1. Packages
  2. AWS
  3. API Docs
  4. cognito
  5. User
AWS v6.77.1 published on Friday, Apr 18, 2025 by Pulumi

aws.cognito.User

Explore with Pulumi AI

Provides a Cognito User Resource.

Example Usage

Basic configuration

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {name: "MyExamplePool"});
const exampleUser = new aws.cognito.User("example", {
    userPoolId: example.id,
    username: "example",
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.cognito.UserPool("example", name="MyExamplePool")
example_user = aws.cognito.User("example",
    user_pool_id=example.id,
    username="example")
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
			Name: pulumi.String("MyExamplePool"),
		})
		if err != nil {
			return err
		}
		_, err = cognito.NewUser(ctx, "example", &cognito.UserArgs{
			UserPoolId: example.ID(),
			Username:   pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Cognito.UserPool("example", new()
    {
        Name = "MyExamplePool",
    });

    var exampleUser = new Aws.Cognito.User("example", new()
    {
        UserPoolId = example.Id,
        Username = "example",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.User;
import com.pulumi.aws.cognito.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new UserPool("example", UserPoolArgs.builder()
            .name("MyExamplePool")
            .build());

        var exampleUser = new User("exampleUser", UserArgs.builder()
            .userPoolId(example.id())
            .username("example")
            .build());

    }
}
Copy
resources:
  example:
    type: aws:cognito:UserPool
    properties:
      name: MyExamplePool
  exampleUser:
    type: aws:cognito:User
    name: example
    properties:
      userPoolId: ${example.id}
      username: example
Copy

Setting user attributes

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.cognito.UserPool("example", {
    name: "mypool",
    schemas: [
        {
            name: "example",
            attributeDataType: "Boolean",
            mutable: false,
            required: false,
            developerOnlyAttribute: false,
        },
        {
            name: "foo",
            attributeDataType: "String",
            mutable: false,
            required: false,
            developerOnlyAttribute: false,
            stringAttributeConstraints: {},
        },
    ],
});
const exampleUser = new aws.cognito.User("example", {
    userPoolId: example.id,
    username: "example",
    attributes: {
        example: "true",
        foo: "bar",
        email: "no-reply@example.com",
        email_verified: "true",
    },
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.cognito.UserPool("example",
    name="mypool",
    schemas=[
        {
            "name": "example",
            "attribute_data_type": "Boolean",
            "mutable": False,
            "required": False,
            "developer_only_attribute": False,
        },
        {
            "name": "foo",
            "attribute_data_type": "String",
            "mutable": False,
            "required": False,
            "developer_only_attribute": False,
            "string_attribute_constraints": {},
        },
    ])
example_user = aws.cognito.User("example",
    user_pool_id=example.id,
    username="example",
    attributes={
        "example": "true",
        "foo": "bar",
        "email": "no-reply@example.com",
        "email_verified": "true",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := cognito.NewUserPool(ctx, "example", &cognito.UserPoolArgs{
			Name: pulumi.String("mypool"),
			Schemas: cognito.UserPoolSchemaArray{
				&cognito.UserPoolSchemaArgs{
					Name:                   pulumi.String("example"),
					AttributeDataType:      pulumi.String("Boolean"),
					Mutable:                pulumi.Bool(false),
					Required:               pulumi.Bool(false),
					DeveloperOnlyAttribute: pulumi.Bool(false),
				},
				&cognito.UserPoolSchemaArgs{
					Name:                       pulumi.String("foo"),
					AttributeDataType:          pulumi.String("String"),
					Mutable:                    pulumi.Bool(false),
					Required:                   pulumi.Bool(false),
					DeveloperOnlyAttribute:     pulumi.Bool(false),
					StringAttributeConstraints: &cognito.UserPoolSchemaStringAttributeConstraintsArgs{},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = cognito.NewUser(ctx, "example", &cognito.UserArgs{
			UserPoolId: example.ID(),
			Username:   pulumi.String("example"),
			Attributes: pulumi.StringMap{
				"example":        pulumi.String("true"),
				"foo":            pulumi.String("bar"),
				"email":          pulumi.String("no-reply@example.com"),
				"email_verified": pulumi.String("true"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Cognito.UserPool("example", new()
    {
        Name = "mypool",
        Schemas = new[]
        {
            new Aws.Cognito.Inputs.UserPoolSchemaArgs
            {
                Name = "example",
                AttributeDataType = "Boolean",
                Mutable = false,
                Required = false,
                DeveloperOnlyAttribute = false,
            },
            new Aws.Cognito.Inputs.UserPoolSchemaArgs
            {
                Name = "foo",
                AttributeDataType = "String",
                Mutable = false,
                Required = false,
                DeveloperOnlyAttribute = false,
                StringAttributeConstraints = null,
            },
        },
    });

    var exampleUser = new Aws.Cognito.User("example", new()
    {
        UserPoolId = example.Id,
        Username = "example",
        Attributes = 
        {
            { "example", "true" },
            { "foo", "bar" },
            { "email", "no-reply@example.com" },
            { "email_verified", "true" },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSchemaArgs;
import com.pulumi.aws.cognito.inputs.UserPoolSchemaStringAttributeConstraintsArgs;
import com.pulumi.aws.cognito.User;
import com.pulumi.aws.cognito.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new UserPool("example", UserPoolArgs.builder()
            .name("mypool")
            .schemas(            
                UserPoolSchemaArgs.builder()
                    .name("example")
                    .attributeDataType("Boolean")
                    .mutable(false)
                    .required(false)
                    .developerOnlyAttribute(false)
                    .build(),
                UserPoolSchemaArgs.builder()
                    .name("foo")
                    .attributeDataType("String")
                    .mutable(false)
                    .required(false)
                    .developerOnlyAttribute(false)
                    .stringAttributeConstraints(UserPoolSchemaStringAttributeConstraintsArgs.builder()
                        .build())
                    .build())
            .build());

        var exampleUser = new User("exampleUser", UserArgs.builder()
            .userPoolId(example.id())
            .username("example")
            .attributes(Map.ofEntries(
                Map.entry("example", "true"),
                Map.entry("foo", "bar"),
                Map.entry("email", "no-reply@example.com"),
                Map.entry("email_verified", "true")
            ))
            .build());

    }
}
Copy
resources:
  example:
    type: aws:cognito:UserPool
    properties:
      name: mypool
      schemas:
        - name: example
          attributeDataType: Boolean
          mutable: false
          required: false
          developerOnlyAttribute: false
        - name: foo
          attributeDataType: String
          mutable: false
          required: false
          developerOnlyAttribute: false
          stringAttributeConstraints: {}
  exampleUser:
    type: aws:cognito:User
    name: example
    properties:
      userPoolId: ${example.id}
      username: example
      attributes:
        example: true
        foo: bar
        email: no-reply@example.com
        email_verified: true
Copy

Create User Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
@overload
def User(resource_name: str,
         args: UserArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def User(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         user_pool_id: Optional[str] = None,
         username: Optional[str] = None,
         attributes: Optional[Mapping[str, str]] = None,
         client_metadata: Optional[Mapping[str, str]] = None,
         desired_delivery_mediums: Optional[Sequence[str]] = None,
         enabled: Optional[bool] = None,
         force_alias_creation: Optional[bool] = None,
         message_action: Optional[str] = None,
         password: Optional[str] = None,
         temporary_password: Optional[str] = None,
         validation_data: Optional[Mapping[str, str]] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, CustomResourceOptions? opts = null)
public User(String name, UserArgs args)
public User(String name, UserArgs args, CustomResourceOptions options)
type: aws:cognito:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var awsUserResource = new Aws.Cognito.User("awsUserResource", new()
{
    UserPoolId = "string",
    Username = "string",
    Attributes = 
    {
        { "string", "string" },
    },
    ClientMetadata = 
    {
        { "string", "string" },
    },
    DesiredDeliveryMediums = new[]
    {
        "string",
    },
    Enabled = false,
    ForceAliasCreation = false,
    MessageAction = "string",
    Password = "string",
    TemporaryPassword = "string",
    ValidationData = 
    {
        { "string", "string" },
    },
});
Copy
example, err := cognito.NewUser(ctx, "awsUserResource", &cognito.UserArgs{
	UserPoolId: pulumi.String("string"),
	Username:   pulumi.String("string"),
	Attributes: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ClientMetadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	DesiredDeliveryMediums: pulumi.StringArray{
		pulumi.String("string"),
	},
	Enabled:            pulumi.Bool(false),
	ForceAliasCreation: pulumi.Bool(false),
	MessageAction:      pulumi.String("string"),
	Password:           pulumi.String("string"),
	TemporaryPassword:  pulumi.String("string"),
	ValidationData: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var awsUserResource = new com.pulumi.aws.cognito.User("awsUserResource", com.pulumi.aws.cognito.UserArgs.builder()
    .userPoolId("string")
    .username("string")
    .attributes(Map.of("string", "string"))
    .clientMetadata(Map.of("string", "string"))
    .desiredDeliveryMediums("string")
    .enabled(false)
    .forceAliasCreation(false)
    .messageAction("string")
    .password("string")
    .temporaryPassword("string")
    .validationData(Map.of("string", "string"))
    .build());
Copy
aws_user_resource = aws.cognito.User("awsUserResource",
    user_pool_id="string",
    username="string",
    attributes={
        "string": "string",
    },
    client_metadata={
        "string": "string",
    },
    desired_delivery_mediums=["string"],
    enabled=False,
    force_alias_creation=False,
    message_action="string",
    password="string",
    temporary_password="string",
    validation_data={
        "string": "string",
    })
Copy
const awsUserResource = new aws.cognito.User("awsUserResource", {
    userPoolId: "string",
    username: "string",
    attributes: {
        string: "string",
    },
    clientMetadata: {
        string: "string",
    },
    desiredDeliveryMediums: ["string"],
    enabled: false,
    forceAliasCreation: false,
    messageAction: "string",
    password: "string",
    temporaryPassword: "string",
    validationData: {
        string: "string",
    },
});
Copy
type: aws:cognito:User
properties:
    attributes:
        string: string
    clientMetadata:
        string: string
    desiredDeliveryMediums:
        - string
    enabled: false
    forceAliasCreation: false
    messageAction: string
    password: string
    temporaryPassword: string
    userPoolId: string
    username: string
    validationData:
        string: string
Copy

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The User resource accepts the following input properties:

UserPoolId
This property is required.
Changes to this property will trigger replacement.
string
The user pool ID for the user pool where the user will be created.
Username
This property is required.
Changes to this property will trigger replacement.
string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

Attributes Dictionary<string, string>
A map that contains user attributes and attribute values to be set for the user.
ClientMetadata Dictionary<string, string>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
DesiredDeliveryMediums List<string>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
Enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
ForceAliasCreation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
MessageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
Password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
TemporaryPassword string
The user's temporary password. Conflicts with password.
ValidationData Dictionary<string, string>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

UserPoolId
This property is required.
Changes to this property will trigger replacement.
string
The user pool ID for the user pool where the user will be created.
Username
This property is required.
Changes to this property will trigger replacement.
string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

Attributes map[string]string
A map that contains user attributes and attribute values to be set for the user.
ClientMetadata map[string]string
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
DesiredDeliveryMediums []string
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
Enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
ForceAliasCreation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
MessageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
Password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
TemporaryPassword string
The user's temporary password. Conflicts with password.
ValidationData map[string]string

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

userPoolId
This property is required.
Changes to this property will trigger replacement.
String
The user pool ID for the user pool where the user will be created.
username
This property is required.
Changes to this property will trigger replacement.
String

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

attributes Map<String,String>
A map that contains user attributes and attribute values to be set for the user.
clientMetadata Map<String,String>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
desiredDeliveryMediums List<String>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled Boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation Boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
messageAction String
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
password String
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
temporaryPassword String
The user's temporary password. Conflicts with password.
validationData Map<String,String>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

userPoolId
This property is required.
Changes to this property will trigger replacement.
string
The user pool ID for the user pool where the user will be created.
username
This property is required.
Changes to this property will trigger replacement.
string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

attributes {[key: string]: string}
A map that contains user attributes and attribute values to be set for the user.
clientMetadata {[key: string]: string}
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
desiredDeliveryMediums string[]
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
messageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
temporaryPassword string
The user's temporary password. Conflicts with password.
validationData {[key: string]: string}

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

user_pool_id
This property is required.
Changes to this property will trigger replacement.
str
The user pool ID for the user pool where the user will be created.
username
This property is required.
Changes to this property will trigger replacement.
str

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

attributes Mapping[str, str]
A map that contains user attributes and attribute values to be set for the user.
client_metadata Mapping[str, str]
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
desired_delivery_mediums Sequence[str]
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
force_alias_creation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
message_action str
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
password str
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
temporary_password str
The user's temporary password. Conflicts with password.
validation_data Mapping[str, str]

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

userPoolId
This property is required.
Changes to this property will trigger replacement.
String
The user pool ID for the user pool where the user will be created.
username
This property is required.
Changes to this property will trigger replacement.
String

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

attributes Map<String>
A map that contains user attributes and attribute values to be set for the user.
clientMetadata Map<String>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
desiredDeliveryMediums List<String>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled Boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation Boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
messageAction String
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
password String
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
temporaryPassword String
The user's temporary password. Conflicts with password.
validationData Map<String>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

CreationDate string
Id string
The provider-assigned unique ID for this managed resource.
LastModifiedDate string
MfaSettingLists List<string>
PreferredMfaSetting string
Status string
current user status.
Sub string
unique user id that is never reassignable to another user.
CreationDate string
Id string
The provider-assigned unique ID for this managed resource.
LastModifiedDate string
MfaSettingLists []string
PreferredMfaSetting string
Status string
current user status.
Sub string
unique user id that is never reassignable to another user.
creationDate String
id String
The provider-assigned unique ID for this managed resource.
lastModifiedDate String
mfaSettingLists List<String>
preferredMfaSetting String
status String
current user status.
sub String
unique user id that is never reassignable to another user.
creationDate string
id string
The provider-assigned unique ID for this managed resource.
lastModifiedDate string
mfaSettingLists string[]
preferredMfaSetting string
status string
current user status.
sub string
unique user id that is never reassignable to another user.
creation_date str
id str
The provider-assigned unique ID for this managed resource.
last_modified_date str
mfa_setting_lists Sequence[str]
preferred_mfa_setting str
status str
current user status.
sub str
unique user id that is never reassignable to another user.
creationDate String
id String
The provider-assigned unique ID for this managed resource.
lastModifiedDate String
mfaSettingLists List<String>
preferredMfaSetting String
status String
current user status.
sub String
unique user id that is never reassignable to another user.

Look up Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        attributes: Optional[Mapping[str, str]] = None,
        client_metadata: Optional[Mapping[str, str]] = None,
        creation_date: Optional[str] = None,
        desired_delivery_mediums: Optional[Sequence[str]] = None,
        enabled: Optional[bool] = None,
        force_alias_creation: Optional[bool] = None,
        last_modified_date: Optional[str] = None,
        message_action: Optional[str] = None,
        mfa_setting_lists: Optional[Sequence[str]] = None,
        password: Optional[str] = None,
        preferred_mfa_setting: Optional[str] = None,
        status: Optional[str] = None,
        sub: Optional[str] = None,
        temporary_password: Optional[str] = None,
        user_pool_id: Optional[str] = None,
        username: Optional[str] = None,
        validation_data: Optional[Mapping[str, str]] = None) -> User
func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)
resources:  _:    type: aws:cognito:User    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Attributes Dictionary<string, string>
A map that contains user attributes and attribute values to be set for the user.
ClientMetadata Dictionary<string, string>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
CreationDate string
DesiredDeliveryMediums List<string>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
Enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
ForceAliasCreation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
LastModifiedDate string
MessageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
MfaSettingLists List<string>
Password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
PreferredMfaSetting string
Status string
current user status.
Sub string
unique user id that is never reassignable to another user.
TemporaryPassword string
The user's temporary password. Conflicts with password.
UserPoolId Changes to this property will trigger replacement. string
The user pool ID for the user pool where the user will be created.
Username Changes to this property will trigger replacement. string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

ValidationData Dictionary<string, string>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

Attributes map[string]string
A map that contains user attributes and attribute values to be set for the user.
ClientMetadata map[string]string
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
CreationDate string
DesiredDeliveryMediums []string
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
Enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
ForceAliasCreation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
LastModifiedDate string
MessageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
MfaSettingLists []string
Password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
PreferredMfaSetting string
Status string
current user status.
Sub string
unique user id that is never reassignable to another user.
TemporaryPassword string
The user's temporary password. Conflicts with password.
UserPoolId Changes to this property will trigger replacement. string
The user pool ID for the user pool where the user will be created.
Username Changes to this property will trigger replacement. string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

ValidationData map[string]string

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

attributes Map<String,String>
A map that contains user attributes and attribute values to be set for the user.
clientMetadata Map<String,String>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
creationDate String
desiredDeliveryMediums List<String>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled Boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation Boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
lastModifiedDate String
messageAction String
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
mfaSettingLists List<String>
password String
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
preferredMfaSetting String
status String
current user status.
sub String
unique user id that is never reassignable to another user.
temporaryPassword String
The user's temporary password. Conflicts with password.
userPoolId Changes to this property will trigger replacement. String
The user pool ID for the user pool where the user will be created.
username Changes to this property will trigger replacement. String

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

validationData Map<String,String>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

attributes {[key: string]: string}
A map that contains user attributes and attribute values to be set for the user.
clientMetadata {[key: string]: string}
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
creationDate string
desiredDeliveryMediums string[]
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
lastModifiedDate string
messageAction string
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
mfaSettingLists string[]
password string
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
preferredMfaSetting string
status string
current user status.
sub string
unique user id that is never reassignable to another user.
temporaryPassword string
The user's temporary password. Conflicts with password.
userPoolId Changes to this property will trigger replacement. string
The user pool ID for the user pool where the user will be created.
username Changes to this property will trigger replacement. string

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

validationData {[key: string]: string}

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

attributes Mapping[str, str]
A map that contains user attributes and attribute values to be set for the user.
client_metadata Mapping[str, str]
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
creation_date str
desired_delivery_mediums Sequence[str]
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled bool
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
force_alias_creation bool
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
last_modified_date str
message_action str
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
mfa_setting_lists Sequence[str]
password str
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
preferred_mfa_setting str
status str
current user status.
sub str
unique user id that is never reassignable to another user.
temporary_password str
The user's temporary password. Conflicts with password.
user_pool_id Changes to this property will trigger replacement. str
The user pool ID for the user pool where the user will be created.
username Changes to this property will trigger replacement. str

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

validation_data Mapping[str, str]

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

attributes Map<String>
A map that contains user attributes and attribute values to be set for the user.
clientMetadata Map<String>
A map of custom key-value pairs that you can provide as input for any custom workflows that user creation triggers. Amazon Cognito does not store the client_metadata value. This data is available only to Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration does not include triggers, the ClientMetadata parameter serves no purpose. For more information, see Customizing User Pool Workflows with Lambda Triggers.
creationDate String
desiredDeliveryMediums List<String>
A list of mediums to the welcome message will be sent through. Allowed values are EMAIL and SMS. If it's provided, make sure you have also specified email attribute for the EMAIL medium and phone_number for the SMS. More than one value can be specified. Amazon Cognito does not store the desired_delivery_mediums value. Defaults to ["SMS"].
enabled Boolean
Specifies whether the user should be enabled after creation. The welcome message will be sent regardless of the enabled value. The behavior can be changed with message_action argument. Defaults to true.
forceAliasCreation Boolean
If this parameter is set to True and the phone_number or email address specified in the attributes parameter already exists as an alias with a different user, Amazon Cognito will migrate the alias from the previous user to the newly created user. The previous user will no longer be able to log in using that alias. Amazon Cognito does not store the force_alias_creation value. Defaults to false.
lastModifiedDate String
messageAction String
Set to RESEND to resend the invitation message to a user that already exists and reset the expiration limit on the user's account. Set to SUPPRESS to suppress sending the message. Only one value can be specified. Amazon Cognito does not store the message_action value.
mfaSettingLists List<String>
password String
The user's permanent password. This password must conform to the password policy specified by user pool the user belongs to. The welcome message always contains only temporary_password value. You can suppress sending the welcome message with the message_action argument. Amazon Cognito does not store the password value. Conflicts with temporary_password.
preferredMfaSetting String
status String
current user status.
sub String
unique user id that is never reassignable to another user.
temporaryPassword String
The user's temporary password. Conflicts with password.
userPoolId Changes to this property will trigger replacement. String
The user pool ID for the user pool where the user will be created.
username Changes to this property will trigger replacement. String

The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username cannot be changed.

The following arguments are optional:

validationData Map<String>

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. Amazon Cognito does not store the validation_data value. For more information, see Customizing User Pool Workflows with Lambda Triggers.

NOTE: Clearing password or temporary_password does not reset user's password in Cognito.

Import

Using pulumi import, import Cognito User using the user_pool_id/name attributes concatenated. For example:

$ pulumi import aws:cognito/user:User user us-east-1_vG78M4goG/user
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.