Type: Array of AttributeType (p. 352) objects Required: No
Username (p. 12)
The username for the user. Must be unique within the user pool. Must be a UTF-8 string between 1 and 128 characters. After the user is created, the username can't be changed.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 12)
The user pool ID for the user pool where the user will be created.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes ValidationData (p. 12)
The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.
To configure custom validation, you must create a Pre Sign-up AWS Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.
The user's validation data isn't persisted.
Type: Array of AttributeType (p. 352) objects Required: No
"UserCreateDate": number,
Response Elements
"UserLastModifiedDate": number, "Username": "string",
"UserStatus": "string"
} }
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
User (p. 15)
The newly created user.
Type: UserType (p. 436) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
CodeDeliveryFailureException
This exception is thrown when a verification code fails to deliver successfully.
HTTP Status Code: 400 InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500 InvalidLambdaResponseException
This exception is thrown when Amazon Cognito encounters an invalid AWS Lambda response.
HTTP Status Code: 400 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 InvalidPasswordException
This exception is thrown when Amazon Cognito encounters an invalid password.
HTTP Status Code: 400
InvalidSmsRoleAccessPolicyException
This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS.
HTTP Status Code: 400
InvalidSmsRoleTrustRelationshipException
This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool.
See Also
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 PreconditionNotMetException
This exception is thrown when a precondition is not met.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UnexpectedLambdaException
This exception is thrown when Amazon Cognito encounters an unexpected exception with AWS Lambda.
HTTP Status Code: 400 UnsupportedUserStateException
The request failed because the user is in an unsupported state.
HTTP Status Code: 400 UserLambdaValidationException
This exception is thrown when the Amazon Cognito service encounters a user validation exception with the AWS Lambda service.
HTTP Status Code: 400 UsernameExistsException
This exception is thrown when Amazon Cognito encounters a user name that already exists in the user pool.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
See Also
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminDeleteUser
AdminDeleteUser
Deletes a user as an administrator. Works on any user.
Calling this action requires developer credentials.
Request Syntax
{ "Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
Username (p. 19)
The user name of the user you want to delete.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 19)
The user pool ID for the user pool where you want to delete the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
See Also
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminDeleteUserAttributes
AdminDeleteUserAttributes
Deletes the user attributes in a user pool as an administrator. Works on any user.
Calling this action requires developer credentials.
Request Syntax
{ "UserAttributeNames": [ "string" ], "Username": "string",
"UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
UserAttributeNames (p. 21)
An array of strings representing the user attribute names you want to delete.
For custom attributes, you must prepend the custom: prefix to the attribute name.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 32.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes Username (p. 21)
The user name of the user from which you would like to delete attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 21)
The user pool ID for the user pool where you want to delete user attributes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Elements
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminDisableProviderForUser
AdminDisableProviderForUser
Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Amazon Cognito User Pools native username + password user, they aren't permitted to use their password to sign in. If the user to deactivate is a linked external identity provider (IdP) user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser) signs in, they must create a new user account. See AdminLinkProviderForUser.
This action is enabled only for admin access and requires developer credentials.
The ProviderName must match the value specified when creating an IdP for the pool.
To deactivate a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject. The ProviderAttributeValue must be the name that is used in the user pool for the user.
The ProviderAttributeName must always be Cognito_Subject for social identity providers.
The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.
Request Syntax
{ "User": {
"ProviderAttributeName": "string", "ProviderAttributeValue": "string", "ProviderName": "string"
},
"UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
User (p. 23)
The user to be disabled.
Type: ProviderUserIdentifierType (p. 395) object Required: Yes
UserPoolId (p. 23)
The user pool ID for the user pool.
Response Elements
Type: String Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
AliasExistsException
This exception is thrown when a user tries to confirm the account with an email or phone number that has already been supplied as an alias from a different account. This exception tells user that an account with this email or phone already exists.
HTTP Status Code: 400 InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
See Also
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminDisableUser
AdminDisableUser
Disables the specified user.
Calling this action requires developer credentials.
Request Syntax
{ "Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
Username (p. 26)
The user name of the user you want to disable.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 26)
The user pool ID for the user pool where you want to disable the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
See Also
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminEnableUser
AdminEnableUser
Enables the specified user as an administrator. Works on any user.
Calling this action requires developer credentials.
Request Syntax
{ "Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
Username (p. 28)
The user name of the user you want to enable.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 28)
The user pool ID for the user pool where you want to enable the user.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
See Also
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminForgetDevice
AdminForgetDevice
Forgets the device, as an administrator.
Calling this action requires developer credentials.
Request Syntax
{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
DeviceKey (p. 30) The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: Yes Username (p. 30) The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 30)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is not valid.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
HTTP Status Code: 400 UserNotFoundException
This exception is thrown when a user isn't found.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminGetDevice
AdminGetDevice
Gets the device, as an administrator.
Calling this action requires developer credentials.
Request Syntax
{ "DeviceKey": "string", "Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
DeviceKey (p. 32) The device key.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-f-]+
Required: Yes Username (p. 32) The user name.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 32)
The user pool ID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern: [\w-]+_[0-9a-zA-Z]+
Required: Yes
Response Syntax
{
Response Elements
"Device": {
"DeviceAttributes": [ {
"Name": "string", "Value": "string"
} ],
"DeviceCreateDate": number, "DeviceKey": "string",
"DeviceLastAuthenticatedDate": number, "DeviceLastModifiedDate": number }}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Device (p. 32) The device.
Type: DeviceType (p. 367) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 442).
InternalErrorException
This exception is thrown when Amazon Cognito encounters an internal error.
HTTP Status Code: 500 InvalidParameterException
This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
HTTP Status Code: 400
InvalidUserPoolConfigurationException
This exception is thrown when the user pool configuration is not valid.
HTTP Status Code: 400 NotAuthorizedException
This exception is thrown when a user isn't authorized.
HTTP Status Code: 400 ResourceNotFoundException
This exception is thrown when the Amazon Cognito service can't find the requested resource.
HTTP Status Code: 400 TooManyRequestsException
This exception is thrown when the user has made too many requests for a given operation.
See Also
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS Command Line Interface
• AWS SDK for .NET
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for JavaScript
• AWS SDK for PHP V3
• AWS SDK for Python
• AWS SDK for Ruby V3
AdminGetUser
AdminGetUser
Gets the specified user by user name in a user pool as an administrator. Works on any user.
Calling this action requires developer credentials.
Request Syntax
{
"Username": "string", "UserPoolId": "string"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters (p. 440).
The request accepts the following data in JSON format.
Username (p. 35)
The user name of the user you want to retrieve.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+
Required: Yes UserPoolId (p. 35)
The user pool ID for the user pool where you want to get information about the user.
Type: String
Type: String