CognitoIdentityProvider / Client / create_user_pool_domain
create_user_pool_domain#
- CognitoIdentityProvider.Client.create_user_pool_domain(**kwargs)#
A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation creates a new user pool prefix domain or custom domain and sets the managed login branding version. Set the branding version to
1for hosted UI (classic) or2for managed login. When you choose a custom domain, you must provide an SSL certificate in the US East (N. Virginia) Amazon Web Services Region in your request.Your prefix domain might take up to one minute to take effect. Your custom domain is online within five minutes, but it can take up to one hour to distribute your SSL certificate.
For more information about adding a custom domain to your user pool, see Configuring a user pool domain.
Note
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
See also: AWS API Documentation
Request Syntax
response = client.create_user_pool_domain( Domain='string', UserPoolId='string', ManagedLoginVersion=123, CustomDomainConfig={ 'CertificateArn': 'string' } )
- Parameters:
Domain (string) –
[REQUIRED]
The domain string. For custom domains, this is the fully-qualified domain name, such as
auth.example.com. For prefix domains, this is the prefix alone, such asmyprefix. A prefix value ofmyprefixfor a user pool in theus-east-1Region results in a domain ofmyprefix.auth.us-east-1.amazoncognito.com.UserPoolId (string) –
[REQUIRED]
The ID of the user pool where you want to add a domain.
ManagedLoginVersion (integer) –
The version of managed login branding that you want to apply to your domain. A value of
1indicates hosted UI (classic) and a version of2indicates managed login.Managed login requires that your user pool be configured for any feature plan other than
Lite.CustomDomainConfig (dict) –
The configuration for a custom domain. Configures your domain with an Certificate Manager certificate in the
us-east-1Region.Provide this parameter only if you want to use a custom domain for your user pool. Otherwise, you can omit this parameter and use a prefix domain instead.
When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.
CertificateArn (string) – [REQUIRED]
The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.
- Return type:
dict
- Returns:
Response Syntax
{ 'ManagedLoginVersion': 123, 'CloudFrontDomain': 'string' }
Response Structure
(dict) –
ManagedLoginVersion (integer) –
The version of managed login branding applied your domain. A value of
1indicates hosted UI (classic) and a version of2indicates managed login.CloudFrontDomain (string) –
The fully-qualified domain name (FQDN) of the Amazon CloudFront distribution that hosts your managed login or classic hosted UI pages. Your domain-name authority must have an alias record that points requests for your custom domain to this FQDN. Amazon Cognito returns this value if you set a custom domain with
CustomDomainConfig. If you set an Amazon Cognito prefix domain, this parameter returns null.
Exceptions
CognitoIdentityProvider.Client.exceptions.InvalidParameterExceptionCognitoIdentityProvider.Client.exceptions.NotAuthorizedExceptionCognitoIdentityProvider.Client.exceptions.ResourceNotFoundExceptionCognitoIdentityProvider.Client.exceptions.LimitExceededExceptionCognitoIdentityProvider.Client.exceptions.InternalErrorExceptionCognitoIdentityProvider.Client.exceptions.FeatureUnavailableInTierException