COGNITO-IDP
AddCustomAttributes
enum_AttributeDataType := [ "String", "Number", "DateTime", "Boolean" ]
valid {
input.Body.UserPoolId == STRING
input.Body.CustomAttributes[_].Name == STRING
input.Body.CustomAttributes[_].AttributeDataType == enum_AttributeDataType[_]
input.Body.CustomAttributes[_].DeveloperOnlyAttribute == BOOLEAN
input.Body.CustomAttributes[_].Mutable == BOOLEAN
input.Body.CustomAttributes[_].Required == BOOLEAN
input.Body.CustomAttributes[_].NumberAttributeConstraints.MinValue == STRING
input.Body.CustomAttributes[_].NumberAttributeConstraints.MaxValue == STRING
input.Body.CustomAttributes[_].StringAttributeConstraints.MinLength == STRING
input.Body.CustomAttributes[_].StringAttributeConstraints.MaxLength == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminAddUserToGroup
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminConfirmSignUp
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminCreateUser
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
enum_MessageActionType := [ "RESEND", "SUPPRESS" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ValidationData[_].Name == STRING
input.Body.ValidationData[_].Value == STRING
input.Body.TemporaryPassword == STRING
input.Body.ForceAliasCreation == BOOLEAN
input.Body.MessageAction == enum_MessageActionType[_]
input.Body.DesiredDeliveryMediums[_] == enum_DeliveryMediumType[_]
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminDeleteUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminDeleteUserAttributes
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributeNames[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminDisableProviderForUser
valid {
input.Body.UserPoolId == STRING
input.Body.User.ProviderName == STRING
input.Body.User.ProviderAttributeName == STRING
input.Body.User.ProviderAttributeValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminDisableUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminEnableUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminForgetDevice
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.DeviceKey == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminGetDevice
valid {
input.Body.DeviceKey == STRING
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminGetUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminInitiateAuth
enum_AuthFlowType := [ "USER_SRP_AUTH", "REFRESH_TOKEN_AUTH", "REFRESH_TOKEN", "CUSTOM_AUTH", "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH", "ADMIN_USER_PASSWORD_AUTH", "USER_AUTH" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.AuthFlow == enum_AuthFlowType[_]
input.Body.AuthParameters.STRING == STRING
input.Body.ClientMetadata.STRING == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ContextData.IpAddress == STRING
input.Body.ContextData.ServerName == STRING
input.Body.ContextData.ServerPath == STRING
input.Body.ContextData.HttpHeaders[_].headerName == STRING
input.Body.ContextData.HttpHeaders[_].headerValue == STRING
input.Body.ContextData.EncodedData == STRING
input.Body.Session == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminLinkProviderForUser
valid {
input.Body.UserPoolId == STRING
input.Body.DestinationUser.ProviderName == STRING
input.Body.DestinationUser.ProviderAttributeName == STRING
input.Body.DestinationUser.ProviderAttributeValue == STRING
input.Body.SourceUser.ProviderName == STRING
input.Body.SourceUser.ProviderAttributeName == STRING
input.Body.SourceUser.ProviderAttributeValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminListDevices
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminListGroupsForUser
valid {
input.Body.Username == STRING
input.Body.UserPoolId == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminListUserAuthEvents
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminRemoveUserFromGroup
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminResetUserPassword
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminRespondToAuthChallenge
enum_ChallengeNameType := [ "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "SELECT_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED", "SMS_OTP", "PASSWORD", "WEB_AUTHN", "PASSWORD_SRP" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.ChallengeName == enum_ChallengeNameType[_]
input.Body.ChallengeResponses.STRING == STRING
input.Body.Session == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ContextData.IpAddress == STRING
input.Body.ContextData.ServerName == STRING
input.Body.ContextData.ServerPath == STRING
input.Body.ContextData.HttpHeaders[_].headerName == STRING
input.Body.ContextData.HttpHeaders[_].headerValue == STRING
input.Body.ContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminSetUserMFAPreference
valid {
input.Body.SMSMfaSettings.Enabled == BOOLEAN
input.Body.SMSMfaSettings.PreferredMfa == BOOLEAN
input.Body.SoftwareTokenMfaSettings.Enabled == BOOLEAN
input.Body.SoftwareTokenMfaSettings.PreferredMfa == BOOLEAN
input.Body.EmailMfaSettings.Enabled == BOOLEAN
input.Body.EmailMfaSettings.PreferredMfa == BOOLEAN
input.Body.Username == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminSetUserPassword
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.Password == STRING
input.Body.Permanent == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminSetUserSettings
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.MFAOptions[_].DeliveryMedium == enum_DeliveryMediumType[_]
input.Body.MFAOptions[_].AttributeName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminUpdateAuthEventFeedback
enum_FeedbackValueType := [ "Valid", "Invalid" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.EventId == STRING
input.Body.FeedbackValue == enum_FeedbackValueType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminUpdateDeviceStatus
enum_DeviceRememberedStatusType := [ "remembered", "not_remembered" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceRememberedStatus == enum_DeviceRememberedStatusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminUpdateUserAttributes
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AdminUserGlobalSignOut
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AssociateSoftwareToken
valid {
input.Body.AccessToken == STRING
input.Body.Session == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ChangePassword
valid {
input.Body.PreviousPassword == STRING
input.Body.ProposedPassword == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CompleteWebAuthnRegistration
valid {
input.Body.AccessToken == STRING
input.Body.Credential == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ConfirmDevice
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceSecretVerifierConfig.PasswordVerifier == STRING
input.Body.DeviceSecretVerifierConfig.Salt == STRING
input.Body.DeviceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ConfirmForgotPassword
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.ConfirmationCode == STRING
input.Body.Password == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ConfirmSignUp
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.ConfirmationCode == STRING
input.Body.ForceAliasCreation == BOOLEAN
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.Body.Session == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.Body.Description == STRING
input.Body.RoleArn == STRING
input.Body.Precedence == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateIdentityProvider
enum_IdentityProviderTypeType := [ "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.Body.ProviderType == enum_IdentityProviderTypeType[_]
input.Body.ProviderDetails.STRING == STRING
input.Body.AttributeMapping.STRING == STRING
input.Body.IdpIdentifiers[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateManagedLoginBranding
enum_AssetCategoryType := [ "FAVICON_ICO", "FAVICON_SVG", "EMAIL_GRAPHIC", "SMS_GRAPHIC", "AUTH_APP_GRAPHIC", "PASSWORD_GRAPHIC", "PASSKEY_GRAPHIC", "PAGE_HEADER_LOGO", "PAGE_HEADER_BACKGROUND", "PAGE_FOOTER_LOGO", "PAGE_FOOTER_BACKGROUND", "PAGE_BACKGROUND", "FORM_BACKGROUND", "FORM_LOGO", "IDP_BUTTON_ICON" ]
enum_AssetExtensionType := [ "ICO", "JPEG", "PNG", "SVG", "WEBP" ]
enum_ColorSchemeModeType := [ "LIGHT", "DARK", "DYNAMIC" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.UseCognitoProvidedValues == BOOLEAN
input.Body.Settings == {}
input.Body.Assets[_].Category == enum_AssetCategoryType[_]
input.Body.Assets[_].ColorMode == enum_ColorSchemeModeType[_]
input.Body.Assets[_].Extension == enum_AssetExtensionType[_]
input.Body.Assets[_].Bytes == BLOB
input.Body.Assets[_].ResourceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.Body.Name == STRING
input.Body.Scopes[_].ScopeName == STRING
input.Body.Scopes[_].ScopeDescription == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateTerms
enum_TermsEnforcementType := [ "NONE" ]
enum_TermsSourceType := [ "LINK" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.TermsName == STRING
input.Body.TermsSource == enum_TermsSourceType[_]
input.Body.Enforcement == enum_TermsEnforcementType[_]
input.Body.Links.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateUserImportJob
valid {
input.Body.JobName == STRING
input.Body.UserPoolId == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateUserPool
enum_AdvancedSecurityEnabledModeType := [ "AUDIT", "ENFORCED" ]
enum_AdvancedSecurityModeType := [ "OFF", "AUDIT", "ENFORCED" ]
enum_AliasAttributeType := [ "phone_number", "email", "preferred_username" ]
enum_AttributeDataType := [ "String", "Number", "DateTime", "Boolean" ]
enum_AuthFactorType := [ "PASSWORD", "EMAIL_OTP", "SMS_OTP", "WEB_AUTHN" ]
enum_CustomEmailSenderLambdaVersionType := [ "V1_0" ]
enum_CustomSMSSenderLambdaVersionType := [ "V1_0" ]
enum_DefaultEmailOptionType := [ "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE" ]
enum_DeletionProtectionType := [ "ACTIVE", "INACTIVE" ]
enum_EmailSendingAccountType := [ "COGNITO_DEFAULT", "DEVELOPER" ]
enum_PreTokenGenerationLambdaVersionType := [ "V1_0", "V2_0", "V3_0" ]
enum_RecoveryOptionNameType := [ "verified_email", "verified_phone_number", "admin_only" ]
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
enum_UserPoolTierType := [ "LITE", "ESSENTIALS", "PLUS" ]
enum_UsernameAttributeType := [ "phone_number", "email" ]
enum_VerifiedAttributeType := [ "phone_number", "email" ]
valid {
input.Body.PoolName == STRING
input.Body.Policies.PasswordPolicy.MinimumLength == INTEGER
input.Body.Policies.PasswordPolicy.RequireUppercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireLowercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireNumbers == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireSymbols == BOOLEAN
input.Body.Policies.PasswordPolicy.PasswordHistorySize == INTEGER
input.Body.Policies.PasswordPolicy.TemporaryPasswordValidityDays == INTEGER
input.Body.Policies.SignInPolicy.AllowedFirstAuthFactors[_] == enum_AuthFactorType[_]
input.Body.DeletionProtection == enum_DeletionProtectionType[_]
input.Body.LambdaConfig.PreSignUp == STRING
input.Body.LambdaConfig.CustomMessage == STRING
input.Body.LambdaConfig.PostConfirmation == STRING
input.Body.LambdaConfig.PreAuthentication == STRING
input.Body.LambdaConfig.PostAuthentication == STRING
input.Body.LambdaConfig.DefineAuthChallenge == STRING
input.Body.LambdaConfig.CreateAuthChallenge == STRING
input.Body.LambdaConfig.VerifyAuthChallengeResponse == STRING
input.Body.LambdaConfig.PreTokenGeneration == STRING
input.Body.LambdaConfig.UserMigration == STRING
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaVersion == enum_PreTokenGenerationLambdaVersionType[_]
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaArn == STRING
input.Body.LambdaConfig.CustomSMSSender.LambdaVersion == enum_CustomSMSSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomSMSSender.LambdaArn == STRING
input.Body.LambdaConfig.CustomEmailSender.LambdaVersion == enum_CustomEmailSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomEmailSender.LambdaArn == STRING
input.Body.LambdaConfig.KMSKeyID == STRING
input.Body.AutoVerifiedAttributes[_] == enum_VerifiedAttributeType[_]
input.Body.AliasAttributes[_] == enum_AliasAttributeType[_]
input.Body.UsernameAttributes[_] == enum_UsernameAttributeType[_]
input.Body.SmsVerificationMessage == STRING
input.Body.EmailVerificationMessage == STRING
input.Body.EmailVerificationSubject == STRING
input.Body.VerificationMessageTemplate.SmsMessage == STRING
input.Body.VerificationMessageTemplate.EmailMessage == STRING
input.Body.VerificationMessageTemplate.EmailSubject == STRING
input.Body.VerificationMessageTemplate.EmailMessageByLink == STRING
input.Body.VerificationMessageTemplate.EmailSubjectByLink == STRING
input.Body.VerificationMessageTemplate.DefaultEmailOption == enum_DefaultEmailOptionType[_]
input.Body.SmsAuthenticationMessage == STRING
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.Body.UserAttributeUpdateSettings.AttributesRequireVerificationBeforeUpdate[_] == enum_VerifiedAttributeType[_]
input.Body.DeviceConfiguration.ChallengeRequiredOnNewDevice == BOOLEAN
input.Body.DeviceConfiguration.DeviceOnlyRememberedOnUserPrompt == BOOLEAN
input.Body.EmailConfiguration.SourceArn == STRING
input.Body.EmailConfiguration.ReplyToEmailAddress == STRING
input.Body.EmailConfiguration.EmailSendingAccount == enum_EmailSendingAccountType[_]
input.Body.EmailConfiguration.From == STRING
input.Body.EmailConfiguration.ConfigurationSet == STRING
input.Body.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsConfiguration.ExternalId == STRING
input.Body.SmsConfiguration.SnsRegion == STRING
input.Body.UserPoolTags.STRING == STRING
input.Body.AdminCreateUserConfig.AllowAdminCreateUserOnly == BOOLEAN
input.Body.AdminCreateUserConfig.UnusedAccountValidityDays == INTEGER
input.Body.AdminCreateUserConfig.InviteMessageTemplate.SMSMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailSubject == STRING
input.Body.Schema[_].Name == STRING
input.Body.Schema[_].AttributeDataType == enum_AttributeDataType[_]
input.Body.Schema[_].DeveloperOnlyAttribute == BOOLEAN
input.Body.Schema[_].Mutable == BOOLEAN
input.Body.Schema[_].Required == BOOLEAN
input.Body.Schema[_].NumberAttributeConstraints.MinValue == STRING
input.Body.Schema[_].NumberAttributeConstraints.MaxValue == STRING
input.Body.Schema[_].StringAttributeConstraints.MinLength == STRING
input.Body.Schema[_].StringAttributeConstraints.MaxLength == STRING
input.Body.UserPoolAddOns.AdvancedSecurityMode == enum_AdvancedSecurityModeType[_]
input.Body.UserPoolAddOns.AdvancedSecurityAdditionalFlows.CustomAuthMode == enum_AdvancedSecurityEnabledModeType[_]
input.Body.UsernameConfiguration.CaseSensitive == BOOLEAN
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Priority == INTEGER
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Name == enum_RecoveryOptionNameType[_]
input.Body.UserPoolTier == enum_UserPoolTierType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateUserPoolClient
enum_ExplicitAuthFlowsType := [ "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_AUTH" ]
enum_FeatureType := [ "ENABLED", "DISABLED" ]
enum_OAuthFlowType := [ "code", "implicit", "client_credentials" ]
enum_PreventUserExistenceErrorTypes := [ "LEGACY", "ENABLED" ]
enum_TimeUnitsType := [ "seconds", "minutes", "hours", "days" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientName == STRING
input.Body.GenerateSecret == BOOLEAN
input.Body.RefreshTokenValidity == INTEGER
input.Body.AccessTokenValidity == INTEGER
input.Body.IdTokenValidity == INTEGER
input.Body.TokenValidityUnits.AccessToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.IdToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.RefreshToken == enum_TimeUnitsType[_]
input.Body.ReadAttributes[_] == STRING
input.Body.WriteAttributes[_] == STRING
input.Body.ExplicitAuthFlows[_] == enum_ExplicitAuthFlowsType[_]
input.Body.SupportedIdentityProviders[_] == STRING
input.Body.CallbackURLs[_] == STRING
input.Body.LogoutURLs[_] == STRING
input.Body.DefaultRedirectURI == STRING
input.Body.AllowedOAuthFlows[_] == enum_OAuthFlowType[_]
input.Body.AllowedOAuthScopes[_] == STRING
input.Body.AllowedOAuthFlowsUserPoolClient == BOOLEAN
input.Body.AnalyticsConfiguration.ApplicationId == STRING
input.Body.AnalyticsConfiguration.ApplicationArn == STRING
input.Body.AnalyticsConfiguration.RoleArn == STRING
input.Body.AnalyticsConfiguration.ExternalId == STRING
input.Body.AnalyticsConfiguration.UserDataShared == BOOLEAN
input.Body.PreventUserExistenceErrors == enum_PreventUserExistenceErrorTypes[_]
input.Body.EnableTokenRevocation == BOOLEAN
input.Body.EnablePropagateAdditionalUserContextData == BOOLEAN
input.Body.AuthSessionValidity == INTEGER
input.Body.RefreshTokenRotation.Feature == enum_FeatureType[_]
input.Body.RefreshTokenRotation.RetryGracePeriodSeconds == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.Body.ManagedLoginVersion == INTEGER
input.Body.CustomDomainConfig.CertificateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteManagedLoginBranding
valid {
input.Body.ManagedLoginBrandingId == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteTerms
valid {
input.Body.TermsId == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteUser
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteUserAttributes
valid {
input.Body.UserAttributeNames[_] == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteUserPool
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteUserPoolClient
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteWebAuthnCredential
valid {
input.Body.AccessToken == STRING
input.Body.CredentialId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeManagedLoginBranding
valid {
input.Body.UserPoolId == STRING
input.Body.ManagedLoginBrandingId == STRING
input.Body.ReturnMergedResources == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeManagedLoginBrandingByClient
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.ReturnMergedResources == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeRiskConfiguration
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeTerms
valid {
input.Body.TermsId == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeUserPool
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeUserPoolClient
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeUserPoolDomain
valid {
input.Body.Domain == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ForgetDevice
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ForgotPassword
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.Username == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetCSVHeader
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetDevice
valid {
input.Body.DeviceKey == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetIdentityProviderByIdentifier
valid {
input.Body.UserPoolId == STRING
input.Body.IdpIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetLogDeliveryConfiguration
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetSigningCertificate
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetTokensFromRefreshToken
valid {
input.Body.RefreshToken == STRING
input.Body.ClientId == STRING
input.Body.ClientSecret == STRING
input.Body.DeviceKey == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUICustomization
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUser
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUserAttributeVerificationCode
valid {
input.Body.AccessToken == STRING
input.Body.AttributeName == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUserAuthFactors
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetUserPoolMfaConfig
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GlobalSignOut
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}InitiateAuth
enum_AuthFlowType := [ "USER_SRP_AUTH", "REFRESH_TOKEN_AUTH", "REFRESH_TOKEN", "CUSTOM_AUTH", "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH", "ADMIN_USER_PASSWORD_AUTH", "USER_AUTH" ]
valid {
input.Body.AuthFlow == enum_AuthFlowType[_]
input.Body.AuthParameters.STRING == STRING
input.Body.ClientMetadata.STRING == STRING
input.Body.ClientId == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.Session == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListDevices
valid {
input.Body.AccessToken == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListGroups
valid {
input.Body.UserPoolId == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListIdentityProviders
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListResourceServers
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTerms
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListUserImportJobs
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListUserPoolClients
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListUserPools
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListUsers
valid {
input.Body.UserPoolId == STRING
input.Body.AttributesToGet[_] == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.Body.Filter == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListUsersInGroup
valid {
input.Body.UserPoolId == STRING
input.Body.GroupName == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListWebAuthnCredentials
valid {
input.Body.AccessToken == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ResendConfirmationCode
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.Username == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RespondToAuthChallenge
enum_ChallengeNameType := [ "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "SELECT_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED", "SMS_OTP", "PASSWORD", "WEB_AUTHN", "PASSWORD_SRP" ]
valid {
input.Body.ClientId == STRING
input.Body.ChallengeName == enum_ChallengeNameType[_]
input.Body.Session == STRING
input.Body.ChallengeResponses.STRING == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RevokeToken
valid {
input.Body.Token == STRING
input.Body.ClientId == STRING
input.Body.ClientSecret == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetLogDeliveryConfiguration
enum_EventSourceName := [ "userNotification", "userAuthEvents" ]
enum_LogLevel := [ "ERROR", "INFO" ]
valid {
input.Body.UserPoolId == STRING
input.Body.LogConfigurations[_].LogLevel == enum_LogLevel[_]
input.Body.LogConfigurations[_].EventSource == enum_EventSourceName[_]
input.Body.LogConfigurations[_].CloudWatchLogsConfiguration.LogGroupArn == STRING
input.Body.LogConfigurations[_].S3Configuration.BucketArn == STRING
input.Body.LogConfigurations[_].FirehoseConfiguration.StreamArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetRiskConfiguration
enum_AccountTakeoverEventActionType := [ "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION" ]
enum_CompromisedCredentialsEventActionType := [ "BLOCK", "NO_ACTION" ]
enum_EventFilterType := [ "SIGN_IN", "PASSWORD_CHANGE", "SIGN_UP" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.CompromisedCredentialsRiskConfiguration.EventFilter[_] == enum_EventFilterType[_]
input.Body.CompromisedCredentialsRiskConfiguration.Actions.EventAction == enum_CompromisedCredentialsEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.From == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.ReplyTo == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.SourceArn == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.Actions.LowAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.LowAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.Actions.MediumAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.MediumAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.Actions.HighAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.HighAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.RiskExceptionConfiguration.BlockedIPRangeList[_] == STRING
input.Body.RiskExceptionConfiguration.SkippedIPRangeList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetUICustomization
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.CSS == STRING
input.Body.ImageFile == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetUserMFAPreference
valid {
input.Body.SMSMfaSettings.Enabled == BOOLEAN
input.Body.SMSMfaSettings.PreferredMfa == BOOLEAN
input.Body.SoftwareTokenMfaSettings.Enabled == BOOLEAN
input.Body.SoftwareTokenMfaSettings.PreferredMfa == BOOLEAN
input.Body.EmailMfaSettings.Enabled == BOOLEAN
input.Body.EmailMfaSettings.PreferredMfa == BOOLEAN
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetUserPoolMfaConfig
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
enum_UserVerificationType := [ "required", "preferred" ]
valid {
input.Body.UserPoolId == STRING
input.Body.SmsMfaConfiguration.SmsAuthenticationMessage == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.ExternalId == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.SnsRegion == STRING
input.Body.SoftwareTokenMfaConfiguration.Enabled == BOOLEAN
input.Body.EmailMfaConfiguration.Message == STRING
input.Body.EmailMfaConfiguration.Subject == STRING
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.Body.WebAuthnConfiguration.RelyingPartyId == STRING
input.Body.WebAuthnConfiguration.UserVerification == enum_UserVerificationType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SetUserSettings
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
valid {
input.Body.AccessToken == STRING
input.Body.MFAOptions[_].DeliveryMedium == enum_DeliveryMediumType[_]
input.Body.MFAOptions[_].AttributeName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}SignUp
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.Password == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ValidationData[_].Name == STRING
input.Body.ValidationData[_].Value == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StartWebAuthnRegistration
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}StopUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.ResourceArn == STRING
input.Body.Tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAuthEventFeedback
enum_FeedbackValueType := [ "Valid", "Invalid" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.EventId == STRING
input.Body.FeedbackToken == STRING
input.Body.FeedbackValue == enum_FeedbackValueType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateDeviceStatus
enum_DeviceRememberedStatusType := [ "remembered", "not_remembered" ]
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceRememberedStatus == enum_DeviceRememberedStatusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.Body.Description == STRING
input.Body.RoleArn == STRING
input.Body.Precedence == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.Body.ProviderDetails.STRING == STRING
input.Body.AttributeMapping.STRING == STRING
input.Body.IdpIdentifiers[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateManagedLoginBranding
enum_AssetCategoryType := [ "FAVICON_ICO", "FAVICON_SVG", "EMAIL_GRAPHIC", "SMS_GRAPHIC", "AUTH_APP_GRAPHIC", "PASSWORD_GRAPHIC", "PASSKEY_GRAPHIC", "PAGE_HEADER_LOGO", "PAGE_HEADER_BACKGROUND", "PAGE_FOOTER_LOGO", "PAGE_FOOTER_BACKGROUND", "PAGE_BACKGROUND", "FORM_BACKGROUND", "FORM_LOGO", "IDP_BUTTON_ICON" ]
enum_AssetExtensionType := [ "ICO", "JPEG", "PNG", "SVG", "WEBP" ]
enum_ColorSchemeModeType := [ "LIGHT", "DARK", "DYNAMIC" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ManagedLoginBrandingId == STRING
input.Body.UseCognitoProvidedValues == BOOLEAN
input.Body.Settings == {}
input.Body.Assets[_].Category == enum_AssetCategoryType[_]
input.Body.Assets[_].ColorMode == enum_ColorSchemeModeType[_]
input.Body.Assets[_].Extension == enum_AssetExtensionType[_]
input.Body.Assets[_].Bytes == BLOB
input.Body.Assets[_].ResourceId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.Body.Name == STRING
input.Body.Scopes[_].ScopeName == STRING
input.Body.Scopes[_].ScopeDescription == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateTerms
enum_TermsEnforcementType := [ "NONE" ]
enum_TermsSourceType := [ "LINK" ]
valid {
input.Body.TermsId == STRING
input.Body.UserPoolId == STRING
input.Body.TermsName == STRING
input.Body.TermsSource == enum_TermsSourceType[_]
input.Body.Enforcement == enum_TermsEnforcementType[_]
input.Body.Links.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateUserAttributes
valid {
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.AccessToken == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateUserPool
enum_AdvancedSecurityEnabledModeType := [ "AUDIT", "ENFORCED" ]
enum_AdvancedSecurityModeType := [ "OFF", "AUDIT", "ENFORCED" ]
enum_AuthFactorType := [ "PASSWORD", "EMAIL_OTP", "SMS_OTP", "WEB_AUTHN" ]
enum_CustomEmailSenderLambdaVersionType := [ "V1_0" ]
enum_CustomSMSSenderLambdaVersionType := [ "V1_0" ]
enum_DefaultEmailOptionType := [ "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE" ]
enum_DeletionProtectionType := [ "ACTIVE", "INACTIVE" ]
enum_EmailSendingAccountType := [ "COGNITO_DEFAULT", "DEVELOPER" ]
enum_PreTokenGenerationLambdaVersionType := [ "V1_0", "V2_0", "V3_0" ]
enum_RecoveryOptionNameType := [ "verified_email", "verified_phone_number", "admin_only" ]
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
enum_UserPoolTierType := [ "LITE", "ESSENTIALS", "PLUS" ]
enum_VerifiedAttributeType := [ "phone_number", "email" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Policies.PasswordPolicy.MinimumLength == INTEGER
input.Body.Policies.PasswordPolicy.RequireUppercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireLowercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireNumbers == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireSymbols == BOOLEAN
input.Body.Policies.PasswordPolicy.PasswordHistorySize == INTEGER
input.Body.Policies.PasswordPolicy.TemporaryPasswordValidityDays == INTEGER
input.Body.Policies.SignInPolicy.AllowedFirstAuthFactors[_] == enum_AuthFactorType[_]
input.Body.DeletionProtection == enum_DeletionProtectionType[_]
input.Body.LambdaConfig.PreSignUp == STRING
input.Body.LambdaConfig.CustomMessage == STRING
input.Body.LambdaConfig.PostConfirmation == STRING
input.Body.LambdaConfig.PreAuthentication == STRING
input.Body.LambdaConfig.PostAuthentication == STRING
input.Body.LambdaConfig.DefineAuthChallenge == STRING
input.Body.LambdaConfig.CreateAuthChallenge == STRING
input.Body.LambdaConfig.VerifyAuthChallengeResponse == STRING
input.Body.LambdaConfig.PreTokenGeneration == STRING
input.Body.LambdaConfig.UserMigration == STRING
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaVersion == enum_PreTokenGenerationLambdaVersionType[_]
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaArn == STRING
input.Body.LambdaConfig.CustomSMSSender.LambdaVersion == enum_CustomSMSSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomSMSSender.LambdaArn == STRING
input.Body.LambdaConfig.CustomEmailSender.LambdaVersion == enum_CustomEmailSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomEmailSender.LambdaArn == STRING
input.Body.LambdaConfig.KMSKeyID == STRING
input.Body.AutoVerifiedAttributes[_] == enum_VerifiedAttributeType[_]
input.Body.SmsVerificationMessage == STRING
input.Body.EmailVerificationMessage == STRING
input.Body.EmailVerificationSubject == STRING
input.Body.VerificationMessageTemplate.SmsMessage == STRING
input.Body.VerificationMessageTemplate.EmailMessage == STRING
input.Body.VerificationMessageTemplate.EmailSubject == STRING
input.Body.VerificationMessageTemplate.EmailMessageByLink == STRING
input.Body.VerificationMessageTemplate.EmailSubjectByLink == STRING
input.Body.VerificationMessageTemplate.DefaultEmailOption == enum_DefaultEmailOptionType[_]
input.Body.SmsAuthenticationMessage == STRING
input.Body.UserAttributeUpdateSettings.AttributesRequireVerificationBeforeUpdate[_] == enum_VerifiedAttributeType[_]
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.Body.DeviceConfiguration.ChallengeRequiredOnNewDevice == BOOLEAN
input.Body.DeviceConfiguration.DeviceOnlyRememberedOnUserPrompt == BOOLEAN
input.Body.EmailConfiguration.SourceArn == STRING
input.Body.EmailConfiguration.ReplyToEmailAddress == STRING
input.Body.EmailConfiguration.EmailSendingAccount == enum_EmailSendingAccountType[_]
input.Body.EmailConfiguration.From == STRING
input.Body.EmailConfiguration.ConfigurationSet == STRING
input.Body.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsConfiguration.ExternalId == STRING
input.Body.SmsConfiguration.SnsRegion == STRING
input.Body.UserPoolTags.STRING == STRING
input.Body.AdminCreateUserConfig.AllowAdminCreateUserOnly == BOOLEAN
input.Body.AdminCreateUserConfig.UnusedAccountValidityDays == INTEGER
input.Body.AdminCreateUserConfig.InviteMessageTemplate.SMSMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailSubject == STRING
input.Body.UserPoolAddOns.AdvancedSecurityMode == enum_AdvancedSecurityModeType[_]
input.Body.UserPoolAddOns.AdvancedSecurityAdditionalFlows.CustomAuthMode == enum_AdvancedSecurityEnabledModeType[_]
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Priority == INTEGER
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Name == enum_RecoveryOptionNameType[_]
input.Body.PoolName == STRING
input.Body.UserPoolTier == enum_UserPoolTierType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateUserPoolClient
enum_ExplicitAuthFlowsType := [ "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH", "ALLOW_USER_AUTH" ]
enum_FeatureType := [ "ENABLED", "DISABLED" ]
enum_OAuthFlowType := [ "code", "implicit", "client_credentials" ]
enum_PreventUserExistenceErrorTypes := [ "LEGACY", "ENABLED" ]
enum_TimeUnitsType := [ "seconds", "minutes", "hours", "days" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.ClientName == STRING
input.Body.RefreshTokenValidity == INTEGER
input.Body.AccessTokenValidity == INTEGER
input.Body.IdTokenValidity == INTEGER
input.Body.TokenValidityUnits.AccessToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.IdToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.RefreshToken == enum_TimeUnitsType[_]
input.Body.ReadAttributes[_] == STRING
input.Body.WriteAttributes[_] == STRING
input.Body.ExplicitAuthFlows[_] == enum_ExplicitAuthFlowsType[_]
input.Body.SupportedIdentityProviders[_] == STRING
input.Body.CallbackURLs[_] == STRING
input.Body.LogoutURLs[_] == STRING
input.Body.DefaultRedirectURI == STRING
input.Body.AllowedOAuthFlows[_] == enum_OAuthFlowType[_]
input.Body.AllowedOAuthScopes[_] == STRING
input.Body.AllowedOAuthFlowsUserPoolClient == BOOLEAN
input.Body.AnalyticsConfiguration.ApplicationId == STRING
input.Body.AnalyticsConfiguration.ApplicationArn == STRING
input.Body.AnalyticsConfiguration.RoleArn == STRING
input.Body.AnalyticsConfiguration.ExternalId == STRING
input.Body.AnalyticsConfiguration.UserDataShared == BOOLEAN
input.Body.PreventUserExistenceErrors == enum_PreventUserExistenceErrorTypes[_]
input.Body.EnableTokenRevocation == BOOLEAN
input.Body.EnablePropagateAdditionalUserContextData == BOOLEAN
input.Body.AuthSessionValidity == INTEGER
input.Body.RefreshTokenRotation.Feature == enum_FeatureType[_]
input.Body.RefreshTokenRotation.RetryGracePeriodSeconds == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.Body.ManagedLoginVersion == INTEGER
input.Body.CustomDomainConfig.CertificateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}VerifySoftwareToken
valid {
input.Body.AccessToken == STRING
input.Body.Session == STRING
input.Body.UserCode == STRING
input.Body.FriendlyDeviceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}VerifyUserAttribute
valid {
input.Body.AccessToken == STRING
input.Body.AttributeName == STRING
input.Body.Code == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 4 days ago