CognitoIdentityProvider / Client / update_user_pool_domain

update_user_pool_domain#

CognitoIdentityProvider.Client.update_user_pool_domain(**kwargs)#

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can’t use it to change the domain for a user pool.

A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.

Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.

However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.

When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.

After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.update_user_pool_domain(
    Domain='string',
    UserPoolId='string',
    CustomDomainConfig={
        'CertificateArn': 'string'
    }
)
Parameters:
  • Domain (string) –

    [REQUIRED]

    The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

    This string can include only lowercase letters, numbers, and hyphens. Don’t use a hyphen for the first or last character. Use periods to separate subdomain names.

  • UserPoolId (string) –

    [REQUIRED]

    The ID of the user pool that is associated with the custom domain whose certificate you’re updating.

  • CustomDomainConfig (dict) –

    [REQUIRED]

    The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

    • CertificateArn (string) – [REQUIRED]

      The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.

Return type:

dict

Returns:

Response Syntax

{
    'CloudFrontDomain': 'string'
}

Response Structure

  • (dict) –

    The UpdateUserPoolDomain response output.

    • CloudFrontDomain (string) –

      The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.

Exceptions