Mfa_OFF Mfa = "OFF"
	// Users are not required to use MFA for sign in, but can configure one if they so choose to.
	Mfa_OPTIONAL Mfa = "OPTIONAL"
	// Users are required to configure an MFA, and have to use it to sign in.
	Mfa_REQUIRED Mfa = "REQUIRED"
)

type MfaSecondFactor 

type MfaSecondFactor struct {
	// The MFA token is a time-based one time password that is generated by a hardware or software token.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html
	//
	// Default: false.
	//
	Otp *bool `field:"required" json:"otp" yaml:"otp"`
	// The MFA token is sent to the user via SMS to their verified phone numbers.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-text-message.html
	//
	// Default: true.
	//
	Sms *bool `field:"required" json:"sms" yaml:"sms"`
}

The different ways in which a user pool can obtain their MFA token for sign in.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	Mfa: cognito.Mfa_REQUIRED,
	MfaSecondFactor: &MfaSecondFactor{
		Sms: jsii.Boolean(true),
		Otp: jsii.Boolean(true),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html

type NumberAttribute 

type NumberAttribute interface {
	ICustomAttribute
	// Bind this custom attribute type to the values as expected by CloudFormation.
	Bind() *CustomAttributeConfig
}

The Number custom attribute type.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

func NewNumberAttribute 

func NewNumberAttribute(props *NumberAttributeProps) NumberAttribute

type NumberAttributeConstraints 

type NumberAttributeConstraints struct {
	// Maximum value of this attribute.
	// Default: - no maximum value.
	//
	Max *float64 `field:"optional" json:"max" yaml:"max"`
	// Minimum value of this attribute.
	// Default: - no minimum value.
	//
	Min *float64 `field:"optional" json:"min" yaml:"min"`
}

Constraints that can be applied to a custom attribute of number type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

numberAttributeConstraints := &NumberAttributeConstraints{
	Max: jsii.Number(123),
	Min: jsii.Number(123),
}

type NumberAttributeProps 

type NumberAttributeProps struct {
	// Maximum value of this attribute.
	// Default: - no maximum value.
	//
	Max *float64 `field:"optional" json:"max" yaml:"max"`
	// Minimum value of this attribute.
	// Default: - no minimum value.
	//
	Min *float64 `field:"optional" json:"min" yaml:"min"`
	// Specifies whether the value of the attribute can be changed.
	//
	// For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
	// Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
	// If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
	// Default: false.
	//
	Mutable *bool `field:"optional" json:"mutable" yaml:"mutable"`
}

Props for NumberAttr.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

type OAuthFlows 

type OAuthFlows struct {
	// Initiate an authorization code grant flow, which provides an authorization code as the response.
	// Default: false.
	//
	AuthorizationCodeGrant *bool `field:"optional" json:"authorizationCodeGrant" yaml:"authorizationCodeGrant"`
	// Client should get the access token and ID token from the token endpoint using a combination of client and client_secret.
	// Default: false.
	//
	ClientCredentials *bool `field:"optional" json:"clientCredentials" yaml:"clientCredentials"`
	// The client should get the access token and ID token directly.
	// Default: false.
	//
	ImplicitCodeGrant *bool `field:"optional" json:"implicitCodeGrant" yaml:"implicitCodeGrant"`
}

Types of OAuth grant flows.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
})
client := userpool.addClient(jsii.String("Client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			ImplicitCodeGrant: jsii.Boolean(true),
		},
		CallbackUrls: []*string{
			jsii.String("https://myapp.com/home"),
			jsii.String("https://myapp.com/users"),
		},
	},
})
domain := userpool.addDomain(jsii.String("Domain"), &UserPoolDomainOptions{
})
signInUrl := domain.SignInUrl(client, &SignInUrlOptions{
	RedirectUri: jsii.String("https://myapp.com/home"),
})

See: - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

type OAuthScope 

type OAuthScope interface {
	// The name of this scope as recognized by CloudFormation.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
	//
	ScopeName() *string
}

OAuth scopes that are allowed with this client.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

func OAuthScope_COGNITO_ADMIN 

func OAuthScope_COGNITO_ADMIN() OAuthScope

func OAuthScope_Custom 

func OAuthScope_Custom(name *string) OAuthScope

Custom scope is one that you define for your own resource server in the Resource Servers.

The format is 'resource-server-identifier/scope'. See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html

func OAuthScope_EMAIL 

func OAuthScope_EMAIL() OAuthScope

func OAuthScope_OPENID 

func OAuthScope_OPENID() OAuthScope

func OAuthScope_PHONE 

func OAuthScope_PHONE() OAuthScope

func OAuthScope_PROFILE 

func OAuthScope_PROFILE() OAuthScope

func OAuthScope_ResourceServer 

func OAuthScope_ResourceServer(server IUserPoolResourceServer, scope ResourceServerScope) OAuthScope

Adds a custom scope that's tied to a resource server in your stack.

type OAuthSettings 

type OAuthSettings struct {
	// List of allowed redirect URLs for the identity providers.
	// Default: - ['https://example.com'] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.
	//
	CallbackUrls *[]*string `field:"optional" json:"callbackUrls" yaml:"callbackUrls"`
	// OAuth flows that are allowed with this client.
	// See:  - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
	//
	// Default: {authorizationCodeGrant:true,implicitCodeGrant:true}.
	//
	Flows *OAuthFlows `field:"optional" json:"flows" yaml:"flows"`
	// List of allowed logout URLs for the identity providers.
	// Default: - no logout URLs.
	//
	LogoutUrls *[]*string `field:"optional" json:"logoutUrls" yaml:"logoutUrls"`
	// OAuth scopes that are allowed with this client.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
	//
	// Default: [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
	//
	Scopes *[]OAuthScope `field:"optional" json:"scopes" yaml:"scopes"`
}

OAuth settings to configure the interaction between the app and this client.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

type OidcAttributeRequestMethod added in v2.27.0 

type OidcAttributeRequestMethod string

The method to use to request attributes. 

const (
	// GET.
	OidcAttributeRequestMethod_GET OidcAttributeRequestMethod = "GET"
	// POST.
	OidcAttributeRequestMethod_POST OidcAttributeRequestMethod = "POST"
)

type OidcEndpoints added in v2.27.0 

type OidcEndpoints struct {
	// Authorization endpoint.
	Authorization *string `field:"required" json:"authorization" yaml:"authorization"`
	// Jwks_uri endpoint.
	JwksUri *string `field:"required" json:"jwksUri" yaml:"jwksUri"`
	// Token endpoint.
	Token *string `field:"required" json:"token" yaml:"token"`
	// UserInfo endpoint.
	UserInfo *string `field:"required" json:"userInfo" yaml:"userInfo"`
}

OpenID Connect endpoints.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

oidcEndpoints := &OidcEndpoints{
	Authorization: jsii.String("authorization"),
	JwksUri: jsii.String("jwksUri"),
	Token: jsii.String("token"),
	UserInfo: jsii.String("userInfo"),
}

type PasswordPolicy 

type PasswordPolicy struct {
	// Minimum length required for a user's password.
	// Default: 8.
	//
	MinLength *float64 `field:"optional" json:"minLength" yaml:"minLength"`
	// Whether the user is required to have digits in their password.
	// Default: true.
	//
	RequireDigits *bool `field:"optional" json:"requireDigits" yaml:"requireDigits"`
	// Whether the user is required to have lowercase characters in their password.
	// Default: true.
	//
	RequireLowercase *bool `field:"optional" json:"requireLowercase" yaml:"requireLowercase"`
	// Whether the user is required to have symbols in their password.
	// Default: true.
	//
	RequireSymbols *bool `field:"optional" json:"requireSymbols" yaml:"requireSymbols"`
	// Whether the user is required to have uppercase characters in their password.
	// Default: true.
	//
	RequireUppercase *bool `field:"optional" json:"requireUppercase" yaml:"requireUppercase"`
	// The length of time the temporary password generated by an admin is valid.
	//
	// This must be provided as whole days, like Duration.days(3) or Duration.hours(48).
	// Fractional days, such as Duration.hours(20), will generate an error.
	// Default: Duration.days(7)
	//
	TempPasswordValidity awscdk.Duration `field:"optional" json:"tempPasswordValidity" yaml:"tempPasswordValidity"`
}

Password policy for User Pools.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	PasswordPolicy: &PasswordPolicy{
		MinLength: jsii.Number(12),
		RequireLowercase: jsii.Boolean(true),
		RequireUppercase: jsii.Boolean(true),
		RequireDigits: jsii.Boolean(true),
		RequireSymbols: jsii.Boolean(true),
		TempPasswordValidity: awscdk.Duration_Days(jsii.Number(3)),
	},
})

type ProviderAttribute 

type ProviderAttribute interface {
	// The attribute value string as recognized by the provider.
	AttributeName() *string
}

An attribute available from a third party identity provider.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
	UserPool: userpool,
	AttributeMapping: &AttributeMapping{
		Email: cognito.ProviderAttribute_AMAZON_EMAIL(),
		Website: cognito.ProviderAttribute_Other(jsii.String("url")),
		 // use other() when an attribute is not pre-defined in the CDK
		Custom: map[string]providerAttribute{
			// custom user pool attributes go here
			"uniqueId": cognito.*providerAttribute_AMAZON_USER_ID(),
		},
	},
})

func ProviderAttribute_AMAZON_EMAIL 

func ProviderAttribute_AMAZON_EMAIL() ProviderAttribute

func ProviderAttribute_AMAZON_NAME 

func ProviderAttribute_AMAZON_NAME() ProviderAttribute

func ProviderAttribute_AMAZON_POSTAL_CODE 

func ProviderAttribute_AMAZON_POSTAL_CODE() ProviderAttribute

func ProviderAttribute_AMAZON_USER_ID 

func ProviderAttribute_AMAZON_USER_ID() ProviderAttribute

func ProviderAttribute_APPLE_EMAIL 

func ProviderAttribute_APPLE_EMAIL() ProviderAttribute

func ProviderAttribute_APPLE_FIRST_NAME 

func ProviderAttribute_APPLE_FIRST_NAME() ProviderAttribute

func ProviderAttribute_APPLE_LAST_NAME 

func ProviderAttribute_APPLE_LAST_NAME() ProviderAttribute

func ProviderAttribute_APPLE_NAME 

func ProviderAttribute_APPLE_NAME() ProviderAttribute

func ProviderAttribute_FACEBOOK_BIRTHDAY 

func ProviderAttribute_FACEBOOK_BIRTHDAY() ProviderAttribute

func ProviderAttribute_FACEBOOK_EMAIL 

func ProviderAttribute_FACEBOOK_EMAIL() ProviderAttribute

func ProviderAttribute_FACEBOOK_FIRST_NAME 

func ProviderAttribute_FACEBOOK_FIRST_NAME() ProviderAttribute

func ProviderAttribute_FACEBOOK_GENDER 

func ProviderAttribute_FACEBOOK_GENDER() ProviderAttribute

func ProviderAttribute_FACEBOOK_ID 

func ProviderAttribute_FACEBOOK_ID() ProviderAttribute

func ProviderAttribute_FACEBOOK_LAST_NAME 

func ProviderAttribute_FACEBOOK_LAST_NAME() ProviderAttribute

func ProviderAttribute_FACEBOOK_LOCALE 

func ProviderAttribute_FACEBOOK_LOCALE() ProviderAttribute

func ProviderAttribute_FACEBOOK_MIDDLE_NAME 

func ProviderAttribute_FACEBOOK_MIDDLE_NAME() ProviderAttribute

func ProviderAttribute_FACEBOOK_NAME 

func ProviderAttribute_FACEBOOK_NAME() ProviderAttribute

func ProviderAttribute_GOOGLE_BIRTHDAYS 

func ProviderAttribute_GOOGLE_BIRTHDAYS() ProviderAttribute

func ProviderAttribute_GOOGLE_EMAIL 

func ProviderAttribute_GOOGLE_EMAIL() ProviderAttribute

func ProviderAttribute_GOOGLE_FAMILY_NAME 

func ProviderAttribute_GOOGLE_FAMILY_NAME() ProviderAttribute

func ProviderAttribute_GOOGLE_GENDER 

func ProviderAttribute_GOOGLE_GENDER() ProviderAttribute

func ProviderAttribute_GOOGLE_GIVEN_NAME 

func ProviderAttribute_GOOGLE_GIVEN_NAME() ProviderAttribute

func ProviderAttribute_GOOGLE_NAME 

func ProviderAttribute_GOOGLE_NAME() ProviderAttribute

func ProviderAttribute_GOOGLE_NAMES 

func ProviderAttribute_GOOGLE_NAMES() ProviderAttribute

func ProviderAttribute_GOOGLE_PHONE_NUMBERS 

func ProviderAttribute_GOOGLE_PHONE_NUMBERS() ProviderAttribute

func ProviderAttribute_GOOGLE_PICTURE 

func ProviderAttribute_GOOGLE_PICTURE() ProviderAttribute

func ProviderAttribute_Other 

func ProviderAttribute_Other(attributeName *string) ProviderAttribute

Use this to specify an attribute from the identity provider that is not pre-defined in the CDK.

type ResourceServerScope 

type ResourceServerScope interface {
	// A description of the scope.
	ScopeDescription() *string
	// The name of the scope.
	ScopeName() *string
}

A scope for ResourceServer.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

func NewResourceServerScope 

func NewResourceServerScope(props *ResourceServerScopeProps) ResourceServerScope

type ResourceServerScopeProps 

type ResourceServerScopeProps struct {
	// A description of the scope.
	ScopeDescription *string `field:"required" json:"scopeDescription" yaml:"scopeDescription"`
	// The name of the scope.
	ScopeName *string `field:"required" json:"scopeName" yaml:"scopeName"`
}

Props to initialize ResourceServerScope.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

type SignInAliases 

type SignInAliases struct {
	// Whether a user is allowed to sign up or sign in with an email address.
	// Default: false.
	//
	Email *bool `field:"optional" json:"email" yaml:"email"`
	// Whether a user is allowed to sign up or sign in with a phone number.
	// Default: false.
	//
	Phone *bool `field:"optional" json:"phone" yaml:"phone"`
	// Whether a user is allowed to sign in with a secondary username, that can be set and modified after sign up.
	//
	// Can only be used in conjunction with `USERNAME`.
	// Default: false.
	//
	PreferredUsername *bool `field:"optional" json:"preferredUsername" yaml:"preferredUsername"`
	// Whether user is allowed to sign up or sign in with a username.
	// Default: true.
	//
	Username *bool `field:"optional" json:"username" yaml:"username"`
}

The different ways in which users of this pool can sign up or sign in.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	// ...
	SignInAliases: &SignInAliases{
		Username: jsii.Boolean(true),
		Email: jsii.Boolean(true),
	},
	AutoVerify: &AutoVerifiedAttrs{
		Email: jsii.Boolean(true),
		Phone: jsii.Boolean(true),
	},
})

type SignInUrlOptions 

type SignInUrlOptions struct {
	// Whether to return the FIPS-compliant endpoint.
	// Default: return the standard URL.
	//
	Fips *bool `field:"optional" json:"fips" yaml:"fips"`
	// Where to redirect to after sign in.
	RedirectUri *string `field:"required" json:"redirectUri" yaml:"redirectUri"`
	// The path in the URI where the sign-in page is located.
	// Default: '/login'.
	//
	SignInPath *string `field:"optional" json:"signInPath" yaml:"signInPath"`
}

Options to customize the behaviour of `signInUrl()`.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
})
client := userpool.addClient(jsii.String("Client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			ImplicitCodeGrant: jsii.Boolean(true),
		},
		CallbackUrls: []*string{
			jsii.String("https://myapp.com/home"),
			jsii.String("https://myapp.com/users"),
		},
	},
})
domain := userpool.addDomain(jsii.String("Domain"), &UserPoolDomainOptions{
})
signInUrl := domain.SignInUrl(client, &SignInUrlOptions{
	RedirectUri: jsii.String("https://myapp.com/home"),
})

type SigningAlgorithm added in v2.138.0 

type SigningAlgorithm string

Signing algorithms for SAML requests.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

// specify the metadata as a file content
// specify the metadata as a file content
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolIdpFile"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_File(jsii.String("my-file-contents")),
	// Whether to require encrypted SAML assertions from IdP
	EncryptedResponses: jsii.Boolean(true),
	// The signing algorithm for the SAML requests
	RequestSigningAlgorithm: cognito.SigningAlgorithm_RSA_SHA256,
	// Enable IdP initiated SAML auth flow
	IdpInitiated: jsii.Boolean(true),
})

// specify the metadata as a URL
// specify the metadata as a URL
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolidpUrl"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_Url(jsii.String("https://my-metadata-url.com")),
})

const (
	// RSA with SHA-256.
	SigningAlgorithm_RSA_SHA256 SigningAlgorithm = "RSA_SHA256"
)

type StandardAttribute 

type StandardAttribute struct {
	// Specifies whether the value of the attribute can be changed.
	//
	// For any user pool attribute that's mapped to an identity provider attribute, this must be set to `true`.
	// Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
	// If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
	// Default: true.
	//
	Mutable *bool `field:"optional" json:"mutable" yaml:"mutable"`
	// Specifies whether the attribute is required upon user registration.
	//
	// If the attribute is required and the user does not provide a value, registration or sign-in will fail.
	// Default: false.
	//
	Required *bool `field:"optional" json:"required" yaml:"required"`
}

Standard attribute that can be marked as required or mutable.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes

type StandardAttributes 

type StandardAttributes struct {
	// The user's postal address.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Address *StandardAttribute `field:"optional" json:"address" yaml:"address"`
	// The user's birthday, represented as an ISO 8601:2004 format.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Birthdate *StandardAttribute `field:"optional" json:"birthdate" yaml:"birthdate"`
	// The user's e-mail address, represented as an RFC 5322 [RFC5322] addr-spec.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Email *StandardAttribute `field:"optional" json:"email" yaml:"email"`
	// The surname or last name of the user.
	// Default: - see the defaults under `StandardAttribute`.
	//
	FamilyName *StandardAttribute `field:"optional" json:"familyName" yaml:"familyName"`
	// The user's full name in displayable form, including all name parts, titles and suffixes.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Fullname *StandardAttribute `field:"optional" json:"fullname" yaml:"fullname"`
	// The user's gender.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Gender *StandardAttribute `field:"optional" json:"gender" yaml:"gender"`
	// The user's first name or give name.
	// Default: - see the defaults under `StandardAttribute`.
	//
	GivenName *StandardAttribute `field:"optional" json:"givenName" yaml:"givenName"`
	// The time, the user's information was last updated.
	// Default: - see the defaults under `StandardAttribute`.
	//
	LastUpdateTime *StandardAttribute `field:"optional" json:"lastUpdateTime" yaml:"lastUpdateTime"`
	// The user's locale, represented as a BCP47 [RFC5646] language tag.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Locale *StandardAttribute `field:"optional" json:"locale" yaml:"locale"`
	// The user's middle name.
	// Default: - see the defaults under `StandardAttribute`.
	//
	MiddleName *StandardAttribute `field:"optional" json:"middleName" yaml:"middleName"`
	// The user's nickname or casual name.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Nickname *StandardAttribute `field:"optional" json:"nickname" yaml:"nickname"`
	// The user's telephone number.
	// Default: - see the defaults under `StandardAttribute`.
	//
	PhoneNumber *StandardAttribute `field:"optional" json:"phoneNumber" yaml:"phoneNumber"`
	// The user's preffered username, different from the immutable user name.
	// Default: - see the defaults under `StandardAttribute`.
	//
	PreferredUsername *StandardAttribute `field:"optional" json:"preferredUsername" yaml:"preferredUsername"`
	// The URL to the user's profile page.
	// Default: - see the defaults under `StandardAttribute`.
	//
	ProfilePage *StandardAttribute `field:"optional" json:"profilePage" yaml:"profilePage"`
	// The URL to the user's profile picture.
	// Default: - see the defaults under `StandardAttribute`.
	//
	ProfilePicture *StandardAttribute `field:"optional" json:"profilePicture" yaml:"profilePicture"`
	// The user's time zone.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Timezone *StandardAttribute `field:"optional" json:"timezone" yaml:"timezone"`
	// The URL to the user's web page or blog.
	// Default: - see the defaults under `StandardAttribute`.
	//
	Website *StandardAttribute `field:"optional" json:"website" yaml:"website"`
}

The set of standard attributes that can be marked as required or mutable.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes

type StandardAttributesMask 

type StandardAttributesMask struct {
	// The user's postal address.
	// Default: false.
	//
	Address *bool `field:"optional" json:"address" yaml:"address"`
	// The user's birthday, represented as an ISO 8601:2004 format.
	// Default: false.
	//
	Birthdate *bool `field:"optional" json:"birthdate" yaml:"birthdate"`
	// The user's e-mail address, represented as an RFC 5322 [RFC5322] addr-spec.
	// Default: false.
	//
	Email *bool `field:"optional" json:"email" yaml:"email"`
	// Whether the email address has been verified.
	// Default: false.
	//
	EmailVerified *bool `field:"optional" json:"emailVerified" yaml:"emailVerified"`
	// The surname or last name of the user.
	// Default: false.
	//
	FamilyName *bool `field:"optional" json:"familyName" yaml:"familyName"`
	// The user's full name in displayable form, including all name parts, titles and suffixes.
	// Default: false.
	//
	Fullname *bool `field:"optional" json:"fullname" yaml:"fullname"`
	// The user's gender.
	// Default: false.
	//
	Gender *bool `field:"optional" json:"gender" yaml:"gender"`
	// The user's first name or give name.
	// Default: false.
	//
	GivenName *bool `field:"optional" json:"givenName" yaml:"givenName"`
	// The time, the user's information was last updated.
	// Default: false.
	//
	LastUpdateTime *bool `field:"optional" json:"lastUpdateTime" yaml:"lastUpdateTime"`
	// The user's locale, represented as a BCP47 [RFC5646] language tag.
	// Default: false.
	//
	Locale *bool `field:"optional" json:"locale" yaml:"locale"`
	// The user's middle name.
	// Default: false.
	//
	MiddleName *bool `field:"optional" json:"middleName" yaml:"middleName"`
	// The user's nickname or casual name.
	// Default: false.
	//
	Nickname *bool `field:"optional" json:"nickname" yaml:"nickname"`
	// The user's telephone number.
	// Default: false.
	//
	PhoneNumber *bool `field:"optional" json:"phoneNumber" yaml:"phoneNumber"`
	// Whether the phone number has been verified.
	// Default: false.
	//
	PhoneNumberVerified *bool `field:"optional" json:"phoneNumberVerified" yaml:"phoneNumberVerified"`
	// The user's preffered username, different from the immutable user name.
	// Default: false.
	//
	PreferredUsername *bool `field:"optional" json:"preferredUsername" yaml:"preferredUsername"`
	// The URL to the user's profile page.
	// Default: false.
	//
	ProfilePage *bool `field:"optional" json:"profilePage" yaml:"profilePage"`
	// The URL to the user's profile picture.
	// Default: false.
	//
	ProfilePicture *bool `field:"optional" json:"profilePicture" yaml:"profilePicture"`
	// The user's time zone.
	// Default: false.
	//
	Timezone *bool `field:"optional" json:"timezone" yaml:"timezone"`
	// The URL to the user's web page or blog.
	// Default: false.
	//
	Website *bool `field:"optional" json:"website" yaml:"website"`
}

This interface contains standard attributes recognized by Cognito from https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html including built-in attributes `email_verified` and `phone_number_verified`.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

clientWriteAttributes := (cognito.NewClientAttributes()).WithStandardAttributes(&StandardAttributesMask{
	Fullname: jsii.Boolean(true),
	Email: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("favouritePizza"), jsii.String("favouriteBeverage"))

clientReadAttributes := clientWriteAttributes.WithStandardAttributes(&StandardAttributesMask{
	EmailVerified: jsii.Boolean(true),
}).WithCustomAttributes(jsii.String("pointsEarned"))

pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	ReadAttributes: clientReadAttributes,
	WriteAttributes: clientWriteAttributes,
})

type StringAttribute 

type StringAttribute interface {
	ICustomAttribute
	// Bind this custom attribute type to the values as expected by CloudFormation.
	Bind() *CustomAttributeConfig
}

The String custom attribute type.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

func NewStringAttribute 

func NewStringAttribute(props *StringAttributeProps) StringAttribute

type StringAttributeConstraints 

type StringAttributeConstraints struct {
	// Maximum length of this attribute.
	// Default: 2048.
	//
	MaxLen *float64 `field:"optional" json:"maxLen" yaml:"maxLen"`
	// Minimum length of this attribute.
	// Default: 0.
	//
	MinLen *float64 `field:"optional" json:"minLen" yaml:"minLen"`
}

Constraints that can be applied to a custom attribute of string type.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

stringAttributeConstraints := &StringAttributeConstraints{
	MaxLen: jsii.Number(123),
	MinLen: jsii.Number(123),
}

type StringAttributeProps 

type StringAttributeProps struct {
	// Maximum length of this attribute.
	// Default: 2048.
	//
	MaxLen *float64 `field:"optional" json:"maxLen" yaml:"maxLen"`
	// Minimum length of this attribute.
	// Default: 0.
	//
	MinLen *float64 `field:"optional" json:"minLen" yaml:"minLen"`
	// Specifies whether the value of the attribute can be changed.
	//
	// For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
	// Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
	// If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
	// Default: false.
	//
	Mutable *bool `field:"optional" json:"mutable" yaml:"mutable"`
}

Props for constructing a StringAttr.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	StandardAttributes: &StandardAttributes{
		Fullname: &StandardAttribute{
			Required: jsii.Boolean(true),
			Mutable: jsii.Boolean(false),
		},
		Address: &StandardAttribute{
			Required: jsii.Boolean(false),
			Mutable: jsii.Boolean(true),
		},
	},
	CustomAttributes: map[string]iCustomAttribute{
		"myappid": cognito.NewStringAttribute(&StringAttributeProps{
			"minLen": jsii.Number(5),
			"maxLen": jsii.Number(15),
			"mutable": jsii.Boolean(false),
		}),
		"callingcode": cognito.NewNumberAttribute(&NumberAttributeProps{
			"min": jsii.Number(1),
			"max": jsii.Number(3),
			"mutable": jsii.Boolean(true),
		}),
		"isEmployee": cognito.NewBooleanAttribute(&CustomAttributeProps{
			"mutable": jsii.Boolean(true),
		}),
		"joinedOn": cognito.NewDateTimeAttribute(),
	},
})

type UserInvitationConfig 

type UserInvitationConfig struct {
	// The template to the email body that is sent to the user when an administrator signs them up to the user pool.
	// Default: 'Your username is {username} and temporary password is {####}.'
	//
	EmailBody *string `field:"optional" json:"emailBody" yaml:"emailBody"`
	// The template to the email subject that is sent to the user when an administrator signs them up to the user pool.
	// Default: 'Your temporary password'.
	//
	EmailSubject *string `field:"optional" json:"emailSubject" yaml:"emailSubject"`
	// The template to the SMS message that is sent to the user when an administrator signs them up to the user pool.
	// Default: 'Your username is {username} and temporary password is {####}'.
	//
	SmsMessage *string `field:"optional" json:"smsMessage" yaml:"smsMessage"`
}

User pool configuration when administrators sign users up.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	UserInvitation: &UserInvitationConfig{
		EmailSubject: jsii.String("Invite to join our awesome app!"),
		EmailBody: jsii.String("Hello {username}, you have been invited to join our awesome app! Your temporary password is {####}"),
		SmsMessage: jsii.String("Hello {username}, your temporary password for our awesome app is {####}"),
	},
})

type UserPool 

type UserPool interface {
	awscdk.Resource
	IUserPool
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// Get all identity providers registered with this user pool.
	IdentityProviders() *[]IUserPoolIdentityProvider
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The ARN of the user pool.
	UserPoolArn() *string
	// The physical ID of this user pool resource.
	UserPoolId() *string
	// User pool provider name.
	UserPoolProviderName() *string
	// User pool provider URL.
	UserPoolProviderUrl() *string
	// Add a new app client to this user pool.
	AddClient(id *string, options *UserPoolClientOptions) UserPoolClient
	// Associate a domain to this user pool.
	AddDomain(id *string, options *UserPoolDomainOptions) UserPoolDomain
	// Add a new resource server to this user pool.
	AddResourceServer(id *string, options *UserPoolResourceServerOptions) UserPoolResourceServer
	// Add a lambda trigger to a user pool operation.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
	//
	AddTrigger(operation UserPoolOperation, fn awslambda.IFunction, lambdaVersion LambdaVersion)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Adds an IAM policy statement associated with this user pool to an IAM principal's policy.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Register an identity provider with this user pool.
	RegisterIdentityProvider(provider IUserPoolIdentityProvider)
	// Returns a string representation of this construct.
	ToString() *string
}

Define a Cognito User Pool.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			AuthorizationCodeGrant: jsii.Boolean(true),
		},
		Scopes: []oAuthScope{
			cognito.*oAuthScope_OPENID(),
		},
		CallbackUrls: []*string{
			jsii.String("https://my-app-domain.com/welcome"),
		},
		LogoutUrls: []*string{
			jsii.String("https://my-app-domain.com/signin"),
		},
	},
})

func NewUserPool 

func NewUserPool(scope constructs.Construct, id *string, props *UserPoolProps) UserPool

type UserPoolClient 

type UserPoolClient interface {
	awscdk.Resource
	IUserPoolClient
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// The OAuth flows enabled for this client.
	OAuthFlows() *OAuthFlows
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Name of the application client.
	UserPoolClientId() *string
	// The client name that was specified via the `userPoolClientName` property during initialization, throws an error otherwise.
	UserPoolClientName() *string
	// The generated client secret.
	//
	// Only available if the "generateSecret" props is set to true.
	UserPoolClientSecret() awscdk.SecretValue
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Define a UserPool App Client.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
provider := cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	UserPool: pool,
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
})

client := pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
	},
})

client.Node.AddDependency(provider)

func NewUserPoolClient 

func NewUserPoolClient(scope constructs.Construct, id *string, props *UserPoolClientProps) UserPoolClient

type UserPoolClientIdentityProvider 

type UserPoolClientIdentityProvider interface {
	// The name of the identity provider as recognized by CloudFormation property `SupportedIdentityProviders`.
	Name() *string
}

Identity providers supported by the UserPoolClient.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
		cognito.*userPoolClientIdentityProvider_COGNITO(),
	},
})

func UserPoolClientIdentityProvider_AMAZON 

func UserPoolClientIdentityProvider_AMAZON() UserPoolClientIdentityProvider

func UserPoolClientIdentityProvider_APPLE 

func UserPoolClientIdentityProvider_APPLE() UserPoolClientIdentityProvider

func UserPoolClientIdentityProvider_COGNITO 

func UserPoolClientIdentityProvider_COGNITO() UserPoolClientIdentityProvider

func UserPoolClientIdentityProvider_Custom 

func UserPoolClientIdentityProvider_Custom(name *string) UserPoolClientIdentityProvider

Specify a provider not yet supported by the CDK.

func UserPoolClientIdentityProvider_FACEBOOK 

func UserPoolClientIdentityProvider_FACEBOOK() UserPoolClientIdentityProvider

func UserPoolClientIdentityProvider_GOOGLE 

func UserPoolClientIdentityProvider_GOOGLE() UserPoolClientIdentityProvider

type UserPoolClientOptions 

type UserPoolClientOptions struct {
	// Validity of the access token.
	//
	// Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token
	//
	// Default: Duration.minutes(60)
	//
	AccessTokenValidity awscdk.Duration `field:"optional" json:"accessTokenValidity" yaml:"accessTokenValidity"`
	// The set of OAuth authentication flows to enable on the client.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
	//
	// Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
	//
	AuthFlows *AuthFlow `field:"optional" json:"authFlows" yaml:"authFlows"`
	// Cognito creates a session token for each API request in an authentication flow.
	//
	// AuthSessionValidity is the duration, in minutes, of that session token.
	// see defaults in `AuthSessionValidity`. Valid duration is from 3 to 15 minutes.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity
	//
	// Default: - Duration.minutes(3)
	//
	AuthSessionValidity awscdk.Duration `field:"optional" json:"authSessionValidity" yaml:"authSessionValidity"`
	// Turns off all OAuth interactions for this client.
	// Default: false.
	//
	DisableOAuth *bool `field:"optional" json:"disableOAuth" yaml:"disableOAuth"`
	// Enable token revocation for this client.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation
	//
	// Default: true for new user pool clients.
	//
	EnableTokenRevocation *bool `field:"optional" json:"enableTokenRevocation" yaml:"enableTokenRevocation"`
	// Whether to generate a client secret.
	// Default: false.
	//
	GenerateSecret *bool `field:"optional" json:"generateSecret" yaml:"generateSecret"`
	// Validity of the ID token.
	//
	// Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token
	//
	// Default: Duration.minutes(60)
	//
	IdTokenValidity awscdk.Duration `field:"optional" json:"idTokenValidity" yaml:"idTokenValidity"`
	// OAuth settings for this client to interact with the app.
	//
	// An error is thrown when this is specified and `disableOAuth` is set.
	// Default: - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.
	//
	OAuth *OAuthSettings `field:"optional" json:"oAuth" yaml:"oAuth"`
	// Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
	//
	// Default: false.
	//
	PreventUserExistenceErrors *bool `field:"optional" json:"preventUserExistenceErrors" yaml:"preventUserExistenceErrors"`
	// The set of attributes this client will be able to read.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
	//
	// Default: - all standard and custom attributes.
	//
	ReadAttributes ClientAttributes `field:"optional" json:"readAttributes" yaml:"readAttributes"`
	// Validity of the refresh token.
	//
	// Values between 60 minutes and 10 years are valid.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token
	//
	// Default: Duration.days(30)
	//
	RefreshTokenValidity awscdk.Duration `field:"optional" json:"refreshTokenValidity" yaml:"refreshTokenValidity"`
	// The list of identity providers that users should be able to use to sign in using this client.
	// Default: - supports all identity providers that are registered with the user pool. If the user pool and/or
	// identity providers are imported, either specify this option explicitly or ensure that the identity providers are
	// registered with the user pool using the `UserPool.registerIdentityProvider()` API.
	//
	SupportedIdentityProviders *[]UserPoolClientIdentityProvider `field:"optional" json:"supportedIdentityProviders" yaml:"supportedIdentityProviders"`
	// Name of the application client.
	// Default: - cloudformation generated name.
	//
	UserPoolClientName *string `field:"optional" json:"userPoolClientName" yaml:"userPoolClientName"`
	// The set of attributes this client will be able to write.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
	//
	// Default: - all standard and custom attributes.
	//
	WriteAttributes ClientAttributes `field:"optional" json:"writeAttributes" yaml:"writeAttributes"`
}

Options to create a UserPoolClient.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			AuthorizationCodeGrant: jsii.Boolean(true),
		},
		Scopes: []oAuthScope{
			cognito.*oAuthScope_OPENID(),
		},
		CallbackUrls: []*string{
			jsii.String("https://my-app-domain.com/welcome"),
		},
		LogoutUrls: []*string{
			jsii.String("https://my-app-domain.com/signin"),
		},
	},
})

type UserPoolClientProps 

type UserPoolClientProps struct {
	// Validity of the access token.
	//
	// Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token
	//
	// Default: Duration.minutes(60)
	//
	AccessTokenValidity awscdk.Duration `field:"optional" json:"accessTokenValidity" yaml:"accessTokenValidity"`
	// The set of OAuth authentication flows to enable on the client.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
	//
	// Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
	//
	AuthFlows *AuthFlow `field:"optional" json:"authFlows" yaml:"authFlows"`
	// Cognito creates a session token for each API request in an authentication flow.
	//
	// AuthSessionValidity is the duration, in minutes, of that session token.
	// see defaults in `AuthSessionValidity`. Valid duration is from 3 to 15 minutes.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity
	//
	// Default: - Duration.minutes(3)
	//
	AuthSessionValidity awscdk.Duration `field:"optional" json:"authSessionValidity" yaml:"authSessionValidity"`
	// Turns off all OAuth interactions for this client.
	// Default: false.
	//
	DisableOAuth *bool `field:"optional" json:"disableOAuth" yaml:"disableOAuth"`
	// Enable token revocation for this client.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation
	//
	// Default: true for new user pool clients.
	//
	EnableTokenRevocation *bool `field:"optional" json:"enableTokenRevocation" yaml:"enableTokenRevocation"`
	// Whether to generate a client secret.
	// Default: false.
	//
	GenerateSecret *bool `field:"optional" json:"generateSecret" yaml:"generateSecret"`
	// Validity of the ID token.
	//
	// Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token
	//
	// Default: Duration.minutes(60)
	//
	IdTokenValidity awscdk.Duration `field:"optional" json:"idTokenValidity" yaml:"idTokenValidity"`
	// OAuth settings for this client to interact with the app.
	//
	// An error is thrown when this is specified and `disableOAuth` is set.
	// Default: - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.
	//
	OAuth *OAuthSettings `field:"optional" json:"oAuth" yaml:"oAuth"`
	// Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
	//
	// Default: false.
	//
	PreventUserExistenceErrors *bool `field:"optional" json:"preventUserExistenceErrors" yaml:"preventUserExistenceErrors"`
	// The set of attributes this client will be able to read.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
	//
	// Default: - all standard and custom attributes.
	//
	ReadAttributes ClientAttributes `field:"optional" json:"readAttributes" yaml:"readAttributes"`
	// Validity of the refresh token.
	//
	// Values between 60 minutes and 10 years are valid.
	// See: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token
	//
	// Default: Duration.days(30)
	//
	RefreshTokenValidity awscdk.Duration `field:"optional" json:"refreshTokenValidity" yaml:"refreshTokenValidity"`
	// The list of identity providers that users should be able to use to sign in using this client.
	// Default: - supports all identity providers that are registered with the user pool. If the user pool and/or
	// identity providers are imported, either specify this option explicitly or ensure that the identity providers are
	// registered with the user pool using the `UserPool.registerIdentityProvider()` API.
	//
	SupportedIdentityProviders *[]UserPoolClientIdentityProvider `field:"optional" json:"supportedIdentityProviders" yaml:"supportedIdentityProviders"`
	// Name of the application client.
	// Default: - cloudformation generated name.
	//
	UserPoolClientName *string `field:"optional" json:"userPoolClientName" yaml:"userPoolClientName"`
	// The set of attributes this client will be able to write.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
	//
	// Default: - all standard and custom attributes.
	//
	WriteAttributes ClientAttributes `field:"optional" json:"writeAttributes" yaml:"writeAttributes"`
	// The UserPool resource this client will have access to.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
}

Properties for the UserPoolClient construct.

Example: 

var importedPool userPool

userPoolClient := cognito.NewUserPoolClient(this, jsii.String("UserPoolClient"), &UserPoolClientProps{
	UserPool: importedPool,
	GenerateSecret: jsii.Boolean(true),
})

// Allows you to pass the generated secret to other pieces of infrastructure
secret := userPoolClient.userPoolClientSecret

type UserPoolDomain 

type UserPoolDomain interface {
	awscdk.Resource
	IUserPoolDomain
	// The domain name of the CloudFront distribution associated with the user pool domain.
	CloudFrontDomainName() *string
	// The domain that was specified to be created.
	//
	// If `customDomain` was selected, this holds the full domain name that was specified.
	// If the `cognitoDomain` was used, it contains the prefix to the Cognito hosted domain.
	DomainName() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// The URL to the hosted UI associated with this domain.
	BaseUrl(options *BaseUrlOptions) *string
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// The URL to the sign in page in this domain using a specific UserPoolClient.
	SignInUrl(client UserPoolClient, options *SignInUrlOptions) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Define a user pool domain.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("UserPool"), &UserPoolProps{
})
client := userpool.addClient(jsii.String("Client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			ImplicitCodeGrant: jsii.Boolean(true),
		},
		CallbackUrls: []*string{
			jsii.String("https://myapp.com/home"),
			jsii.String("https://myapp.com/users"),
		},
	},
})
domain := userpool.addDomain(jsii.String("Domain"), &UserPoolDomainOptions{
})
signInUrl := domain.SignInUrl(client, &SignInUrlOptions{
	RedirectUri: jsii.String("https://myapp.com/home"),
})

func NewUserPoolDomain 

func NewUserPoolDomain(scope constructs.Construct, id *string, props *UserPoolDomainProps) UserPoolDomain

type UserPoolDomainOptions 

type UserPoolDomainOptions struct {
	// Associate a cognito prefix domain with your user pool Either `customDomain` or `cognitoDomain` must be specified.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html
	//
	// Default: - not set if `customDomain` is specified, otherwise, throws an error.
	//
	CognitoDomain *CognitoDomainOptions `field:"optional" json:"cognitoDomain" yaml:"cognitoDomain"`
	// Associate a custom domain with your user pool Either `customDomain` or `cognitoDomain` must be specified.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
	//
	// Default: - not set if `cognitoDomain` is specified, otherwise, throws an error.
	//
	CustomDomain *CustomDomainOptions `field:"optional" json:"customDomain" yaml:"customDomain"`
}

Options to create a UserPoolDomain.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

pool.addDomain(jsii.String("CognitoDomain"), &UserPoolDomainOptions{
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("my-awesome-app"),
	},
})

certificateArn := "arn:aws:acm:us-east-1:123456789012:certificate/11-3336f1-44483d-adc7-9cd375c5169d"

domainCert := certificatemanager.Certificate_FromCertificateArn(this, jsii.String("domainCert"), certificateArn)
pool.addDomain(jsii.String("CustomDomain"), &UserPoolDomainOptions{
	CustomDomain: &CustomDomainOptions{
		DomainName: jsii.String("user.myapp.com"),
		Certificate: domainCert,
	},
})

type UserPoolDomainProps 

type UserPoolDomainProps struct {
	// Associate a cognito prefix domain with your user pool Either `customDomain` or `cognitoDomain` must be specified.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html
	//
	// Default: - not set if `customDomain` is specified, otherwise, throws an error.
	//
	CognitoDomain *CognitoDomainOptions `field:"optional" json:"cognitoDomain" yaml:"cognitoDomain"`
	// Associate a custom domain with your user pool Either `customDomain` or `cognitoDomain` must be specified.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
	//
	// Default: - not set if `cognitoDomain` is specified, otherwise, throws an error.
	//
	CustomDomain *CustomDomainOptions `field:"optional" json:"customDomain" yaml:"customDomain"`
	// The user pool to which this domain should be associated.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
}

Props for UserPoolDomain construct.

Example: 

import "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc
var certificate certificate

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

userPool := awscdk.Aws_cognito.NewUserPool(this, jsii.String("UserPool"))
userPoolClient := awscdk.Aws_cognito.NewUserPoolClient(this, jsii.String("Client"), &UserPoolClientProps{
	UserPool: UserPool,

	// Required minimal configuration for use with an ELB
	GenerateSecret: jsii.Boolean(true),
	AuthFlows: &AuthFlow{
		UserPassword: jsii.Boolean(true),
	},
	OAuth: &OAuthSettings{
		Flows: &OAuthFlows{
			AuthorizationCodeGrant: jsii.Boolean(true),
		},
		Scopes: []oAuthScope{
			awscdk.*Aws_cognito.*oAuthScope_EMAIL(),
		},
		CallbackUrls: []*string{
			fmt.Sprintf("https://%v/oauth2/idpresponse", lb.LoadBalancerDnsName),
		},
	},
})
cfnClient := userPoolClient.Node.defaultChild.(cfnUserPoolClient)
cfnClient.AddPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
cfnClient.AddPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
	jsii.String("COGNITO"),
})

userPoolDomain := awscdk.Aws_cognito.NewUserPoolDomain(this, jsii.String("Domain"), &UserPoolDomainProps{
	UserPool: UserPool,
	CognitoDomain: &CognitoDomainOptions{
		DomainPrefix: jsii.String("test-cdk-prefix"),
	},
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Certificates: []iListenerCertificate{
		certificate,
	},
	DefaultAction: actions.NewAuthenticateCognitoAction(&AuthenticateCognitoActionProps{
		UserPool: *UserPool,
		UserPoolClient: *UserPoolClient,
		UserPoolDomain: *UserPoolDomain,
		Next: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
			ContentType: jsii.String("text/plain"),
			MessageBody: jsii.String("Authenticated"),
		}),
	}),
})

awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{
	Value: lb.*LoadBalancerDnsName,
})

type UserPoolEmail 

type UserPoolEmail interface {
}

Configure how Cognito sends emails.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("Awesome App"),
		ReplyTo: jsii.String("support@myawesomeapp.com"),
	}),
})

func UserPoolEmail_WithCognito 

func UserPoolEmail_WithCognito(replyTo *string) UserPoolEmail

Send email using Cognito.

func UserPoolEmail_WithSES 

func UserPoolEmail_WithSES(options *UserPoolSESOptions) UserPoolEmail

Send email using SES.

type UserPoolIdentityProvider 

type UserPoolIdentityProvider interface {
}

User pool third-party identity providers.

type UserPoolIdentityProviderAmazon 

type UserPoolIdentityProviderAmazon interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with Login with Amazon.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
provider := cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	UserPool: pool,
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
})

client := pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
	},
})

client.Node.AddDependency(provider)

func NewUserPoolIdentityProviderAmazon 

func NewUserPoolIdentityProviderAmazon(scope constructs.Construct, id *string, props *UserPoolIdentityProviderAmazonProps) UserPoolIdentityProviderAmazon

type UserPoolIdentityProviderAmazonProps 

type UserPoolIdentityProviderAmazonProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The client id recognized by Login with Amazon APIs.
	// See: https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The client secret to be accompanied with clientId for Login with Amazon APIs to authenticate the client.
	// See: https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier
	//
	ClientSecret *string `field:"required" json:"clientSecret" yaml:"clientSecret"`
	// The types of user profile data to obtain for the Amazon profile.
	// See: https://developer.amazon.com/docs/login-with-amazon/customer-profile.html
	//
	// Default: [ profile ].
	//
	Scopes *[]*string `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties to initialize UserPoolAmazonIdentityProvider.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))
provider := cognito.NewUserPoolIdentityProviderAmazon(this, jsii.String("Amazon"), &UserPoolIdentityProviderAmazonProps{
	UserPool: pool,
	ClientId: jsii.String("amzn-client-id"),
	ClientSecret: jsii.String("amzn-client-secret"),
})

client := pool.addClient(jsii.String("app-client"), &UserPoolClientOptions{
	// ...
	SupportedIdentityProviders: []userPoolClientIdentityProvider{
		cognito.*userPoolClientIdentityProvider_AMAZON(),
	},
})

client.Node.AddDependency(provider)

type UserPoolIdentityProviderApple 

type UserPoolIdentityProviderApple interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with Apple.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderApple := awscdk.Aws_cognito.NewUserPoolIdentityProviderApple(this, jsii.String("MyUserPoolIdentityProviderApple"), &UserPoolIdentityProviderAppleProps{
	ClientId: jsii.String("clientId"),
	KeyId: jsii.String("keyId"),
	PrivateKey: jsii.String("privateKey"),
	TeamId: jsii.String("teamId"),
	UserPool: userPool,

	// the properties below are optional
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	Scopes: []*string{
		jsii.String("scopes"),
	},
})

func NewUserPoolIdentityProviderApple 

func NewUserPoolIdentityProviderApple(scope constructs.Construct, id *string, props *UserPoolIdentityProviderAppleProps) UserPoolIdentityProviderApple

type UserPoolIdentityProviderAppleProps 

type UserPoolIdentityProviderAppleProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The client id recognized by Apple APIs.
	// See: https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230948-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The keyId (of the same key, which content has to be later supplied as `privateKey`) for Apple APIs to authenticate the client.
	KeyId *string `field:"required" json:"keyId" yaml:"keyId"`
	// The privateKey content for Apple APIs to authenticate the client.
	PrivateKey *string `field:"required" json:"privateKey" yaml:"privateKey"`
	// The teamId for Apple APIs to authenticate the client.
	TeamId *string `field:"required" json:"teamId" yaml:"teamId"`
	// The list of apple permissions to obtain for getting access to the apple profile.
	// See: https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope
	//
	// Default: [ name ].
	//
	Scopes *[]*string `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties to initialize UserPoolAppleIdentityProvider.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderAppleProps := &UserPoolIdentityProviderAppleProps{
	ClientId: jsii.String("clientId"),
	KeyId: jsii.String("keyId"),
	PrivateKey: jsii.String("privateKey"),
	TeamId: jsii.String("teamId"),
	UserPool: userPool,

	// the properties below are optional
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	Scopes: []*string{
		jsii.String("scopes"),
	},
}

type UserPoolIdentityProviderFacebook 

type UserPoolIdentityProviderFacebook interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with Facebook Login.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderFacebook := awscdk.Aws_cognito.NewUserPoolIdentityProviderFacebook(this, jsii.String("MyUserPoolIdentityProviderFacebook"), &UserPoolIdentityProviderFacebookProps{
	ClientId: jsii.String("clientId"),
	ClientSecret: jsii.String("clientSecret"),
	UserPool: userPool,

	// the properties below are optional
	ApiVersion: jsii.String("apiVersion"),
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	Scopes: []*string{
		jsii.String("scopes"),
	},
})

func NewUserPoolIdentityProviderFacebook 

func NewUserPoolIdentityProviderFacebook(scope constructs.Construct, id *string, props *UserPoolIdentityProviderFacebookProps) UserPoolIdentityProviderFacebook

type UserPoolIdentityProviderFacebookProps 

type UserPoolIdentityProviderFacebookProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The client id recognized by Facebook APIs.
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The client secret to be accompanied with clientId for Facebook to authenticate the client.
	// See: https://developers.facebook.com/docs/facebook-login/security#appsecret
	//
	ClientSecret *string `field:"required" json:"clientSecret" yaml:"clientSecret"`
	// The Facebook API version to use.
	// Default: - to the oldest version supported by Facebook.
	//
	ApiVersion *string `field:"optional" json:"apiVersion" yaml:"apiVersion"`
	// The list of Facebook permissions to obtain for getting access to the Facebook profile.
	// See: https://developers.facebook.com/docs/facebook-login/permissions
	//
	// Default: [ public_profile ].
	//
	Scopes *[]*string `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties to initialize UserPoolFacebookIdentityProvider.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderFacebookProps := &UserPoolIdentityProviderFacebookProps{
	ClientId: jsii.String("clientId"),
	ClientSecret: jsii.String("clientSecret"),
	UserPool: userPool,

	// the properties below are optional
	ApiVersion: jsii.String("apiVersion"),
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	Scopes: []*string{
		jsii.String("scopes"),
	},
}

type UserPoolIdentityProviderGoogle 

type UserPoolIdentityProviderGoogle interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with Google.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))
secret := secretsmanager.Secret_FromSecretAttributes(this, jsii.String("CognitoClientSecret"), &SecretAttributes{
	SecretCompleteArn: jsii.String("arn:aws:secretsmanager:xxx:xxx:secret:xxx-xxx"),
}).SecretValue

provider := cognito.NewUserPoolIdentityProviderGoogle(this, jsii.String("Google"), &UserPoolIdentityProviderGoogleProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecretValue: secret,
	UserPool: userpool,
})

func NewUserPoolIdentityProviderGoogle 

func NewUserPoolIdentityProviderGoogle(scope constructs.Construct, id *string, props *UserPoolIdentityProviderGoogleProps) UserPoolIdentityProviderGoogle

type UserPoolIdentityProviderGoogleProps 

type UserPoolIdentityProviderGoogleProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The client id recognized by Google APIs.
	// See: https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The client secret to be accompanied with clientId for Google APIs to authenticate the client.
	// See: https://developers.google.com/identity/sign-in/web/sign-in
	//
	// Default: none.
	//
	// Deprecated: use clientSecretValue instead.
	ClientSecret *string `field:"optional" json:"clientSecret" yaml:"clientSecret"`
	// The client secret to be accompanied with clientId for Google APIs to authenticate the client as SecretValue.
	// See: https://developers.google.com/identity/sign-in/web/sign-in
	//
	// Default: none.
	//
	ClientSecretValue awscdk.SecretValue `field:"optional" json:"clientSecretValue" yaml:"clientSecretValue"`
	// The list of Google permissions to obtain for getting access to the Google profile.
	// See: https://developers.google.com/identity/sign-in/web/sign-in
	//
	// Default: [ profile ].
	//
	Scopes *[]*string `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties to initialize UserPoolGoogleIdentityProvider.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))
secret := secretsmanager.Secret_FromSecretAttributes(this, jsii.String("CognitoClientSecret"), &SecretAttributes{
	SecretCompleteArn: jsii.String("arn:aws:secretsmanager:xxx:xxx:secret:xxx-xxx"),
}).SecretValue

provider := cognito.NewUserPoolIdentityProviderGoogle(this, jsii.String("Google"), &UserPoolIdentityProviderGoogleProps{
	ClientId: jsii.String("amzn-client-id"),
	ClientSecretValue: secret,
	UserPool: userpool,
})

type UserPoolIdentityProviderOidc added in v2.27.0 

type UserPoolIdentityProviderOidc interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with OpenID Connect.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderOidc := awscdk.Aws_cognito.NewUserPoolIdentityProviderOidc(this, jsii.String("MyUserPoolIdentityProviderOidc"), &UserPoolIdentityProviderOidcProps{
	ClientId: jsii.String("clientId"),
	ClientSecret: jsii.String("clientSecret"),
	IssuerUrl: jsii.String("issuerUrl"),
	UserPool: userPool,

	// the properties below are optional
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	AttributeRequestMethod: awscdk.*Aws_cognito.OidcAttributeRequestMethod_GET,
	Endpoints: &OidcEndpoints{
		Authorization: jsii.String("authorization"),
		JwksUri: jsii.String("jwksUri"),
		Token: jsii.String("token"),
		UserInfo: jsii.String("userInfo"),
	},
	Identifiers: []*string{
		jsii.String("identifiers"),
	},
	Name: jsii.String("name"),
	Scopes: []*string{
		jsii.String("scopes"),
	},
})

func NewUserPoolIdentityProviderOidc added in v2.27.0 

func NewUserPoolIdentityProviderOidc(scope constructs.Construct, id *string, props *UserPoolIdentityProviderOidcProps) UserPoolIdentityProviderOidc

type UserPoolIdentityProviderOidcProps added in v2.27.0 

type UserPoolIdentityProviderOidcProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The client id.
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The client secret.
	ClientSecret *string `field:"required" json:"clientSecret" yaml:"clientSecret"`
	// Issuer URL.
	IssuerUrl *string `field:"required" json:"issuerUrl" yaml:"issuerUrl"`
	// The method to use to request attributes.
	// Default: OidcAttributeRequestMethod.GET
	//
	AttributeRequestMethod OidcAttributeRequestMethod `field:"optional" json:"attributeRequestMethod" yaml:"attributeRequestMethod"`
	// OpenID connect endpoints.
	// Default: - auto discovered with issuer URL.
	//
	Endpoints *OidcEndpoints `field:"optional" json:"endpoints" yaml:"endpoints"`
	// Identifiers.
	//
	// Identifiers can be used to redirect users to the correct IdP in multitenant apps.
	// Default: - no identifiers used.
	//
	Identifiers *[]*string `field:"optional" json:"identifiers" yaml:"identifiers"`
	// The name of the provider.
	// Default: - the unique ID of the construct.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app.
	// Default: ['openid'].
	//
	Scopes *[]*string `field:"optional" json:"scopes" yaml:"scopes"`
}

Properties to initialize UserPoolIdentityProviderOidc.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderOidcProps := &UserPoolIdentityProviderOidcProps{
	ClientId: jsii.String("clientId"),
	ClientSecret: jsii.String("clientSecret"),
	IssuerUrl: jsii.String("issuerUrl"),
	UserPool: userPool,

	// the properties below are optional
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
	AttributeRequestMethod: awscdk.Aws_cognito.OidcAttributeRequestMethod_GET,
	Endpoints: &OidcEndpoints{
		Authorization: jsii.String("authorization"),
		JwksUri: jsii.String("jwksUri"),
		Token: jsii.String("token"),
		UserInfo: jsii.String("userInfo"),
	},
	Identifiers: []*string{
		jsii.String("identifiers"),
	},
	Name: jsii.String("name"),
	Scopes: []*string{
		jsii.String("scopes"),
	},
}

type UserPoolIdentityProviderProps 

type UserPoolIdentityProviderProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
}

Properties to create a new instance of UserPoolIdentityProvider.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var providerAttribute providerAttribute
var userPool userPool

userPoolIdentityProviderProps := &UserPoolIdentityProviderProps{
	UserPool: userPool,

	// the properties below are optional
	AttributeMapping: &AttributeMapping{
		Address: providerAttribute,
		Birthdate: providerAttribute,
		Custom: map[string]*providerAttribute{
			"customKey": providerAttribute,
		},
		Email: providerAttribute,
		FamilyName: providerAttribute,
		Fullname: providerAttribute,
		Gender: providerAttribute,
		GivenName: providerAttribute,
		LastUpdateTime: providerAttribute,
		Locale: providerAttribute,
		MiddleName: providerAttribute,
		Nickname: providerAttribute,
		PhoneNumber: providerAttribute,
		PreferredUsername: providerAttribute,
		ProfilePage: providerAttribute,
		ProfilePicture: providerAttribute,
		Timezone: providerAttribute,
		Website: providerAttribute,
	},
}

type UserPoolIdentityProviderSaml added in v2.42.0 

type UserPoolIdentityProviderSaml interface {
	awscdk.Resource
	IUserPoolIdentityProvider
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The primary identifier of this identity provider.
	ProviderName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	ConfigureAttributeMapping() interface{}
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Represents an identity provider that integrates with SAML.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

// specify the metadata as a file content
// specify the metadata as a file content
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolIdpFile"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_File(jsii.String("my-file-contents")),
	// Whether to require encrypted SAML assertions from IdP
	EncryptedResponses: jsii.Boolean(true),
	// The signing algorithm for the SAML requests
	RequestSigningAlgorithm: cognito.SigningAlgorithm_RSA_SHA256,
	// Enable IdP initiated SAML auth flow
	IdpInitiated: jsii.Boolean(true),
})

// specify the metadata as a URL
// specify the metadata as a URL
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolidpUrl"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_Url(jsii.String("https://my-metadata-url.com")),
})

func NewUserPoolIdentityProviderSaml added in v2.42.0 

func NewUserPoolIdentityProviderSaml(scope constructs.Construct, id *string, props *UserPoolIdentityProviderSamlProps) UserPoolIdentityProviderSaml

type UserPoolIdentityProviderSamlMetadata added in v2.42.0 

type UserPoolIdentityProviderSamlMetadata interface {
	// A URL hosting SAML metadata, or the content of a file containing SAML metadata.
	MetadataContent() *string
	// The type of metadata, either a URL or file content.
	MetadataType() UserPoolIdentityProviderSamlMetadataType
}

Metadata for a SAML user pool identity provider.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

// specify the metadata as a file content
// specify the metadata as a file content
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolIdpFile"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_File(jsii.String("my-file-contents")),
	// Whether to require encrypted SAML assertions from IdP
	EncryptedResponses: jsii.Boolean(true),
	// The signing algorithm for the SAML requests
	RequestSigningAlgorithm: cognito.SigningAlgorithm_RSA_SHA256,
	// Enable IdP initiated SAML auth flow
	IdpInitiated: jsii.Boolean(true),
})

// specify the metadata as a URL
// specify the metadata as a URL
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolidpUrl"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_Url(jsii.String("https://my-metadata-url.com")),
})

func UserPoolIdentityProviderSamlMetadata_File added in v2.42.0 

func UserPoolIdentityProviderSamlMetadata_File(fileContent *string) UserPoolIdentityProviderSamlMetadata

Specify SAML metadata via the contents of a file.

func UserPoolIdentityProviderSamlMetadata_Url added in v2.42.0 

func UserPoolIdentityProviderSamlMetadata_Url(url *string) UserPoolIdentityProviderSamlMetadata

Specify SAML metadata via a URL.

type UserPoolIdentityProviderSamlMetadataType added in v2.42.0 

type UserPoolIdentityProviderSamlMetadataType string

Metadata types that can be used for a SAML user pool identity provider. 

const (
	// Metadata provided via a URL.
	UserPoolIdentityProviderSamlMetadataType_URL UserPoolIdentityProviderSamlMetadataType = "URL"
	// Metadata provided via the contents of a file.
	UserPoolIdentityProviderSamlMetadataType_FILE UserPoolIdentityProviderSamlMetadataType = "FILE"
)

type UserPoolIdentityProviderSamlProps added in v2.42.0 

type UserPoolIdentityProviderSamlProps struct {
	// The user pool to which this construct provides identities.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
	// Mapping attributes from the identity provider to standard and custom attributes of the user pool.
	// Default: - no attribute mapping.
	//
	AttributeMapping *AttributeMapping `field:"optional" json:"attributeMapping" yaml:"attributeMapping"`
	// The SAML metadata.
	Metadata UserPoolIdentityProviderSamlMetadata `field:"required" json:"metadata" yaml:"metadata"`
	// Whether to require encrypted SAML assertions from IdP.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-encryption
	//
	// Default: false.
	//
	EncryptedResponses *bool `field:"optional" json:"encryptedResponses" yaml:"encryptedResponses"`
	// Identifiers.
	//
	// Identifiers can be used to redirect users to the correct IdP in multitenant apps.
	// Default: - no identifiers used.
	//
	Identifiers *[]*string `field:"optional" json:"identifiers" yaml:"identifiers"`
	// Whether to enable IdP-initiated SAML auth flows.
	// Default: false.
	//
	IdpInitiated *bool `field:"optional" json:"idpInitiated" yaml:"idpInitiated"`
	// Whether to enable the "Sign-out flow" feature.
	// Default: - false.
	//
	IdpSignout *bool `field:"optional" json:"idpSignout" yaml:"idpSignout"`
	// The name of the provider.
	//
	// Must be between 3 and 32 characters.
	// Default: - the unique ID of the construct.
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The signing algorithm for SAML requests.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-signing
	//
	// Default: - don't sign requests.
	//
	RequestSigningAlgorithm SigningAlgorithm `field:"optional" json:"requestSigningAlgorithm" yaml:"requestSigningAlgorithm"`
}

Properties to initialize UserPoolIdentityProviderSaml.

Example: 

userpool := cognito.NewUserPool(this, jsii.String("Pool"))

// specify the metadata as a file content
// specify the metadata as a file content
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolIdpFile"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_File(jsii.String("my-file-contents")),
	// Whether to require encrypted SAML assertions from IdP
	EncryptedResponses: jsii.Boolean(true),
	// The signing algorithm for the SAML requests
	RequestSigningAlgorithm: cognito.SigningAlgorithm_RSA_SHA256,
	// Enable IdP initiated SAML auth flow
	IdpInitiated: jsii.Boolean(true),
})

// specify the metadata as a URL
// specify the metadata as a URL
cognito.NewUserPoolIdentityProviderSaml(this, jsii.String("userpoolidpUrl"), &UserPoolIdentityProviderSamlProps{
	UserPool: userpool,
	Metadata: cognito.UserPoolIdentityProviderSamlMetadata_Url(jsii.String("https://my-metadata-url.com")),
})

type UserPoolOperation 

type UserPoolOperation interface {
	// The key to use in `CfnUserPool.LambdaConfigProperty`.
	OperationName() *string
}

User pool operations to which lambda triggers can be attached.

Example: 

authChallengeFn := lambda.NewFunction(this, jsii.String("authChallengeFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
})

userpool := cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	LambdaTriggers: &UserPoolTriggers{
		CreateAuthChallenge: authChallengeFn,
	},
})

userpool.AddTrigger(cognito.UserPoolOperation_USER_MIGRATION(), lambda.NewFunction(this, jsii.String("userMigrationFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_*FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
}))

func UserPoolOperation_CREATE_AUTH_CHALLENGE 

func UserPoolOperation_CREATE_AUTH_CHALLENGE() UserPoolOperation

func UserPoolOperation_CUSTOM_EMAIL_SENDER added in v2.1.0 

func UserPoolOperation_CUSTOM_EMAIL_SENDER() UserPoolOperation

func UserPoolOperation_CUSTOM_MESSAGE 

func UserPoolOperation_CUSTOM_MESSAGE() UserPoolOperation

func UserPoolOperation_CUSTOM_SMS_SENDER added in v2.1.0 

func UserPoolOperation_CUSTOM_SMS_SENDER() UserPoolOperation

func UserPoolOperation_DEFINE_AUTH_CHALLENGE 

func UserPoolOperation_DEFINE_AUTH_CHALLENGE() UserPoolOperation

func UserPoolOperation_Of 

func UserPoolOperation_Of(name *string) UserPoolOperation

A custom user pool operation.

func UserPoolOperation_POST_AUTHENTICATION 

func UserPoolOperation_POST_AUTHENTICATION() UserPoolOperation

func UserPoolOperation_POST_CONFIRMATION 

func UserPoolOperation_POST_CONFIRMATION() UserPoolOperation

func UserPoolOperation_PRE_AUTHENTICATION 

func UserPoolOperation_PRE_AUTHENTICATION() UserPoolOperation

func UserPoolOperation_PRE_SIGN_UP 

func UserPoolOperation_PRE_SIGN_UP() UserPoolOperation

func UserPoolOperation_PRE_TOKEN_GENERATION 

func UserPoolOperation_PRE_TOKEN_GENERATION() UserPoolOperation

func UserPoolOperation_PRE_TOKEN_GENERATION_CONFIG added in v2.127.0 

func UserPoolOperation_PRE_TOKEN_GENERATION_CONFIG() UserPoolOperation

func UserPoolOperation_USER_MIGRATION 

func UserPoolOperation_USER_MIGRATION() UserPoolOperation

func UserPoolOperation_VERIFY_AUTH_CHALLENGE_RESPONSE 

func UserPoolOperation_VERIFY_AUTH_CHALLENGE_RESPONSE() UserPoolOperation

type UserPoolProps 

type UserPoolProps struct {
	// How will a user be able to recover their account?
	// Default: AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL
	//
	AccountRecovery AccountRecovery `field:"optional" json:"accountRecovery" yaml:"accountRecovery"`
	// The user pool's Advanced Security Mode.
	// Default: - no value.
	//
	AdvancedSecurityMode AdvancedSecurityMode `field:"optional" json:"advancedSecurityMode" yaml:"advancedSecurityMode"`
	// Attributes which Cognito will look to verify automatically upon user sign up.
	//
	// EMAIL and PHONE are the only available options.
	// Default: - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default.
	// If absent, no attributes will be auto-verified.
	//
	AutoVerify *AutoVerifiedAttrs `field:"optional" json:"autoVerify" yaml:"autoVerify"`
	// Define a set of custom attributes that can be configured for each user in the user pool.
	// Default: - No custom attributes.
	//
	CustomAttributes *map[string]ICustomAttribute `field:"optional" json:"customAttributes" yaml:"customAttributes"`
	// This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html
	//
	// Default: - no key ID configured.
	//
	CustomSenderKmsKey awskms.IKey `field:"optional" json:"customSenderKmsKey" yaml:"customSenderKmsKey"`
	// Indicates whether the user pool should have deletion protection enabled.
	// Default: false.
	//
	DeletionProtection *bool `field:"optional" json:"deletionProtection" yaml:"deletionProtection"`
	// Device tracking settings.
	// Default: - see defaults on each property of DeviceTracking.
	//
	DeviceTracking *DeviceTracking `field:"optional" json:"deviceTracking" yaml:"deviceTracking"`
	// Email settings for a user pool.
	// Default: - cognito will use the default email configuration.
	//
	Email UserPoolEmail `field:"optional" json:"email" yaml:"email"`
	// Setting this would explicitly enable or disable SMS role creation.
	//
	// When left unspecified, CDK will determine based on other properties if a role is needed or not.
	// Default: - CDK will determine based on other properties of the user pool if an SMS role should be created or not.
	//
	EnableSmsRole *bool `field:"optional" json:"enableSmsRole" yaml:"enableSmsRole"`
	// Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
	//
	// EMAIL and PHONE are the only available options.
	// Default: - Nothing is kept.
	//
	KeepOriginal *KeepOriginalAttrs `field:"optional" json:"keepOriginal" yaml:"keepOriginal"`
	// Lambda functions to use for supported Cognito triggers.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
	//
	// Default: - No Lambda triggers.
	//
	LambdaTriggers *UserPoolTriggers `field:"optional" json:"lambdaTriggers" yaml:"lambdaTriggers"`
	// Configure whether users of this user pool can or are required use MFA to sign in.
	// Default: Mfa.OFF
	//
	Mfa Mfa `field:"optional" json:"mfa" yaml:"mfa"`
	// The SMS message template sent during MFA verification.
	//
	// Use '{####}' in the template where Cognito should insert the verification code.
	// Default: 'Your authentication code is {####}.'
	//
	MfaMessage *string `field:"optional" json:"mfaMessage" yaml:"mfaMessage"`
	// Configure the MFA types that users can use in this user pool.
	//
	// Ignored if `mfa` is set to `OFF`.
	// Default: - { sms: true, otp: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`.
	// { sms: false, otp: false }, otherwise.
	//
	MfaSecondFactor *MfaSecondFactor `field:"optional" json:"mfaSecondFactor" yaml:"mfaSecondFactor"`
	// Password policy for this user pool.
	// Default: - see defaults on each property of PasswordPolicy.
	//
	PasswordPolicy *PasswordPolicy `field:"optional" json:"passwordPolicy" yaml:"passwordPolicy"`
	// Policy to apply when the user pool is removed from the stack.
	// Default: RemovalPolicy.RETAIN
	//
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// Whether self sign-up should be enabled.
	//
	// To configure self sign-up configuration use the `userVerification` property.
	// Default: - false.
	//
	SelfSignUpEnabled *bool `field:"optional" json:"selfSignUpEnabled" yaml:"selfSignUpEnabled"`
	// Methods in which a user registers or signs in to a user pool.
	//
	// Allows either username with aliases OR sign in with email, phone, or both.
	//
	// Read the sections on usernames and aliases to learn more -
	// https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
	//
	// To match with 'Option 1' in the above link, with a verified email, this property should be set to
	// `{ username: true, email: true }`. To match with 'Option 2' in the above link with both a verified email and phone
	// number, this property should be set to `{ email: true, phone: true }`.
	// Default: { username: true }.
	//
	SignInAliases *SignInAliases `field:"optional" json:"signInAliases" yaml:"signInAliases"`
	// Whether sign-in aliases should be evaluated with case sensitivity.
	//
	// For example, when this option is set to false, users will be able to sign in using either `MyUsername` or `myusername`.
	// Default: true.
	//
	SignInCaseSensitive *bool `field:"optional" json:"signInCaseSensitive" yaml:"signInCaseSensitive"`
	// The IAM role that Cognito will assume while sending SMS messages.
	// Default: - a new IAM role is created.
	//
	SmsRole awsiam.IRole `field:"optional" json:"smsRole" yaml:"smsRole"`
	// The 'ExternalId' that Cognito service must be using when assuming the `smsRole`, if the role is restricted with an 'sts:ExternalId' conditional.
	//
	// Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
	//
	// This property will be ignored if `smsRole` is not specified.
	// Default: - No external id will be configured.
	//
	SmsRoleExternalId *string `field:"optional" json:"smsRoleExternalId" yaml:"smsRoleExternalId"`
	// The region to integrate with SNS to send SMS messages.
	//
	// This property will do nothing if SMS configuration is not configured.
	// Default: - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
	//
	SnsRegion *string `field:"optional" json:"snsRegion" yaml:"snsRegion"`
	// The set of attributes that are required for every user in the user pool.
	//
	// Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
	// Default: - All standard attributes are optional and mutable.
	//
	StandardAttributes *StandardAttributes `field:"optional" json:"standardAttributes" yaml:"standardAttributes"`
	// Configuration around admins signing up users into a user pool.
	// Default: - see defaults in UserInvitationConfig.
	//
	UserInvitation *UserInvitationConfig `field:"optional" json:"userInvitation" yaml:"userInvitation"`
	// Name of the user pool.
	// Default: - automatically generated name by CloudFormation at deploy time.
	//
	UserPoolName *string `field:"optional" json:"userPoolName" yaml:"userPoolName"`
	// Configuration around users signing themselves up to the user pool.
	//
	// Enable or disable self sign-up via the `selfSignUpEnabled` property.
	// Default: - see defaults in UserVerificationConfig.
	//
	UserVerification *UserVerificationConfig `field:"optional" json:"userVerification" yaml:"userVerification"`
}

Props for the UserPool construct.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SelfSignUpEnabled: jsii.Boolean(true),
	UserVerification: &UserVerificationConfig{
		EmailSubject: jsii.String("Verify your email for our awesome app!"),
		EmailBody: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
		EmailStyle: cognito.VerificationEmailStyle_CODE,
		SmsMessage: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
	},
})

type UserPoolResourceServer 

type UserPoolResourceServer interface {
	awscdk.Resource
	IUserPoolResourceServer
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Resource server id.
	UserPoolResourceServerId() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

Defines a User Pool OAuth2.0 Resource Server.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

func NewUserPoolResourceServer 

func NewUserPoolResourceServer(scope constructs.Construct, id *string, props *UserPoolResourceServerProps) UserPoolResourceServer

type UserPoolResourceServerOptions 

type UserPoolResourceServerOptions struct {
	// A unique resource server identifier for the resource server.
	Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
	// Oauth scopes.
	// Default: - No scopes will be added.
	//
	Scopes *[]ResourceServerScope `field:"optional" json:"scopes" yaml:"scopes"`
	// A friendly name for the resource server.
	// Default: - same as `identifier`.
	//
	UserPoolResourceServerName *string `field:"optional" json:"userPoolResourceServerName" yaml:"userPoolResourceServerName"`
}

Options to create a UserPoolResourceServer.

Example: 

pool := cognito.NewUserPool(this, jsii.String("Pool"))

readOnlyScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("read"),
	ScopeDescription: jsii.String("Read-only access"),
})
fullAccessScope := cognito.NewResourceServerScope(&ResourceServerScopeProps{
	ScopeName: jsii.String("*"),
	ScopeDescription: jsii.String("Full access"),
})

userServer := pool.addResourceServer(jsii.String("ResourceServer"), &UserPoolResourceServerOptions{
	Identifier: jsii.String("users"),
	Scopes: []resourceServerScope{
		readOnlyScope,
		fullAccessScope,
	},
})

readOnlyClient := pool.addClient(jsii.String("read-only-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []oAuthScope{
			cognito.*oAuthScope_ResourceServer(userServer, readOnlyScope),
		},
	},
})

fullAccessClient := pool.addClient(jsii.String("full-access-client"), &UserPoolClientOptions{
	// ...
	OAuth: &OAuthSettings{
		// ...
		Scopes: []*oAuthScope{
			cognito.*oAuthScope_*ResourceServer(userServer, fullAccessScope),
		},
	},
})

type UserPoolResourceServerProps 

type UserPoolResourceServerProps struct {
	// A unique resource server identifier for the resource server.
	Identifier *string `field:"required" json:"identifier" yaml:"identifier"`
	// Oauth scopes.
	// Default: - No scopes will be added.
	//
	Scopes *[]ResourceServerScope `field:"optional" json:"scopes" yaml:"scopes"`
	// A friendly name for the resource server.
	// Default: - same as `identifier`.
	//
	UserPoolResourceServerName *string `field:"optional" json:"userPoolResourceServerName" yaml:"userPoolResourceServerName"`
	// The user pool to add this resource server to.
	UserPool IUserPool `field:"required" json:"userPool" yaml:"userPool"`
}

Properties for the UserPoolResourceServer construct.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var resourceServerScope resourceServerScope
var userPool userPool

userPoolResourceServerProps := &UserPoolResourceServerProps{
	Identifier: jsii.String("identifier"),
	UserPool: userPool,

	// the properties below are optional
	Scopes: []*resourceServerScope{
		resourceServerScope,
	},
	UserPoolResourceServerName: jsii.String("userPoolResourceServerName"),
}

type UserPoolSESOptions 

type UserPoolSESOptions struct {
	// The verified Amazon SES email address that Cognito should use to send emails.
	//
	// The email address used must be a verified email address
	// in Amazon SES and must be configured to allow Cognito to
	// send emails.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
	//
	FromEmail *string `field:"required" json:"fromEmail" yaml:"fromEmail"`
	// The name of a configuration set in Amazon SES that should be applied to emails sent via Cognito.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-configurationset
	//
	// Default: - no configuration set.
	//
	ConfigurationSetName *string `field:"optional" json:"configurationSetName" yaml:"configurationSetName"`
	// An optional name that should be used as the sender's name along with the email.
	// Default: - no name.
	//
	FromName *string `field:"optional" json:"fromName" yaml:"fromName"`
	// The destination to which the receiver of the email should reply to.
	// Default: - same as the fromEmail.
	//
	ReplyTo *string `field:"optional" json:"replyTo" yaml:"replyTo"`
	// Required if the UserPool region is different than the SES region.
	//
	// If sending emails with a Amazon SES verified email address,
	// and the region that SES is configured is different than the
	// region in which the UserPool is deployed, you must specify that
	// region here.
	// Default: - The same region as the Cognito UserPool.
	//
	SesRegion *string `field:"optional" json:"sesRegion" yaml:"sesRegion"`
	// SES Verified custom domain to be used to verify the identity.
	// Default: - no domain.
	//
	SesVerifiedDomain *string `field:"optional" json:"sesVerifiedDomain" yaml:"sesVerifiedDomain"`
}

Configuration for Cognito sending emails via Amazon SES.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	Email: cognito.UserPoolEmail_WithSES(&UserPoolSESOptions{
		FromEmail: jsii.String("noreply@myawesomeapp.com"),
		FromName: jsii.String("Awesome App"),
		ReplyTo: jsii.String("support@myawesomeapp.com"),
	}),
})

type UserPoolTriggers 

type UserPoolTriggers struct {
	// Creates an authentication challenge.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html
	//
	// Default: - no trigger configured.
	//
	CreateAuthChallenge awslambda.IFunction `field:"optional" json:"createAuthChallenge" yaml:"createAuthChallenge"`
	// Amazon Cognito invokes this trigger to send email notifications to users.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
	//
	// Default: - no trigger configured.
	//
	CustomEmailSender awslambda.IFunction `field:"optional" json:"customEmailSender" yaml:"customEmailSender"`
	// A custom Message AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
	//
	// Default: - no trigger configured.
	//
	CustomMessage awslambda.IFunction `field:"optional" json:"customMessage" yaml:"customMessage"`
	// Amazon Cognito invokes this trigger to send SMS notifications to users.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
	//
	// Default: - no trigger configured.
	//
	CustomSmsSender awslambda.IFunction `field:"optional" json:"customSmsSender" yaml:"customSmsSender"`
	// Defines the authentication challenge.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html
	//
	// Default: - no trigger configured.
	//
	DefineAuthChallenge awslambda.IFunction `field:"optional" json:"defineAuthChallenge" yaml:"defineAuthChallenge"`
	// A post-authentication AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html
	//
	// Default: - no trigger configured.
	//
	PostAuthentication awslambda.IFunction `field:"optional" json:"postAuthentication" yaml:"postAuthentication"`
	// A post-confirmation AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html
	//
	// Default: - no trigger configured.
	//
	PostConfirmation awslambda.IFunction `field:"optional" json:"postConfirmation" yaml:"postConfirmation"`
	// A pre-authentication AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html
	//
	// Default: - no trigger configured.
	//
	PreAuthentication awslambda.IFunction `field:"optional" json:"preAuthentication" yaml:"preAuthentication"`
	// A pre-registration AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
	//
	// Default: - no trigger configured.
	//
	PreSignUp awslambda.IFunction `field:"optional" json:"preSignUp" yaml:"preSignUp"`
	// A pre-token-generation AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
	//
	// Default: - no trigger configured.
	//
	PreTokenGeneration awslambda.IFunction `field:"optional" json:"preTokenGeneration" yaml:"preTokenGeneration"`
	// A user-migration AWS Lambda trigger.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
	//
	// Default: - no trigger configured.
	//
	UserMigration awslambda.IFunction `field:"optional" json:"userMigration" yaml:"userMigration"`
	// Verifies the authentication challenge response.
	// See: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html
	//
	// Default: - no trigger configured.
	//
	VerifyAuthChallengeResponse awslambda.IFunction `field:"optional" json:"verifyAuthChallengeResponse" yaml:"verifyAuthChallengeResponse"`
}

Triggers for a user pool.

Example: 

authChallengeFn := lambda.NewFunction(this, jsii.String("authChallengeFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
})

userpool := cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	LambdaTriggers: &UserPoolTriggers{
		CreateAuthChallenge: authChallengeFn,
	},
})

userpool.AddTrigger(cognito.UserPoolOperation_USER_MIGRATION(), lambda.NewFunction(this, jsii.String("userMigrationFn"), &FunctionProps{
	Runtime: lambda.Runtime_NODEJS_LATEST(),
	Handler: jsii.String("index.handler"),
	Code: lambda.Code_*FromAsset(path.join(__dirname, jsii.String("path/to/asset"))),
}))

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html

type UserVerificationConfig 

type UserVerificationConfig struct {
	// The email body template for the verification email sent to the user upon sign up.
	//
	// See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
	// learn more about message templates.
	// Default: - 'The verification code to your new account is {####}' if VerificationEmailStyle.CODE is chosen,
	// 'Verify your account by clicking on {##Verify Email##}' if VerificationEmailStyle.LINK is chosen.
	//
	EmailBody *string `field:"optional" json:"emailBody" yaml:"emailBody"`
	// Emails can be verified either using a code or a link.
	//
	// Learn more at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-email-verification-message-customization.html
	// Default: VerificationEmailStyle.CODE
	//
	EmailStyle VerificationEmailStyle `field:"optional" json:"emailStyle" yaml:"emailStyle"`
	// The email subject template for the verification email sent to the user upon sign up.
	//
	// See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
	// learn more about message templates.
	// Default: 'Verify your new account'.
	//
	EmailSubject *string `field:"optional" json:"emailSubject" yaml:"emailSubject"`
	// The message template for the verification SMS sent to the user upon sign up.
	//
	// See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
	// learn more about message templates.
	// Default: - 'The verification code to your new account is {####}' if VerificationEmailStyle.CODE is chosen,
	// not configured if VerificationEmailStyle.LINK is chosen
	//
	SmsMessage *string `field:"optional" json:"smsMessage" yaml:"smsMessage"`
}

User pool configuration for user self sign up.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SelfSignUpEnabled: jsii.Boolean(true),
	UserVerification: &UserVerificationConfig{
		EmailSubject: jsii.String("Verify your email for our awesome app!"),
		EmailBody: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
		EmailStyle: cognito.VerificationEmailStyle_CODE,
		SmsMessage: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
	},
})

type VerificationEmailStyle 

type VerificationEmailStyle string

The email verification style.

Example: 

cognito.NewUserPool(this, jsii.String("myuserpool"), &UserPoolProps{
	// ...
	SelfSignUpEnabled: jsii.Boolean(true),
	UserVerification: &UserVerificationConfig{
		EmailSubject: jsii.String("Verify your email for our awesome app!"),
		EmailBody: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
		EmailStyle: cognito.VerificationEmailStyle_CODE,
		SmsMessage: jsii.String("Thanks for signing up to our awesome app! Your verification code is {####}"),
	},
})

const (
	// Verify email via code.
	VerificationEmailStyle_CODE VerificationEmailStyle = "CODE"
	// Verify email via link.
	VerificationEmailStyle_LINK VerificationEmailStyle = "LINK"
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.