Skip to content

Resource: awsCognitoUser

Provides a Cognito User Resource.

Example Usage

Basic configuration

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolExample = new aws.cognitoUserPool.CognitoUserPool(
  this,
  "example",
  {
    name: "MyExamplePool",
  }
);
const awsCognitoUserExample = new aws.cognitoUser.CognitoUser(
  this,
  "example_1",
  {
    userPoolId: awsCognitoUserPoolExample.id,
    username: "example",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserExample.overrideLogicalId("example");

Setting user attributes

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsCognitoUserPoolExample = new aws.cognitoUserPool.CognitoUserPool(
  this,
  "example",
  {
    name: "mypool",
    schema: [
      {
        attributeDataType: "Boolean",
        developerOnlyAttribute: false,
        mutable: false,
        name: "terraform",
        required: false,
      },
      {
        attributeDataType: "String",
        developerOnlyAttribute: false,
        mutable: false,
        name: "foo",
        required: false,
        stringAttributeConstraints: {},
      },
    ],
  }
);
const awsCognitoUserExample = new aws.cognitoUser.CognitoUser(
  this,
  "example_1",
  {
    attributes: {
      email: "no-reply@hashicorp.com",
      email_verified: true,
      foo: "bar",
      terraform: true,
    },
    userPoolId: awsCognitoUserPoolExample.id,
    username: "example",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsCognitoUserExample.overrideLogicalId("example");

Argument Reference

The following arguments are required:

  • userPoolId - (Required) The user pool ID for the user pool where the user will be created.
  • username - (Required) The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

  • attributes - (Optional) A map that contains user attributes and attribute values to be set for the user.
  • clientMetadata - (Optional) A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the clientMetadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
  • desiredDeliveryMediums - (Optional) A list of mediums to the welcome message will be sent through. Allowed values are email and sms. If it's provided, make sure you have also specified email attribute for the email medium and phoneNumber for the sms. More than one value can be specified. Amazon Cognito does not store the desiredDeliveryMediums value. Defaults to ["sms"].
  • enabled - (Optional) Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with messageAction argument. Defaults to true.
  • forceAliasCreation - (Optional) If this parameter is set to True and the phoneNumber or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the forceAliasCreation value. Defaults to false.
  • messageAction - (Optional) Set to resend to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to suppress to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the messageAction value.
  • password - (Optional) The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporaryPassword value. You can suppress sending the welcome message with the messageAction argument. Amazon Cognito does not store the password value. Conflicts with temporaryPassword.
  • temporaryPassword - (Optional) The user's temporary password. Conflicts with password.
  • validationData - (Optional) The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validationData value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

\~> NOTE: Clearing password or temporaryPassword does not reset user's password in Cognito.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • status - current user status.
  • sub - unique user id that is never reassignable to another user.
  • mfaPreference - user's settings regarding MFA settings and preferences.

Import

Cognito User can be imported using the userPoolId/name attributes concatenated, e.g.,

$ terraform import aws_cognito_user.user us-east-1_vG78M4goG/user