CognitoIdentityProvider / Client / create_user_pool_domain

create_user_pool_domain

CognitoIdentityProvider.Client.create_user_pool_domain(**kwargs)

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix or custom domain and sets the managed login branding version. Set the branding version to 1 for hosted UI (classic) or 2 for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.

Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

See also: AWS API Documentation

Request Syntax

response = client.create_user_pool_domain(
    Domain='string',
    UserPoolId='string',
    ManagedLoginVersion=123,
    CustomDomainConfig={
        'CertificateArn': 'string'
    }
)

Parameters:

• Domain (string) –

  [REQUIRED]

  The domain string. For custom domains, this is the fully-qualified domain name, such as auth.example.com. For prefix domains, this is the prefix alone, such as myprefix. A prefix value of myprefix for a user pool in the us-east-1 Region results in a domain of myprefix.auth.us-east-1.amazoncognito.com.

• UserPoolId (string) –

  [REQUIRED]

  The ID of the user pool where you want to add a domain.

• ManagedLoginVersion (integer) –

  The version of managed login branding that you want to apply to your domain. A value of 1 indicates hosted UI (classic) and a version of 2 indicates managed login.

  Managed login requires that your user pool be configured for any feature plan other than Lite.

• CustomDomainConfig (dict) –

  The configuration for a custom domain. Configures your domain with an Certificate Manager certificate in the us-east-1 Region.

  Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can exclude this parameter and use a prefix domain instead.

  For more information about the hosted domain and custom domains, see Configuring a User Pool Domain.

  • CertificateArn (string) – [REQUIRED]

    The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.

Return type:

dict

Returns:

Response Syntax

{
    'ManagedLoginVersion': 123,
    'CloudFrontDomain': 'string'
}

Response Structure

• (dict) –

  • ManagedLoginVersion (integer) –

    The version of managed login branding applied your domain. A value of 1 indicates hosted UI (classic) and a version of 2 indicates managed login.

  • CloudFrontDomain (string) –

    The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider. Amazon Cognito returns this value if you set a custom domain with CustomDomainConfig. If you set an Amazon Cognito prefix domain, this operation returns a blank response.

Exceptions

• CognitoIdentityProvider.Client.exceptions.InvalidParameterException

• CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

• CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

• CognitoIdentityProvider.Client.exceptions.LimitExceededException

• CognitoIdentityProvider.Client.exceptions.InternalErrorException

• CognitoIdentityProvider.Client.exceptions.FeatureUnavailableInTierException