/
types.go
2054 lines (1615 loc) · 85.1 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Code generated by smithy-go-codegen DO NOT EDIT.
package types
import (
smithydocument "github.com/aws/smithy-go/document"
"time"
)
// The data type for AccountRecoverySetting .
type AccountRecoverySettingType struct {
// The list of RecoveryOptionTypes .
RecoveryMechanisms []RecoveryOptionType
noSmithyDocumentSerde
}
// Account takeover actions type.
type AccountTakeoverActionsType struct {
// Action to take for a high risk.
HighAction *AccountTakeoverActionType
// Action to take for a low risk.
LowAction *AccountTakeoverActionType
// Action to take for a medium risk.
MediumAction *AccountTakeoverActionType
noSmithyDocumentSerde
}
// Account takeover action type.
type AccountTakeoverActionType struct {
// The action to take in response to the account takeover action. Valid values are
// as follows:
// - BLOCK Choosing this action will block the request.
// - MFA_IF_CONFIGURED Present an MFA challenge if user has configured it, else
// allow the request.
// - MFA_REQUIRED Present an MFA challenge if user has configured it, else block
// the request.
// - NO_ACTION Allow the user to sign in.
//
// This member is required.
EventAction AccountTakeoverEventActionType
// Flag specifying whether to send a notification.
//
// This member is required.
Notify bool
noSmithyDocumentSerde
}
// Configuration for mitigation actions and notification for different levels of
// risk detected for a potential account takeover.
type AccountTakeoverRiskConfigurationType struct {
// Account takeover risk configuration actions.
//
// This member is required.
Actions *AccountTakeoverActionsType
// The notify configuration used to construct email notifications.
NotifyConfiguration *NotifyConfigurationType
noSmithyDocumentSerde
}
// The configuration for creating a new user profile.
type AdminCreateUserConfigType struct {
// Set to True if only the administrator is allowed to create user profiles. Set
// to False if users can sign themselves up via an app.
AllowAdminCreateUserOnly bool
// The message template to be used for the welcome message to new users. See also
// Customizing User Invitation Messages (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization)
// .
InviteMessageTemplate *MessageTemplateType
// The user account expiration limit, in days, after which a new account that
// hasn't signed in is no longer usable. To reset the account after that time
// limit, you must call AdminCreateUser again, specifying "RESEND" for the
// MessageAction parameter. The default value for this parameter is 7. If you set a
// value for TemporaryPasswordValidityDays in PasswordPolicy , that value will be
// used, and UnusedAccountValidityDays will be no longer be an available parameter
// for that user pool.
UnusedAccountValidityDays int32
noSmithyDocumentSerde
}
// The Amazon Pinpoint analytics configuration necessary to collect metrics for a
// user pool. In Regions where Amazon Pinpoint isn't available, user pools only
// support sending events to Amazon Pinpoint projects in us-east-1. In Regions
// where Amazon Pinpoint is available, user pools support sending events to Amazon
// Pinpoint projects within that same Region.
type AnalyticsConfigurationType struct {
// The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the
// Amazon Pinpoint project to integrate with the chosen user pool Client. Amazon
// Cognito publishes events to the Amazon Pinpoint project that the app ARN
// declares.
ApplicationArn *string
// The application ID for an Amazon Pinpoint application.
ApplicationId *string
// The external ID.
ExternalId *string
// The ARN of an Identity and Access Management role that authorizes Amazon
// Cognito to publish events to Amazon Pinpoint analytics.
RoleArn *string
// If UserDataShared is true , Amazon Cognito includes user data in the events that
// it publishes to Amazon Pinpoint analytics.
UserDataShared bool
noSmithyDocumentSerde
}
// An Amazon Pinpoint analytics endpoint. An endpoint uniquely identifies a mobile
// device, email address, or phone number that can receive messages from Amazon
// Pinpoint analytics. For more information about Amazon Web Services Regions that
// can contain Amazon Pinpoint resources for use with Amazon Cognito user pools,
// see Using Amazon Pinpoint analytics with Amazon Cognito user pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html)
// .
type AnalyticsMetadataType struct {
// The endpoint ID.
AnalyticsEndpointId *string
noSmithyDocumentSerde
}
// Specifies whether the attribute is standard or custom.
type AttributeType struct {
// The name of the attribute.
//
// This member is required.
Name *string
// The value of the attribute.
Value *string
noSmithyDocumentSerde
}
// The authentication result.
type AuthenticationResultType struct {
// A valid access token that Amazon Cognito issued to the user who you want to
// authenticate.
AccessToken *string
// The expiration period of the authentication result in seconds.
ExpiresIn int32
// The ID token.
IdToken *string
// The new device metadata from an authentication result.
NewDeviceMetadata *NewDeviceMetadataType
// The refresh token.
RefreshToken *string
// The token type.
TokenType *string
noSmithyDocumentSerde
}
// The authentication event type.
type AuthEventType struct {
// The challenge responses.
ChallengeResponses []ChallengeResponseType
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was created.
CreationDate *time.Time
// The user context data captured at the time of an event request. This value
// provides additional information about the client from which event the request is
// received.
EventContextData *EventContextDataType
// A flag specifying the user feedback captured at the time of an event request is
// good or bad.
EventFeedback *EventFeedbackType
// The event ID.
EventId *string
// The event response.
EventResponse EventResponseType
// The event risk.
EventRisk *EventRiskType
// The event type.
EventType EventType
noSmithyDocumentSerde
}
// The challenge response type.
type ChallengeResponseType struct {
// The challenge name.
ChallengeName ChallengeName
// The challenge response.
ChallengeResponse ChallengeResponse
noSmithyDocumentSerde
}
// The CloudWatch logging destination of a user pool detailed activity logging
// configuration.
type CloudWatchLogsConfigurationType struct {
// The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user
// pool sends logs. The log group must not be encrypted with Key Management Service
// and must be in the same Amazon Web Services account as your user pool. To send
// logs to log groups with a resource policy of a size greater than 5120
// characters, configure a log group with a path that starts with /aws/vendedlogs .
// For more information, see Enabling logging from certain Amazon Web Services
// services (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html)
// .
LogGroupArn *string
noSmithyDocumentSerde
}
// The delivery details for an email or SMS message that Amazon Cognito sent for
// authentication or verification.
type CodeDeliveryDetailsType struct {
// The name of the attribute that Amazon Cognito verifies with the code.
AttributeName *string
// The method that Amazon Cognito used to send the code.
DeliveryMedium DeliveryMediumType
// The email address or phone number destination where Amazon Cognito sent the
// code.
Destination *string
noSmithyDocumentSerde
}
// The compromised credentials actions type.
type CompromisedCredentialsActionsType struct {
// The event action.
//
// This member is required.
EventAction CompromisedCredentialsEventActionType
noSmithyDocumentSerde
}
// The compromised credentials risk configuration type.
type CompromisedCredentialsRiskConfigurationType struct {
// The compromised credentials risk configuration actions.
//
// This member is required.
Actions *CompromisedCredentialsActionsType
// Perform the action for these events. The default is to perform all events if no
// event filter is specified.
EventFilter []EventFilterType
noSmithyDocumentSerde
}
// Contextual user data type used for evaluating the risk of an unexpected event
// by Amazon Cognito advanced security.
type ContextDataType struct {
// HttpHeaders received on your server in same order.
//
// This member is required.
HttpHeaders []HttpHeader
// The source IP address of your user's device.
//
// This member is required.
IpAddress *string
// Your server endpoint where this API is invoked.
//
// This member is required.
ServerName *string
// Your server path where this API is invoked.
//
// This member is required.
ServerPath *string
// Encoded device-fingerprint details that your app collected with the Amazon
// Cognito context data collection library. For more information, see Adding user
// device and session data to API requests (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint)
// .
EncodedData *string
noSmithyDocumentSerde
}
// The configuration for a custom domain that hosts the sign-up and sign-in
// webpages for your application.
type CustomDomainConfigType struct {
// The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You
// use this certificate for the subdomain of your custom domain.
//
// This member is required.
CertificateArn *string
noSmithyDocumentSerde
}
// The properties of a custom email sender Lambda trigger.
type CustomEmailLambdaVersionConfigType struct {
// The Amazon Resource Name (ARN) of the function that you want to assign to your
// Lambda trigger.
//
// This member is required.
LambdaArn *string
// The user pool trigger version of the request that Amazon Cognito sends to your
// Lambda function. Higher-numbered versions add fields that support new features.
// You must use a LambdaVersion of V1_0 with a custom sender function.
//
// This member is required.
LambdaVersion CustomEmailSenderLambdaVersionType
noSmithyDocumentSerde
}
// The properties of a custom SMS sender Lambda trigger.
type CustomSMSLambdaVersionConfigType struct {
// The Amazon Resource Name (ARN) of the function that you want to assign to your
// Lambda trigger.
//
// This member is required.
LambdaArn *string
// The user pool trigger version of the request that Amazon Cognito sends to your
// Lambda function. Higher-numbered versions add fields that support new features.
// You must use a LambdaVersion of V1_0 with a custom sender function.
//
// This member is required.
LambdaVersion CustomSMSSenderLambdaVersionType
noSmithyDocumentSerde
}
// The device-remembering configuration for a user pool. A DescribeUserPool (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html)
// request returns a null value for this object when the user pool isn't configured
// to remember devices. When device remembering is active, you can remember a
// user's device with a ConfirmDevice (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html)
// API request. Additionally. when the property DeviceOnlyRememberedOnUserPrompt
// is true , you must follow ConfirmDevice with an UpdateDeviceStatus (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html)
// API request that sets the user's device to remembered or not_remembered . To
// sign in with a remembered device, include DEVICE_KEY in the authentication
// parameters in your user's InitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html)
// request. If your app doesn't include a DEVICE_KEY parameter, the response (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html#API_InitiateAuth_ResponseSyntax)
// from Amazon Cognito includes newly-generated DEVICE_KEY and DEVICE_GROUP_KEY
// values under NewDeviceMetadata . Store these values to use in future
// device-authentication requests. When you provide a value for any property of
// DeviceConfiguration , you activate the device remembering for the user pool.
type DeviceConfigurationType struct {
// When true, a remembered device can sign in with device authentication instead
// of SMS and time-based one-time password (TOTP) factors for multi-factor
// authentication (MFA). Whether or not ChallengeRequiredOnNewDevice is true,
// users who sign in with devices that have not been confirmed or remembered must
// still provide a second factor in a user pool that requires MFA.
ChallengeRequiredOnNewDevice bool
// When true, Amazon Cognito doesn't automatically remember a user's device when
// your app sends a ConfirmDevice (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html)
// API request. In your app, create a prompt for your user to choose whether they
// want to remember their device. Return the user's choice in an UpdateDeviceStatus (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html)
// API request. When DeviceOnlyRememberedOnUserPrompt is false , Amazon Cognito
// immediately remembers devices that you register in a ConfirmDevice API request.
DeviceOnlyRememberedOnUserPrompt bool
noSmithyDocumentSerde
}
// The device verifier against which it is authenticated.
type DeviceSecretVerifierConfigType struct {
// The password verifier.
PasswordVerifier *string
// The salt (https://en.wikipedia.org/wiki/Salt_(cryptography))
Salt *string
noSmithyDocumentSerde
}
// The device type.
type DeviceType struct {
// The device attributes.
DeviceAttributes []AttributeType
// The creation date of the device.
DeviceCreateDate *time.Time
// The device key.
DeviceKey *string
// The date when the device was last authenticated.
DeviceLastAuthenticatedDate *time.Time
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was modified.
DeviceLastModifiedDate *time.Time
noSmithyDocumentSerde
}
// A container for information about a domain.
type DomainDescriptionType struct {
// The Amazon Web Services ID for the user pool owner.
AWSAccountId *string
// The Amazon CloudFront endpoint that you use as the target of the alias that you
// set up with your Domain Name Service (DNS) provider.
CloudFrontDistribution *string
// The configuration for a custom domain that hosts the sign-up and sign-in
// webpages for your application.
CustomDomainConfig *CustomDomainConfigType
// The domain string. For custom domains, this is the fully-qualified domain name,
// such as auth.example.com . For Amazon Cognito prefix domains, this is the prefix
// alone, such as auth .
Domain *string
// The Amazon S3 bucket where the static files for this domain are stored.
S3Bucket *string
// The domain status.
Status DomainStatusType
// The user pool ID.
UserPoolId *string
// The app version.
Version *string
noSmithyDocumentSerde
}
// The email configuration of your user pool. The email configuration type sets
// your preferred sending method, Amazon Web Services Region, and sender for
// messages from your user pool. Amazon Cognito can send email messages with Amazon
// Simple Email Service resources in the Amazon Web Services Region where you
// created your user pool, and in alternate Regions in some cases. For more
// information on the supported Regions, see Email settings for Amazon Cognito
// user pools (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html)
// .
type EmailConfigurationType struct {
// The set of configuration rules that can be applied to emails sent using Amazon
// Simple Email Service. A configuration set is applied to an email by including a
// reference to the configuration set in the headers of the email. Once applied,
// all of the rules in that configuration set are applied to the email.
// Configuration sets can be used to apply the following types of rules to emails:
// Event publishing Amazon Simple Email Service can track the number of send,
// delivery, open, click, bounce, and complaint events for each email sent. Use
// event publishing to send information about these events to other Amazon Web
// Services services such as and Amazon CloudWatch IP pool management When leasing
// dedicated IP addresses with Amazon Simple Email Service, you can create groups
// of IP addresses, called dedicated IP pools. You can then associate the dedicated
// IP pools with configuration sets.
ConfigurationSet *string
// Specifies whether Amazon Cognito uses its built-in functionality to send your
// users email messages, or uses your Amazon Simple Email Service email
// configuration. Specify one of the following values: COGNITO_DEFAULT When Amazon
// Cognito emails your users, it uses its built-in email functionality. When you
// use the default option, Amazon Cognito allows only a limited number of emails
// each day for your user pool. For typical production environments, the default
// email limit is less than the required delivery volume. To achieve a higher
// delivery volume, specify DEVELOPER to use your Amazon SES email configuration.
// To look up the email delivery limit for the default option, see Limits (https://docs.aws.amazon.com/cognito/latest/developerguide/limits.html)
// in the Amazon Cognito Developer Guide. The default FROM address is
// no-reply@verificationemail.com . To customize the FROM address, provide the
// Amazon Resource Name (ARN) of an Amazon SES verified email address for the
// SourceArn parameter. DEVELOPER When Amazon Cognito emails your users, it uses
// your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to
// send email from your verified email address. When you use this option, the email
// delivery limits are the same limits that apply to your Amazon SES verified email
// address in your Amazon Web Services account. If you use this option, provide the
// ARN of an Amazon SES verified email address for the SourceArn parameter. Before
// Amazon Cognito can email your users, it requires additional permissions to call
// Amazon SES on your behalf. When you update your user pool with this option,
// Amazon Cognito creates a service-linked role, which is a type of role in your
// Amazon Web Services account. This role contains the permissions that allow you
// to access Amazon SES and send email messages from your email address. For more
// information about the service-linked role that Amazon Cognito creates, see
// Using Service-Linked Roles for Amazon Cognito (https://docs.aws.amazon.com/cognito/latest/developerguide/using-service-linked-roles.html)
// in the Amazon Cognito Developer Guide.
EmailSendingAccount EmailSendingAccountType
// Either the sender’s email address or the sender’s name with their email
// address. For example, testuser@example.com or Test User . This address appears
// before the body of the email.
From *string
// The destination to which the receiver of the email should reply.
ReplyToEmailAddress *string
// The ARN of a verified email address or an address from a verified domain in
// Amazon SES. You can set a SourceArn email from a verified domain only with an
// API request. You can set a verified email address, but not an address in a
// verified domain, in the Amazon Cognito console. Amazon Cognito uses the email
// address that you provide in one of the following ways, depending on the value
// that you specify for the EmailSendingAccount parameter:
// - If you specify COGNITO_DEFAULT , Amazon Cognito uses this address as the
// custom FROM address when it emails your users using its built-in email account.
// - If you specify DEVELOPER , Amazon Cognito emails your users with this
// address by calling Amazon SES on your behalf.
// The Region value of the SourceArn parameter must indicate a supported Amazon
// Web Services Region of your user pool. Typically, the Region in the SourceArn
// and the user pool Region are the same. For more information, see Amazon SES
// email configuration regions (https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html#user-pool-email-developer-region-mapping)
// in the Amazon Cognito Developer Guide (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html)
// .
SourceArn *string
noSmithyDocumentSerde
}
// Specifies the user context data captured at the time of an event request.
type EventContextDataType struct {
// The user's city.
City *string
// The user's country.
Country *string
// The user's device name.
DeviceName *string
// The source IP address of your user's device.
IpAddress *string
// The user's time zone.
Timezone *string
noSmithyDocumentSerde
}
// Specifies the event feedback type.
type EventFeedbackType struct {
// The authentication event feedback value. When you provide a FeedbackValue value
// of valid , you tell Amazon Cognito that you trust a user session where Amazon
// Cognito has evaluated some level of risk. When you provide a FeedbackValue
// value of invalid , you tell Amazon Cognito that you don't trust a user session,
// or you don't believe that Amazon Cognito evaluated a high-enough risk level.
//
// This member is required.
FeedbackValue FeedbackValueType
// The provider.
//
// This member is required.
Provider *string
// The event feedback date.
FeedbackDate *time.Time
noSmithyDocumentSerde
}
// The event risk type.
type EventRiskType struct {
// Indicates whether compromised credentials were detected during an
// authentication event.
CompromisedCredentialsDetected *bool
// The risk decision.
RiskDecision RiskDecisionType
// The risk level.
RiskLevel RiskLevelType
noSmithyDocumentSerde
}
// The group type.
type GroupType struct {
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was created.
CreationDate *time.Time
// A string containing the description of the group.
Description *string
// The name of the group.
GroupName *string
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was modified.
LastModifiedDate *time.Time
// A non-negative integer value that specifies the precedence of this group
// relative to the other groups that a user can belong to in the user pool. Zero is
// the highest precedence value. Groups with lower Precedence values take
// precedence over groups with higher ornull Precedence values. If a user belongs
// to two or more groups, it is the group with the lowest precedence value whose
// role ARN is given in the user's tokens for the cognito:roles and
// cognito:preferred_role claims. Two groups can have the same Precedence value.
// If this happens, neither group takes precedence over the other. If two groups
// with the same Precedence have the same role ARN, that role is used in the
// cognito:preferred_role claim in tokens for users in each group. If the two
// groups have different role ARNs, the cognito:preferred_role claim isn't set in
// users' tokens. The default Precedence value is null.
Precedence *int32
// The role Amazon Resource Name (ARN) for the group.
RoleArn *string
// The user pool ID for the user pool.
UserPoolId *string
noSmithyDocumentSerde
}
// The HTTP header.
type HttpHeader struct {
// The header name.
HeaderName *string
// The header value.
HeaderValue *string
noSmithyDocumentSerde
}
// A container for information about an IdP.
type IdentityProviderType struct {
// A mapping of IdP attributes to standard and custom user pool attributes.
AttributeMapping map[string]string
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was created.
CreationDate *time.Time
// A list of IdP identifiers.
IdpIdentifiers []string
// The date and time, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html)
// format, when the item was modified.
LastModifiedDate *time.Time
// The scopes, URLs, and identifiers for your external identity provider. The
// following examples describe the provider detail keys for each IdP type. These
// values and their schema are subject to change. Social IdP authorize_scopes
// values must match the values listed here. OpenID Connect (OIDC) Amazon Cognito
// accepts the following elements when it can't discover endpoint URLs from
// oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url . Create or
// update request: "ProviderDetails": { "attributes_request_method": "GET",
// "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes":
// "openid profile email", "authorize_url": "https://auth.example.com/authorize",
// "client_id": "1example23456789", "client_secret": "provider-app-client-secret",
// "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer":
// "https://auth.example.com", "token_url": "https://example.com/token" } Describe
// response: "ProviderDetails": { "attributes_request_method": "GET",
// "attributes_url": "https://auth.example.com/userInfo",
// "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile
// email", "authorize_url": "https://auth.example.com/authorize", "client_id":
// "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri":
// "https://auth.example.com/.well-known/jwks.json", "oidc_issuer":
// "https://auth.example.com", "token_url": "https://example.com/token" } SAML
// Create or update request with Metadata URL: "ProviderDetails": { "IDPInit":
// "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL":
// "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm":
// "rsa-sha256" } Create or update request with Metadata file: "ProviderDetails":
// { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
// "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" } The
// value of MetadataFile must be the plaintext metadata document with all quote
// (") characters escaped by backslashes. Describe response: "ProviderDetails": {
// "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
// "ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
// "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm":
// "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml",
// "SSORedirectBindingURI": "https://auth.example.com/sso/saml" } LoginWithAmazon
// Create or update request: "ProviderDetails": { "authorize_scopes": "profile
// postal_code", "client_id": "amzn1.application-oa2-client.1example23456789",
// "client_secret": "provider-app-client-secret" Describe response:
// "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile",
// "attributes_url_add_attributes": "false", "authorize_scopes": "profile
// postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id":
// "amzn1.application-oa2-client.1example23456789", "client_secret":
// "provider-app-client-secret", "token_request_method": "POST", "token_url":
// "https://api.amazon.com/auth/o2/token" } Google Create or update request:
// "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id":
// "1example23456789.apps.googleusercontent.com", "client_secret":
// "provider-app-client-secret" } Describe response: "ProviderDetails": {
// "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=",
// "attributes_url_add_attributes": "true", "authorize_scopes": "email profile
// openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth",
// "client_id": "1example23456789.apps.googleusercontent.com", "client_secret":
// "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com",
// "token_request_method": "POST", "token_url":
// "https://www.googleapis.com/oauth2/v4/token" } SignInWithApple Create or update
// request: "ProviderDetails": { "authorize_scopes": "email name", "client_id":
// "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE",
// "team_id": "3EXAMPLE" } Describe response: "ProviderDetails": {
// "attributes_url_add_attributes": "false", "authorize_scopes": "email name",
// "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id":
// "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer":
// "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method":
// "POST", "token_url": "https://appleid.apple.com/auth/token" } Facebook Create or
// update request: "ProviderDetails": { "api_version": "v17.0",
// "authorize_scopes": "public_profile, email", "client_id": "1example23456789",
// "client_secret": "provider-app-client-secret" } Describe response:
// "ProviderDetails": { "api_version": "v17.0", "attributes_url":
// "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes":
// "true", "authorize_scopes": "public_profile, email", "authorize_url":
// "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789",
// "client_secret": "provider-app-client-secret", "token_request_method": "GET",
// "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
ProviderDetails map[string]string
// The IdP name.
ProviderName *string
// The IdP type.
ProviderType IdentityProviderTypeType
// The user pool ID.
UserPoolId *string
noSmithyDocumentSerde
}
// Specifies the configuration for Lambda triggers.
type LambdaConfigType struct {
// Creates an authentication challenge.
CreateAuthChallenge *string
// A custom email sender Lambda trigger.
CustomEmailSender *CustomEmailLambdaVersionConfigType
// A custom Message Lambda trigger.
CustomMessage *string
// A custom SMS sender Lambda trigger.
CustomSMSSender *CustomSMSLambdaVersionConfigType
// Defines the authentication challenge.
DefineAuthChallenge *string
// The Amazon Resource Name (ARN) of an KMS key . Amazon Cognito uses the key to
// encrypt codes and temporary passwords sent to CustomEmailSender and
// CustomSMSSender .
KMSKeyID *string
// A post-authentication Lambda trigger.
PostAuthentication *string
// A post-confirmation Lambda trigger.
PostConfirmation *string
// A pre-authentication Lambda trigger.
PreAuthentication *string
// A pre-registration Lambda trigger.
PreSignUp *string
// The Amazon Resource Name (ARN) of the function that you want to assign to your
// Lambda trigger. Set this parameter for legacy purposes. If you also set an ARN
// in PreTokenGenerationConfig , its value must be identical to PreTokenGeneration
// . For new instances of pre token generation triggers, set the LambdaArn of
// PreTokenGenerationConfig . You can set
PreTokenGeneration *string
// The detailed configuration of a pre token generation trigger. If you also set
// an ARN in PreTokenGeneration , its value must be identical to
// PreTokenGenerationConfig .
PreTokenGenerationConfig *PreTokenGenerationVersionConfigType
// The user migration Lambda config type.
UserMigration *string
// Verifies the authentication challenge response.
VerifyAuthChallengeResponse *string
noSmithyDocumentSerde
}
// The logging parameters of a user pool.
type LogConfigurationType struct {
// The source of events that your user pool sends for detailed activity logging.
//
// This member is required.
EventSource EventSourceName
// The errorlevel selection of logs that a user pool sends for detailed activity
// logging.
//
// This member is required.
LogLevel LogLevel
// The CloudWatch logging destination of a user pool.
CloudWatchLogsConfiguration *CloudWatchLogsConfigurationType
noSmithyDocumentSerde
}
// The logging parameters of a user pool.
type LogDeliveryConfigurationType struct {
// The detailed activity logging destination of a user pool.
//
// This member is required.
LogConfigurations []LogConfigurationType
// The ID of the user pool where you configured detailed activity logging.
//
// This member is required.
UserPoolId *string
noSmithyDocumentSerde
}
// The message template structure.
type MessageTemplateType struct {
// The message template for email messages. EmailMessage is allowed only if
// EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount)
// is DEVELOPER.
EmailMessage *string
// The subject line for email messages. EmailSubject is allowed only if
// EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount)
// is DEVELOPER.
EmailSubject *string
// The message template for SMS messages.
SMSMessage *string
noSmithyDocumentSerde
}
// This data type is no longer supported. Applies only to SMS multi-factor
// authentication (MFA) configurations. Does not apply to time-based one-time
// password (TOTP) software token MFA configurations.
type MFAOptionType struct {
// The attribute name of the MFA option type. The only valid value is phone_number .
AttributeName *string
// The delivery medium to send the MFA code. You can use this parameter to set
// only the SMS delivery medium value.
DeliveryMedium DeliveryMediumType
noSmithyDocumentSerde
}
// The new device metadata type.
type NewDeviceMetadataType struct {
// The device group key.
DeviceGroupKey *string
// The device key.
DeviceKey *string
noSmithyDocumentSerde
}
// The notify configuration type.
type NotifyConfigurationType struct {
// The Amazon Resource Name (ARN) of the identity that is associated with the
// sending authorization policy. This identity permits Amazon Cognito to send for
// the email address specified in the From parameter.
//
// This member is required.
SourceArn *string
// Email template used when a detected risk event is blocked.
BlockEmail *NotifyEmailType
// The email address that is sending the email. The address must be either
// individually verified with Amazon Simple Email Service, or from a domain that
// has been verified with Amazon SES.
From *string
// The multi-factor authentication (MFA) email template used when MFA is
// challenged as part of a detected risk.
MfaEmail *NotifyEmailType
// The email template used when a detected risk event is allowed.
NoActionEmail *NotifyEmailType
// The destination to which the receiver of an email should reply to.
ReplyTo *string
noSmithyDocumentSerde
}
// The notify email type.
type NotifyEmailType struct {
// The email subject.
//
// This member is required.
Subject *string
// The email HTML body.
HtmlBody *string
// The email text body.
TextBody *string
noSmithyDocumentSerde
}
// The minimum and maximum values of an attribute that is of the number data type.
type NumberAttributeConstraintsType struct {
// The maximum length of a number attribute value. Must be a number less than or
// equal to 2^1023 , represented as a string with a length of 131072 characters or
// fewer.
MaxValue *string
// The minimum value of an attribute that is of the number data type.
MinValue *string
noSmithyDocumentSerde
}
// The password policy type.
type PasswordPolicyType struct {
// The minimum length of the password in the policy that you have set. This value
// can't be less than 6.
MinimumLength *int32
// In the password policy that you have set, refers to whether you have required
// users to use at least one lowercase letter in their password.
RequireLowercase bool
// In the password policy that you have set, refers to whether you have required
// users to use at least one number in their password.
RequireNumbers bool
// In the password policy that you have set, refers to whether you have required
// users to use at least one symbol in their password.
RequireSymbols bool
// In the password policy that you have set, refers to whether you have required
// users to use at least one uppercase letter in their password.
RequireUppercase bool
// The number of days a temporary password is valid in the password policy. If the
// user doesn't sign in during this time, an administrator must reset their
// password. Defaults to 7 . If you submit a value of 0 , Amazon Cognito treats it
// as a null value and sets TemporaryPasswordValidityDays to its default value.
// When you set TemporaryPasswordValidityDays for a user pool, you can no longer
// set a value for the legacy UnusedAccountValidityDays parameter in that user
// pool.
TemporaryPasswordValidityDays int32
noSmithyDocumentSerde
}
// The properties of a pre token generation Lambda trigger.
type PreTokenGenerationVersionConfigType struct {