Class WaUserPool

Well Architected cognito user pool

Default Configuration

Account Recovery: Email MFA required: True Self Signup enabled: True Removal Policy: Retain in Production Generated password validity: One day in production

Default Alarms
  1. SignUp Throttle Alarm
    • Risk Level: High
    • Well Architected Pillar: Reliability, Performance

Note that the default alarm uses the WaAlarm construct, which sets up an alarm action to notify the SNS Topic AlarmEventsTopic by default.

Examples

Default Usage

new WaUserPool(this, "LogicalId", {});

Custom Configuration

new WaUserPool(this, "LogicalId", {
   accountRecovery: cognito.AccountRecovery.EMAIL_ONLY
});

Compliance

It addresses the following compliance requirements

  1. MFA required by default
    • Risk Level: High
    • Compliance: NIST4
    • Well Architected Pillar: Security
  2. Device tracking
    • Risk Level: Medium
    • Compliance: APRA, MAS, NIST4
    • Well Architected Pillar: Security
  3. Strict password policy
    • Risk Level: High
    • Compliance: PCI, HIPAA, APRA, MAS, NIST4
    • Well Architected Pillar: Security

Hierarchy

  • UserPool
    • WaUserPool

Constructors

constructor

Properties

alarms

Methods

addDefaultSignUpThrottleAlarm getDefaultCustomAttributes

Constructors

constructor

Properties

Readonly alarms

alarms: Alarms = ...

All the default alarms configured for the Well Architected UserPool. You can add more alarms or delete default alarms from this Alarms object

Methods

Private addDefaultSignUpThrottleAlarm

  • Returns void

Static Private getDefaultCustomAttributes

  • Parameters

    Returns undefined | {
        joined_on: DateTimeAttribute;
        role: StringAttribute;
    }

Settings

Member Visibility

Theme

Generated using TypeDoc