aws-cdk-lib

import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { aws_cognito as cognitoRefs, aws_iam as iamRefs } from "../../interfaces"; import { IdentityPoolPrincipalTagReference, IdentityPoolReference, IdentityPoolRoleAttachmentReference, IIdentityPoolPrincipalTagRef, IIdentityPoolRef, IIdentityPoolRoleAttachmentRef, ILogDeliveryConfigurationRef, IManagedLoginBrandingRef, ITermsRef, IUserPoolClientRef, IUserPoolDomainRef, IUserPoolGroupRef, IUserPoolIdentityProviderRef, IUserPoolRef, IUserPoolResourceServerRef, IUserPoolRiskConfigurationAttachmentRef, IUserPoolUICustomizationAttachmentRef, IUserPoolUserRef, IUserPoolUserToGroupAttachmentRef, LogDeliveryConfigurationReference, ManagedLoginBrandingReference, TermsReference, UserPoolClientReference, UserPoolDomainReference, UserPoolGroupReference, UserPoolIdentityProviderReference, UserPoolReference, UserPoolResourceServerReference, UserPoolRiskConfigurationAttachmentReference, UserPoolUICustomizationAttachmentReference, UserPoolUserReference, UserPoolUserToGroupAttachmentReference } from "../../interfaces/generated/aws-cognito-interfaces.generated"; /** * The `AWS::Cognito::IdentityPool` resource creates an Amazon Cognito identity pool. * * To avoid deleting the resource accidentally from CloudFormation , use [DeletionPolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html) and the [UpdateReplacePolicy Attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) to retain the resource on deletion or replacement. * * @cloudformationResource AWS::Cognito::IdentityPool * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html */ export declare class CfnIdentityPool extends cdk.CfnResource implements cdk.IInspectable, IIdentityPoolRef, cdk.ITaggableV2 { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnIdentityPool from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIdentityPool; /** * Checks whether the given object is a CfnIdentityPool */ static isCfnIdentityPool(x: any): x is CfnIdentityPool; /** * Creates a new IIdentityPoolRef from a identityPoolId */ static fromIdentityPoolId(scope: constructs.Construct, id: string, identityPoolId: string): IIdentityPoolRef; static arnForIdentityPool(resource: IIdentityPoolRef): string; /** * Enables the Basic (Classic) authentication flow. */ private _allowClassicFlow?; /** * Specifies whether the identity pool supports unauthenticated logins. */ private _allowUnauthenticatedIdentities; /** * Tag Manager which manages the tags for this resource */ readonly cdkTagManager: cdk.TagManager; /** * The events to configure. */ private _cognitoEvents?; /** * The Amazon Cognito user pools and their client IDs. */ private _cognitoIdentityProviders?; /** * Configuration options for configuring Amazon Cognito streams. */ private _cognitoStreams?; /** * The "domain" Amazon Cognito uses when referencing your users. */ private _developerProviderName?; /** * The name of your Amazon Cognito identity pool. */ private _identityPoolName?; /** * Tags to assign to the identity pool. */ private _identityPoolTags?; /** * The Amazon Resource Names (ARNs) of the OpenID connect providers. */ private _openIdConnectProviderArns?; /** * The configuration options to be applied to the identity pool. */ private _pushSync?; /** * The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. */ private _samlProviderArns?; /** * Key-value pairs that map provider names to provider app IDs. */ private _supportedLoginProviders?; /** * Create a new `AWS::Cognito::IdentityPool`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnIdentityPoolProps); get identityPoolRef(): IdentityPoolReference; /** * Enables the Basic (Classic) authentication flow. */ get allowClassicFlow(): boolean | cdk.IResolvable | undefined; /** * Enables the Basic (Classic) authentication flow. */ set allowClassicFlow(value: boolean | cdk.IResolvable | undefined); /** * Specifies whether the identity pool supports unauthenticated logins. */ get allowUnauthenticatedIdentities(): boolean | cdk.IResolvable; /** * Specifies whether the identity pool supports unauthenticated logins. */ set allowUnauthenticatedIdentities(value: boolean | cdk.IResolvable); /** * The events to configure. */ get cognitoEvents(): any | cdk.IResolvable | undefined; /** * The events to configure. */ set cognitoEvents(value: any | cdk.IResolvable | undefined); /** * The Amazon Cognito user pools and their client IDs. */ get cognitoIdentityProviders(): Array<CfnIdentityPool.CognitoIdentityProviderProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * The Amazon Cognito user pools and their client IDs. */ set cognitoIdentityProviders(value: Array<CfnIdentityPool.CognitoIdentityProviderProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * Configuration options for configuring Amazon Cognito streams. */ get cognitoStreams(): CfnIdentityPool.CognitoStreamsProperty | cdk.IResolvable | undefined; /** * Configuration options for configuring Amazon Cognito streams. */ set cognitoStreams(value: CfnIdentityPool.CognitoStreamsProperty | cdk.IResolvable | undefined); /** * The "domain" Amazon Cognito uses when referencing your users. */ get developerProviderName(): string | undefined; /** * The "domain" Amazon Cognito uses when referencing your users. */ set developerProviderName(value: string | undefined); /** * The name of your Amazon Cognito identity pool. */ get identityPoolName(): string | undefined; /** * The name of your Amazon Cognito identity pool. */ set identityPoolName(value: string | undefined); /** * Tags to assign to the identity pool. */ get identityPoolTags(): Array<cdk.CfnTag> | undefined; /** * Tags to assign to the identity pool. */ set identityPoolTags(value: Array<cdk.CfnTag> | undefined); /** * The Amazon Resource Names (ARNs) of the OpenID connect providers. */ get openIdConnectProviderArns(): Array<string> | undefined; /** * The Amazon Resource Names (ARNs) of the OpenID connect providers. */ set openIdConnectProviderArns(value: Array<string> | undefined); /** * The configuration options to be applied to the identity pool. */ get pushSync(): cdk.IResolvable | CfnIdentityPool.PushSyncProperty | undefined; /** * The configuration options to be applied to the identity pool. */ set pushSync(value: cdk.IResolvable | CfnIdentityPool.PushSyncProperty | undefined); /** * The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. */ get samlProviderArns(): Array<string> | undefined; /** * The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. */ set samlProviderArns(value: Array<string> | undefined); /** * Key-value pairs that map provider names to provider app IDs. */ get supportedLoginProviders(): any | cdk.IResolvable | undefined; /** * Key-value pairs that map provider names to provider app IDs. */ set supportedLoginProviders(value: any | cdk.IResolvable | undefined); /** * @cloudformationAttribute Id */ get attrId(): string; /** * The name of the Amazon Cognito identity pool, returned as a string. * * @cloudformationAttribute Name */ get attrName(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnIdentityPool { /** * `PushSync` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines the configuration options to be applied to an Amazon Cognito identity pool. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html */ interface PushSyncProperty { /** * The ARNs of the Amazon SNS platform applications that could be used by clients. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html#cfn-cognito-identitypool-pushsync-applicationarns */ readonly applicationArns?: Array<string>; /** * An IAM role configured to allow Amazon Cognito to call Amazon SNS on behalf of the developer. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-pushsync.html#cfn-cognito-identitypool-pushsync-rolearn */ readonly roleArn?: string; } /** * `CognitoIdentityProvider` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that represents an Amazon Cognito user pool and its client ID. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html */ interface CognitoIdentityProviderProperty { /** * The client ID for the Amazon Cognito user pool. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-clientid */ readonly clientId: string; /** * The provider name for an Amazon Cognito user pool. * * For example: `cognito-idp.us-east-2.amazonaws.com/us-east-2_123456789` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-providername */ readonly providerName: string; /** * TRUE if server-side token validation is enabled for the identity provider’s token. * * After you set the `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool checks with the integrated user pools to make sure the user has not been globally signed out or deleted before the identity pool provides an OIDC token or AWS credentials for the user. * * If the user is signed out or deleted, the identity pool returns a 400 Not Authorized error. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitoidentityprovider.html#cfn-cognito-identitypool-cognitoidentityprovider-serversidetokencheck */ readonly serverSideTokenCheck?: boolean | cdk.IResolvable; } /** * `CognitoStreams` is a property of the [AWS::Cognito::IdentityPool](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html) resource that defines configuration options for Amazon Cognito streams. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html */ interface CognitoStreamsProperty { /** * The Amazon Resource Name (ARN) of the role Amazon Cognito can assume to publish to the stream. * * This role must grant access to Amazon Cognito (cognito-sync) to invoke `PutRecord` on your Amazon Cognito stream. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-rolearn */ readonly roleArn?: string; /** * Status of the Amazon Cognito streams. * * Valid values are: `ENABLED` or `DISABLED` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-streamingstatus */ readonly streamingStatus?: string; /** * The name of the Amazon Cognito stream to receive updates. * * This stream must be in the developer's account and in the same Region as the identity pool. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypool-cognitostreams.html#cfn-cognito-identitypool-cognitostreams-streamname */ readonly streamName?: string; } } /** * Properties for defining a `CfnIdentityPool` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html */ export interface CfnIdentityPoolProps { /** * Enables the Basic (Classic) authentication flow. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-allowclassicflow */ readonly allowClassicFlow?: boolean | cdk.IResolvable; /** * Specifies whether the identity pool supports unauthenticated logins. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-allowunauthenticatedidentities */ readonly allowUnauthenticatedIdentities: boolean | cdk.IResolvable; /** * The events to configure. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitoevents */ readonly cognitoEvents?: any | cdk.IResolvable; /** * The Amazon Cognito user pools and their client IDs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitoidentityproviders */ readonly cognitoIdentityProviders?: Array<CfnIdentityPool.CognitoIdentityProviderProperty | cdk.IResolvable> | cdk.IResolvable; /** * Configuration options for configuring Amazon Cognito streams. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-cognitostreams */ readonly cognitoStreams?: CfnIdentityPool.CognitoStreamsProperty | cdk.IResolvable; /** * The "domain" Amazon Cognito uses when referencing your users. * * This name acts as a placeholder that allows your backend and the Amazon Cognito service to communicate about the developer provider. For the `DeveloperProviderName` , you can use letters and periods (.), underscores (_), and dashes (-). * * *Minimum length* : 1 * * *Maximum length* : 100 * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-developerprovidername */ readonly developerProviderName?: string; /** * The name of your Amazon Cognito identity pool. * * *Minimum length* : 1 * * *Maximum length* : 128 * * *Pattern* : `[\w\s+=,.@-]+` * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-identitypoolname */ readonly identityPoolName?: string; /** * Tags to assign to the identity pool. * * A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-identitypooltags */ readonly identityPoolTags?: Array<cdk.CfnTag>; /** * The Amazon Resource Names (ARNs) of the OpenID connect providers. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-openidconnectproviderarns */ readonly openIdConnectProviderArns?: Array<iamRefs.IOIDCProviderRef | string>; /** * The configuration options to be applied to the identity pool. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-pushsync */ readonly pushSync?: cdk.IResolvable | CfnIdentityPool.PushSyncProperty; /** * The Amazon Resource Names (ARNs) of the Security Assertion Markup Language (SAML) providers. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-samlproviderarns */ readonly samlProviderArns?: Array<string>; /** * Key-value pairs that map provider names to provider app IDs. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html#cfn-cognito-identitypool-supportedloginproviders */ readonly supportedLoginProviders?: any | cdk.IResolvable; } /** * A list of the identity pool principal tag assignments for attributes for access control. * * @cloudformationResource AWS::Cognito::IdentityPoolPrincipalTag * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html */ export declare class CfnIdentityPoolPrincipalTag extends cdk.CfnResource implements cdk.IInspectable, IIdentityPoolPrincipalTagRef { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnIdentityPoolPrincipalTag from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIdentityPoolPrincipalTag; /** * Checks whether the given object is a CfnIdentityPoolPrincipalTag */ static isCfnIdentityPoolPrincipalTag(x: any): x is CfnIdentityPoolPrincipalTag; /** * The identity pool that you want to associate with this principal tag map. */ private _identityPoolId; /** * The identity pool identity provider (IdP) that you want to associate with this principal tag map. */ private _identityProviderName; /** * A JSON-formatted list of user claims and the principal tags that you want to associate with them. */ private _principalTags?; /** * Use a default set of mappings between claims and tags for this provider, instead of a custom map. */ private _useDefaults?; /** * Create a new `AWS::Cognito::IdentityPoolPrincipalTag`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnIdentityPoolPrincipalTagProps); get identityPoolPrincipalTagRef(): IdentityPoolPrincipalTagReference; /** * The identity pool that you want to associate with this principal tag map. */ get identityPoolId(): string; /** * The identity pool that you want to associate with this principal tag map. */ set identityPoolId(value: string); /** * The identity pool identity provider (IdP) that you want to associate with this principal tag map. */ get identityProviderName(): string; /** * The identity pool identity provider (IdP) that you want to associate with this principal tag map. */ set identityProviderName(value: string); /** * A JSON-formatted list of user claims and the principal tags that you want to associate with them. */ get principalTags(): any | cdk.IResolvable | undefined; /** * A JSON-formatted list of user claims and the principal tags that you want to associate with them. */ set principalTags(value: any | cdk.IResolvable | undefined); /** * Use a default set of mappings between claims and tags for this provider, instead of a custom map. */ get useDefaults(): boolean | cdk.IResolvable | undefined; /** * Use a default set of mappings between claims and tags for this provider, instead of a custom map. */ set useDefaults(value: boolean | cdk.IResolvable | undefined); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } /** * Properties for defining a `CfnIdentityPoolPrincipalTag` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html */ export interface CfnIdentityPoolPrincipalTagProps { /** * The identity pool that you want to associate with this principal tag map. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-identitypoolid */ readonly identityPoolId: string; /** * The identity pool identity provider (IdP) that you want to associate with this principal tag map. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-identityprovidername */ readonly identityProviderName: string; /** * A JSON-formatted list of user claims and the principal tags that you want to associate with them. * * When Amazon Cognito requests credentials, it sets the value of the principal tag to the value of the user's claim. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-principaltags */ readonly principalTags?: any | cdk.IResolvable; /** * Use a default set of mappings between claims and tags for this provider, instead of a custom map. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolprincipaltag.html#cfn-cognito-identitypoolprincipaltag-usedefaults */ readonly useDefaults?: boolean | cdk.IResolvable; } /** * The `AWS::Cognito::IdentityPoolRoleAttachment` resource manages the role configuration for an Amazon Cognito identity pool. * * @cloudformationResource AWS::Cognito::IdentityPoolRoleAttachment * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html */ export declare class CfnIdentityPoolRoleAttachment extends cdk.CfnResource implements cdk.IInspectable, IIdentityPoolRoleAttachmentRef { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnIdentityPoolRoleAttachment from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnIdentityPoolRoleAttachment; /** * Checks whether the given object is a CfnIdentityPoolRoleAttachment */ static isCfnIdentityPoolRoleAttachment(x: any): x is CfnIdentityPoolRoleAttachment; /** * An identity pool ID in the format `REGION:GUID` . */ private _identityPoolId; /** * How users for a specific identity provider are mapped to roles. */ private _roleMappings?; /** * The map of the roles associated with this pool. */ private _roles?; /** * Create a new `AWS::Cognito::IdentityPoolRoleAttachment`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnIdentityPoolRoleAttachmentProps); get identityPoolRoleAttachmentRef(): IdentityPoolRoleAttachmentReference; /** * An identity pool ID in the format `REGION:GUID` . */ get identityPoolId(): string; /** * An identity pool ID in the format `REGION:GUID` . */ set identityPoolId(value: string); /** * How users for a specific identity provider are mapped to roles. */ get roleMappings(): cdk.IResolvable | Record<string, cdk.IResolvable | CfnIdentityPoolRoleAttachment.RoleMappingProperty> | undefined; /** * How users for a specific identity provider are mapped to roles. */ set roleMappings(value: cdk.IResolvable | Record<string, cdk.IResolvable | CfnIdentityPoolRoleAttachment.RoleMappingProperty> | undefined); /** * The map of the roles associated with this pool. */ get roles(): any | cdk.IResolvable | undefined; /** * The map of the roles associated with this pool. */ set roles(value: any | cdk.IResolvable | undefined); /** * The resource ID. * * @cloudformationAttribute Id */ get attrId(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnIdentityPoolRoleAttachment { /** * One of a set of `RoleMappings` , a property of the [AWS::Cognito::IdentityPoolRoleAttachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html) resource that defines the role-mapping attributes of an Amazon Cognito identity pool. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html */ interface RoleMappingProperty { /** * If you specify Token or Rules as the `Type` , `AmbiguousRoleResolution` is required. * * Specifies the action to be taken if either no rules match the claim value for the `Rules` type, or there is no `cognito:preferred_role` claim and there are multiple `cognito:roles` matches for the `Token` type. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-ambiguousroleresolution */ readonly ambiguousRoleResolution?: string; /** * Identifier for the identity provider for which the role is mapped. * * For example: `graph.facebook.com` or `cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id (http://cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id)` . This is the identity provider that is used by the user for authentication. * * If the identity provider property isn't provided, the key of the entry in the `RoleMappings` map is used as the identity provider. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-identityprovider */ readonly identityProvider?: string; /** * The rules to be used for mapping users to roles. * * If you specify "Rules" as the role-mapping type, RulesConfiguration is required. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-rulesconfiguration */ readonly rulesConfiguration?: cdk.IResolvable | CfnIdentityPoolRoleAttachment.RulesConfigurationTypeProperty; /** * The role mapping type. * * Token will use `cognito:roles` and `cognito:preferred_role` claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html#cfn-cognito-identitypoolroleattachment-rolemapping-type */ readonly type: string; } /** * `RulesConfigurationType` is a subproperty of the [RoleMapping](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html) property that defines the rules to be used for mapping users to roles. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html */ interface RulesConfigurationTypeProperty { /** * The rules. * * You can specify up to 25 rules per identity provider. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rulesconfigurationtype.html#cfn-cognito-identitypoolroleattachment-rulesconfigurationtype-rules */ readonly rules: Array<cdk.IResolvable | CfnIdentityPoolRoleAttachment.MappingRuleProperty> | cdk.IResolvable; } /** * Defines how to map a claim to a role ARN. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html */ interface MappingRuleProperty { /** * The claim name that must be present in the token. * * For example: "isAdmin" or "paid". * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-claim */ readonly claim: string; /** * The match condition that specifies how closely the claim value in the IdP token must match `Value` . * * Valid values are: `Equals` , `Contains` , `StartsWith` , and `NotEqual` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-matchtype */ readonly matchType: string; /** * The Amazon Resource Name (ARN) of the role. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-rolearn */ readonly roleArn: string; /** * A brief string that the claim must match. * * For example, "paid" or "yes". * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-mappingrule.html#cfn-cognito-identitypoolroleattachment-mappingrule-value */ readonly value: string; } } /** * Properties for defining a `CfnIdentityPoolRoleAttachment` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html */ export interface CfnIdentityPoolRoleAttachmentProps { /** * An identity pool ID in the format `REGION:GUID` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-identitypoolid */ readonly identityPoolId: cognitoRefs.IIdentityPoolRef | string; /** * How users for a specific identity provider are mapped to roles. * * This is a string to the `RoleMapping` object map. The string identifies the identity provider. For example: `graph.facebook.com` or `cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id` . * * If the `IdentityProvider` field isn't provided in this object, the string is used as the identity provider name. * * For more information, see the [RoleMapping property](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-identitypoolroleattachment-rolemapping.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-rolemappings */ readonly roleMappings?: cdk.IResolvable | Record<string, cdk.IResolvable | CfnIdentityPoolRoleAttachment.RoleMappingProperty>; /** * The map of the roles associated with this pool. * * For a given role, the key is either "authenticated" or "unauthenticated". The value is the role ARN. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html#cfn-cognito-identitypoolroleattachment-roles */ readonly roles?: any | cdk.IResolvable; } /** * The `AWS::Cognito::UserPool` resource creates an Amazon Cognito user pool. * * For more information on working with Amazon Cognito user pools, see [Amazon Cognito User Pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) . * * > If you don't specify a value for a parameter, Amazon Cognito sets it to a default value. * * @cloudformationResource AWS::Cognito::UserPool * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html */ export declare class CfnUserPool extends cdk.CfnResource implements cdk.IInspectable, IUserPoolRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnUserPool from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnUserPool; /** * Checks whether the given object is a CfnUserPool */ static isCfnUserPool(x: any): x is CfnUserPool; /** * Creates a new IUserPoolRef from an ARN */ static fromUserPoolArn(scope: constructs.Construct, id: string, arn: string): IUserPoolRef; /** * Creates a new IUserPoolRef from a userPoolId */ static fromUserPoolId(scope: constructs.Construct, id: string, userPoolId: string): IUserPoolRef; static arnForUserPool(resource: IUserPoolRef): string; /** * The available verified method a user can use to recover their password when they call `ForgotPassword` . */ private _accountRecoverySetting?; /** * The settings for administrator creation of users in a user pool. */ private _adminCreateUserConfig?; /** * Attributes supported as an alias for this user pool. */ private _aliasAttributes?; /** * The attributes that you want your user pool to automatically verify. */ private _autoVerifiedAttributes?; /** * When active, `DeletionProtection` prevents accidental deletion of your user pool. */ private _deletionProtection?; /** * The device-remembering configuration for a user pool. */ private _deviceConfiguration?; private _emailAuthenticationMessage?; private _emailAuthenticationSubject?; /** * The email configuration of your user pool. */ private _emailConfiguration?; /** * This parameter is no longer used. */ private _emailVerificationMessage?; /** * This parameter is no longer used. */ private _emailVerificationSubject?; /** * Set enabled MFA options on a specified user pool. */ private _enabledMfas?; /** * A collection of user pool Lambda triggers. */ private _lambdaConfig?; /** * Displays the state of multi-factor authentication (MFA) as on, off, or optional. */ private _mfaConfiguration?; /** * A list of user pool policies. */ private _policies?; /** * An array of attributes for the new user pool. */ private _schema?; /** * The contents of the SMS authentication message. */ private _smsAuthenticationMessage?; /** * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. */ private _smsConfiguration?; /** * This parameter is no longer used. */ private _smsVerificationMessage?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The settings for updates to user attributes. */ private _userAttributeUpdateSettings?; /** * Specifies whether a user can use an email address or phone number as a username when they sign up. */ private _usernameAttributes?; /** * Sets the case sensitivity option for sign-in usernames. */ private _usernameConfiguration?; /** * Contains settings for activation of threat protection, including the operating mode and additional authentication types. */ private _userPoolAddOns?; /** * A friendly name for your user pool. */ private _userPoolName?; /** * The tag keys and values to assign to the user pool. */ private _userPoolTagsRaw?; /** * The user pool [feature plan](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html) , or tier. This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection. Defaults to `ESSENTIALS` . */ private _userPoolTier?; /** * The template for the verification message that your user pool delivers to users who set an email address or phone number attribute. */ private _verificationMessageTemplate?; /** * Sets or displays the authentication domain, typically your user pool domain, that passkey providers must use as a relying party (RP) in their configuration. */ private _webAuthnRelyingPartyId?; /** * When `required` , users can only register and sign in users with passkeys that are capable of [user verification](https://docs.aws.amazon.com/https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement) . When `preferred` , your user pool doesn't require the use of authenticators with user verification but encourages it. */ private _webAuthnUserVerification?; /** * Create a new `AWS::Cognito::UserPool`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props?: CfnUserPoolProps); get userPoolRef(): UserPoolReference; /** * The available verified method a user can use to recover their password when they call `ForgotPassword` . */ get accountRecoverySetting(): CfnUserPool.AccountRecoverySettingProperty | cdk.IResolvable | undefined; /** * The available verified method a user can use to recover their password when they call `ForgotPassword` . */ set accountRecoverySetting(value: CfnUserPool.AccountRecoverySettingProperty | cdk.IResolvable | undefined); /** * The settings for administrator creation of users in a user pool. */ get adminCreateUserConfig(): CfnUserPool.AdminCreateUserConfigProperty | cdk.IResolvable | undefined; /** * The settings for administrator creation of users in a user pool. */ set adminCreateUserConfig(value: CfnUserPool.AdminCreateUserConfigProperty | cdk.IResolvable | undefined); /** * Attributes supported as an alias for this user pool. */ get aliasAttributes(): Array<string> | undefined; /** * Attributes supported as an alias for this user pool. */ set aliasAttributes(value: Array<string> | undefined); /** * The attributes that you want your user pool to automatically verify. */ get autoVerifiedAttributes(): Array<string> | undefined; /** * The attributes that you want your user pool to automatically verify. */ set autoVerifiedAttributes(value: Array<string> | undefined); /** * When active, `DeletionProtection` prevents accidental deletion of your user pool. */ get deletionProtection(): string | undefined; /** * When active, `DeletionProtection` prevents accidental deletion of your user pool. */ set deletionProtection(value: string | undefined); /** * The device-remembering configuration for a user pool. */ get deviceConfiguration(): CfnUserPool.DeviceConfigurationProperty | cdk.IResolvable | undefined; /** * The device-remembering configuration for a user pool. */ set deviceConfiguration(value: CfnUserPool.DeviceConfigurationProperty | cdk.IResolvable | undefined); get emailAuthenticationMessage(): string | undefined; set emailAuthenticationMessage(value: string | undefined); get emailAuthenticationSubject(): string | undefined; set emailAuthenticationSubject(value: string | undefined); /** * The email configuration of your user pool. */ get emailConfiguration(): CfnUserPool.EmailConfigurationProperty | cdk.IResolvable | undefined; /** * The email configuration of your user pool. */ set emailConfiguration(value: CfnUserPool.EmailConfigurationProperty | cdk.IResolvable | undefined); /** * This parameter is no longer used. */ get emailVerificationMessage(): string | undefined; /** * This parameter is no longer used. */ set emailVerificationMessage(value: string | undefined); /** * This parameter is no longer used. */ get emailVerificationSubject(): string | undefined; /** * This parameter is no longer used. */ set emailVerificationSubject(value: string | undefined); /** * Set enabled MFA options on a specified user pool. */ get enabledMfas(): Array<string> | undefined; /** * Set enabled MFA options on a specified user pool. */ set enabledMfas(value: Array<string> | undefined); /** * A collection of user pool Lambda triggers. */ get lambdaConfig(): cdk.IResolvable | CfnUserPool.LambdaConfigProperty | undefined; /** * A collection of user pool Lambda triggers. */ set lambdaConfig(value: cdk.IResolvable | CfnUserPool.LambdaConfigProperty | undefined); /** * Displays the state of multi-factor authentication (MFA) as on, off, or optional. */ get mfaConfiguration(): string | undefined; /** * Displays the state of multi-factor authentication (MFA) as on, off, or optional. */ set mfaConfiguration(value: string | undefined); /** * A list of user pool policies. */ get policies(): cdk.IResolvable | CfnUserPool.PoliciesProperty | undefined; /** * A list of user pool policies. */ set policies(value: cdk.IResolvable | CfnUserPool.PoliciesProperty | undefined); /** * An array of attributes for the new user pool. */ get schema(): Array<cdk.IResolvable | CfnUserPool.SchemaAttributeProperty> | cdk.IResolvable | undefined; /** * An array of attributes for the new user pool. */ set schema(value: Array<cdk.IResolvable | CfnUserPool.SchemaAttributeProperty> | cdk.IResolvable | undefined); /** * The contents of the SMS authentication message. */ get smsAuthenticationMessage(): string | undefined; /** * The contents of the SMS authentication message. */ set smsAuthenticationMessage(value: string | undefined); /** * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. */ get smsConfiguration(): cdk.IResolvable | CfnUserPool.SmsConfigurationProperty | undefined; /** * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. */ set smsConfiguration(value: cdk.IResolvable | CfnUserPool.SmsConfigurationProperty | undefined); /** * This parameter is no longer used. */ get smsVerificationMessage(): string | undefined; /** * This parameter is no longer used. */ set smsVerificationMessage(value: string | undefined); /** * The settings for updates to user attributes. */ get userAttributeUpdateSettings(): cdk.IResolvable | CfnUserPool.UserAttributeUpdateSettingsProperty | undefined; /** * The settings for updates to user attributes. */ set userAttributeUpdateSettings(value: cdk.IResolvable | CfnUserPool.UserAttributeUpdateSettingsProperty | undefined); /** * Specifies whether a user can use an email address or phone number as a username when they sign up. */ get usernameAttributes(): Array<string> | undefined; /** * Specifies whether a user can use an email address or phone number as a username when they sign up. */ set usernameAttributes(value: Array<string> | undefined); /** * Sets the case sensitivity option for sign-in usernames. */ get usernameConfiguration(): cdk.IResolvable | CfnUserPool.UsernameConfigurationProperty | undefined; /** * Sets the case sensitivity option for sign-in usernames. */ set usernameConfiguration(value: cdk.IResolvable | CfnUserPool.UsernameConfigurationProperty | undefined); /** * Contains settings for activation of threat protection, including the operating mode and additional authentication types. */ get userPoolAddOns(): cdk.IResolvable | CfnUserPool.UserPoolAddOnsProperty | undefined; /** * Contains settings for activation of threat protection, including the operating mode and additional authentication types. */ set userPoolAddOns(value: cdk.IResolvable | CfnUserPool.UserPoolAddOnsProperty | undefined); /** * A friendly name for your user pool. */ get userPoolName(): string | undefined; /** * A friendly name for your user pool. */ set userPoolName(value: string | undefined); /** * The tag keys and values to assign to the user pool. */ get userPoolTagsRaw(): any | undefined;