CognitoIdentityProvider / Client / update_user_pool_domain

update_user_pool_domain

CognitoIdentityProvider.Client.update_user_pool_domain(**kwargs)

A user pool domain hosts managed login, an authorization server and web server for authentication in your application. This operation updates the branding version for user pool domains between 1 for hosted UI (classic) and 2 for managed login. It also updates the SSL certificate for user pool custom domains.

Changes to the domain branding version take up to one minute to take effect for a prefix domain and up to five minutes for a custom domain.

This operation doesn’t change the name of your user pool domain. To change your domain, delete it with DeleteUserPoolDomain and create a new domain with CreateUserPoolDomain.

You can pass the ARN of a new Certificate Manager certificate in this request. Typically, ACM certificates automatically renew and you user pool can continue to use the same ARN. But if you generate a new certificate for your custom domain name, replace the original configuration with the new ARN in this request.

ACM certificates for custom domains must be in the US East (N. Virginia) Amazon Web Services Region. After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Configuring a user pool domain.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

See also: AWS API Documentation

Request Syntax

response = client.update_user_pool_domain(
    Domain='string',
    UserPoolId='string',
    ManagedLoginVersion=123,
    CustomDomainConfig={
        'CertificateArn': 'string'
    }
)

Parameters:

• Domain (string) –

  [REQUIRED]

  The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

  This string can include only lowercase letters, numbers, and hyphens. Don’t use a hyphen for the first or last character. Use periods to separate subdomain names.

• UserPoolId (string) –

  [REQUIRED]

  The ID of the user pool that is associated with the custom domain whose certificate you’re updating.

• ManagedLoginVersion (integer) – A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

• CustomDomainConfig (dict) –

  The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

  When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a SetUserPoolMfaConfig request.

  • CertificateArn (string) – [REQUIRED]

    The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.

Return type:

dict

Returns:

Response Syntax

{
    'ManagedLoginVersion': 123,
    'CloudFrontDomain': 'string'
}

Response Structure

• (dict) –

  The UpdateUserPoolDomain response output.

  • ManagedLoginVersion (integer) –

    A version number that indicates the state of managed login for your domain. Version 1 is hosted UI (classic). Version 2 is the newer managed login with the branding designer. For more information, see Managed login.

  • CloudFrontDomain (string) –

    The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.

Exceptions

• CognitoIdentityProvider.Client.exceptions.InvalidParameterException

• CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

• CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

• CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

• CognitoIdentityProvider.Client.exceptions.InternalErrorException

• CognitoIdentityProvider.Client.exceptions.FeatureUnavailableInTierException