COGNITO-IDP
AddCustomAttributes
enum_AttributeDataType := [ "String", "Number", "DateTime", "Boolean" ]
valid {
input.Body.UserPoolId == STRING
input.Body.CustomAttributes[_].Name == STRING
input.Body.CustomAttributes[_].AttributeDataType == enum_AttributeDataType[_]
input.Body.CustomAttributes[_].DeveloperOnlyAttribute == BOOLEAN
input.Body.CustomAttributes[_].Mutable == BOOLEAN
input.Body.CustomAttributes[_].Required == BOOLEAN
input.Body.CustomAttributes[_].NumberAttributeConstraints.MinValue == STRING
input.Body.CustomAttributes[_].NumberAttributeConstraints.MaxValue == STRING
input.Body.CustomAttributes[_].StringAttributeConstraints.MinLength == STRING
input.Body.CustomAttributes[_].StringAttributeConstraints.MaxLength == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminAddUserToGroup
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminConfirmSignUp
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminCreateUser
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
enum_MessageActionType := [ "RESEND", "SUPPRESS" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ValidationData[_].Name == STRING
input.Body.ValidationData[_].Value == STRING
input.Body.TemporaryPassword == STRING
input.Body.ForceAliasCreation == BOOLEAN
input.Body.MessageAction == enum_MessageActionType[_]
input.Body.DesiredDeliveryMediums[_] == enum_DeliveryMediumType[_]
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminDeleteUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminDeleteUserAttributes
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributeNames[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminDisableProviderForUser
valid {
input.Body.UserPoolId == STRING
input.Body.User.ProviderName == STRING
input.Body.User.ProviderAttributeName == STRING
input.Body.User.ProviderAttributeValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminDisableUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminEnableUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminForgetDevice
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.DeviceKey == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminGetDevice
valid {
input.Body.DeviceKey == STRING
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminGetUser
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminInitiateAuth
enum_AuthFlowType := [ "USER_SRP_AUTH", "REFRESH_TOKEN_AUTH", "REFRESH_TOKEN", "CUSTOM_AUTH", "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH", "ADMIN_USER_PASSWORD_AUTH" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.AuthFlow == enum_AuthFlowType[_]
input.Body.AuthParameters.STRING == STRING
input.Body.ClientMetadata.STRING == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ContextData.IpAddress == STRING
input.Body.ContextData.ServerName == STRING
input.Body.ContextData.ServerPath == STRING
input.Body.ContextData.HttpHeaders[_].headerName == STRING
input.Body.ContextData.HttpHeaders[_].headerValue == STRING
input.Body.ContextData.EncodedData == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminLinkProviderForUser
valid {
input.Body.UserPoolId == STRING
input.Body.DestinationUser.ProviderName == STRING
input.Body.DestinationUser.ProviderAttributeName == STRING
input.Body.DestinationUser.ProviderAttributeValue == STRING
input.Body.SourceUser.ProviderName == STRING
input.Body.SourceUser.ProviderAttributeName == STRING
input.Body.SourceUser.ProviderAttributeValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminListDevices
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminListGroupsForUser
valid {
input.Body.Username == STRING
input.Body.UserPoolId == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminListUserAuthEvents
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminRemoveUserFromGroup
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.GroupName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminResetUserPassword
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminRespondToAuthChallenge
enum_ChallengeNameType := [ "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.ChallengeName == enum_ChallengeNameType[_]
input.Body.ChallengeResponses.STRING == STRING
input.Body.Session == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ContextData.IpAddress == STRING
input.Body.ContextData.ServerName == STRING
input.Body.ContextData.ServerPath == STRING
input.Body.ContextData.HttpHeaders[_].headerName == STRING
input.Body.ContextData.HttpHeaders[_].headerValue == STRING
input.Body.ContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminSetUserMFAPreference
valid {
input.Body.SMSMfaSettings.Enabled == BOOLEAN
input.Body.SMSMfaSettings.PreferredMfa == BOOLEAN
input.Body.SoftwareTokenMfaSettings.Enabled == BOOLEAN
input.Body.SoftwareTokenMfaSettings.PreferredMfa == BOOLEAN
input.Body.EmailMfaSettings.Enabled == BOOLEAN
input.Body.EmailMfaSettings.PreferredMfa == BOOLEAN
input.Body.Username == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminSetUserPassword
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.Password == STRING
input.Body.Permanent == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminSetUserSettings
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.MFAOptions[_].DeliveryMedium == enum_DeliveryMediumType[_]
input.Body.MFAOptions[_].AttributeName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminUpdateAuthEventFeedback
enum_FeedbackValueType := [ "Valid", "Invalid" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.EventId == STRING
input.Body.FeedbackValue == enum_FeedbackValueType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminUpdateDeviceStatus
enum_DeviceRememberedStatusType := [ "remembered", "not_remembered" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceRememberedStatus == enum_DeviceRememberedStatusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminUpdateUserAttributes
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AdminUserGlobalSignOut
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateSoftwareToken
valid {
input.Body.AccessToken == STRING
input.Body.Session == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ChangePassword
valid {
input.Body.PreviousPassword == STRING
input.Body.ProposedPassword == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ConfirmDevice
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceSecretVerifierConfig.PasswordVerifier == STRING
input.Body.DeviceSecretVerifierConfig.Salt == STRING
input.Body.DeviceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ConfirmForgotPassword
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.ConfirmationCode == STRING
input.Body.Password == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ConfirmSignUp
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.ConfirmationCode == STRING
input.Body.ForceAliasCreation == BOOLEAN
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.Body.Description == STRING
input.Body.RoleArn == STRING
input.Body.Precedence == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateIdentityProvider
enum_IdentityProviderTypeType := [ "SAML", "Facebook", "Google", "LoginWithAmazon", "SignInWithApple", "OIDC" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.Body.ProviderType == enum_IdentityProviderTypeType[_]
input.Body.ProviderDetails.STRING == STRING
input.Body.AttributeMapping.STRING == STRING
input.Body.IdpIdentifiers[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.Body.Name == STRING
input.Body.Scopes[_].ScopeName == STRING
input.Body.Scopes[_].ScopeDescription == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateUserImportJob
valid {
input.Body.JobName == STRING
input.Body.UserPoolId == STRING
input.Body.CloudWatchLogsRoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateUserPool
enum_AdvancedSecurityEnabledModeType := [ "AUDIT", "ENFORCED" ]
enum_AdvancedSecurityModeType := [ "OFF", "AUDIT", "ENFORCED" ]
enum_AliasAttributeType := [ "phone_number", "email", "preferred_username" ]
enum_AttributeDataType := [ "String", "Number", "DateTime", "Boolean" ]
enum_CustomEmailSenderLambdaVersionType := [ "V1_0" ]
enum_CustomSMSSenderLambdaVersionType := [ "V1_0" ]
enum_DefaultEmailOptionType := [ "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE" ]
enum_DeletionProtectionType := [ "ACTIVE", "INACTIVE" ]
enum_EmailSendingAccountType := [ "COGNITO_DEFAULT", "DEVELOPER" ]
enum_PreTokenGenerationLambdaVersionType := [ "V1_0", "V2_0" ]
enum_RecoveryOptionNameType := [ "verified_email", "verified_phone_number", "admin_only" ]
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
enum_UsernameAttributeType := [ "phone_number", "email" ]
enum_VerifiedAttributeType := [ "phone_number", "email" ]
valid {
input.Body.PoolName == STRING
input.Body.Policies.PasswordPolicy.MinimumLength == INTEGER
input.Body.Policies.PasswordPolicy.RequireUppercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireLowercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireNumbers == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireSymbols == BOOLEAN
input.Body.Policies.PasswordPolicy.PasswordHistorySize == INTEGER
input.Body.Policies.PasswordPolicy.TemporaryPasswordValidityDays == INTEGER
input.Body.DeletionProtection == enum_DeletionProtectionType[_]
input.Body.LambdaConfig.PreSignUp == STRING
input.Body.LambdaConfig.CustomMessage == STRING
input.Body.LambdaConfig.PostConfirmation == STRING
input.Body.LambdaConfig.PreAuthentication == STRING
input.Body.LambdaConfig.PostAuthentication == STRING
input.Body.LambdaConfig.DefineAuthChallenge == STRING
input.Body.LambdaConfig.CreateAuthChallenge == STRING
input.Body.LambdaConfig.VerifyAuthChallengeResponse == STRING
input.Body.LambdaConfig.PreTokenGeneration == STRING
input.Body.LambdaConfig.UserMigration == STRING
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaVersion == enum_PreTokenGenerationLambdaVersionType[_]
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaArn == STRING
input.Body.LambdaConfig.CustomSMSSender.LambdaVersion == enum_CustomSMSSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomSMSSender.LambdaArn == STRING
input.Body.LambdaConfig.CustomEmailSender.LambdaVersion == enum_CustomEmailSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomEmailSender.LambdaArn == STRING
input.Body.LambdaConfig.KMSKeyID == STRING
input.Body.AutoVerifiedAttributes[_] == enum_VerifiedAttributeType[_]
input.Body.AliasAttributes[_] == enum_AliasAttributeType[_]
input.Body.UsernameAttributes[_] == enum_UsernameAttributeType[_]
input.Body.SmsVerificationMessage == STRING
input.Body.EmailVerificationMessage == STRING
input.Body.EmailVerificationSubject == STRING
input.Body.VerificationMessageTemplate.SmsMessage == STRING
input.Body.VerificationMessageTemplate.EmailMessage == STRING
input.Body.VerificationMessageTemplate.EmailSubject == STRING
input.Body.VerificationMessageTemplate.EmailMessageByLink == STRING
input.Body.VerificationMessageTemplate.EmailSubjectByLink == STRING
input.Body.VerificationMessageTemplate.DefaultEmailOption == enum_DefaultEmailOptionType[_]
input.Body.SmsAuthenticationMessage == STRING
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.Body.UserAttributeUpdateSettings.AttributesRequireVerificationBeforeUpdate[_] == enum_VerifiedAttributeType[_]
input.Body.DeviceConfiguration.ChallengeRequiredOnNewDevice == BOOLEAN
input.Body.DeviceConfiguration.DeviceOnlyRememberedOnUserPrompt == BOOLEAN
input.Body.EmailConfiguration.SourceArn == STRING
input.Body.EmailConfiguration.ReplyToEmailAddress == STRING
input.Body.EmailConfiguration.EmailSendingAccount == enum_EmailSendingAccountType[_]
input.Body.EmailConfiguration.From == STRING
input.Body.EmailConfiguration.ConfigurationSet == STRING
input.Body.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsConfiguration.ExternalId == STRING
input.Body.SmsConfiguration.SnsRegion == STRING
input.Body.UserPoolTags.STRING == STRING
input.Body.AdminCreateUserConfig.AllowAdminCreateUserOnly == BOOLEAN
input.Body.AdminCreateUserConfig.UnusedAccountValidityDays == INTEGER
input.Body.AdminCreateUserConfig.InviteMessageTemplate.SMSMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailSubject == STRING
input.Body.Schema[_].Name == STRING
input.Body.Schema[_].AttributeDataType == enum_AttributeDataType[_]
input.Body.Schema[_].DeveloperOnlyAttribute == BOOLEAN
input.Body.Schema[_].Mutable == BOOLEAN
input.Body.Schema[_].Required == BOOLEAN
input.Body.Schema[_].NumberAttributeConstraints.MinValue == STRING
input.Body.Schema[_].NumberAttributeConstraints.MaxValue == STRING
input.Body.Schema[_].StringAttributeConstraints.MinLength == STRING
input.Body.Schema[_].StringAttributeConstraints.MaxLength == STRING
input.Body.UserPoolAddOns.AdvancedSecurityMode == enum_AdvancedSecurityModeType[_]
input.Body.UserPoolAddOns.AdvancedSecurityAdditionalFlows.CustomAuthMode == enum_AdvancedSecurityEnabledModeType[_]
input.Body.UsernameConfiguration.CaseSensitive == BOOLEAN
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Priority == INTEGER
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Name == enum_RecoveryOptionNameType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateUserPoolClient
enum_ExplicitAuthFlowsType := [ "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ]
enum_OAuthFlowType := [ "code", "implicit", "client_credentials" ]
enum_PreventUserExistenceErrorTypes := [ "LEGACY", "ENABLED" ]
enum_TimeUnitsType := [ "seconds", "minutes", "hours", "days" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientName == STRING
input.Body.GenerateSecret == BOOLEAN
input.Body.RefreshTokenValidity == INTEGER
input.Body.AccessTokenValidity == INTEGER
input.Body.IdTokenValidity == INTEGER
input.Body.TokenValidityUnits.AccessToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.IdToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.RefreshToken == enum_TimeUnitsType[_]
input.Body.ReadAttributes[_] == STRING
input.Body.WriteAttributes[_] == STRING
input.Body.ExplicitAuthFlows[_] == enum_ExplicitAuthFlowsType[_]
input.Body.SupportedIdentityProviders[_] == STRING
input.Body.CallbackURLs[_] == STRING
input.Body.LogoutURLs[_] == STRING
input.Body.DefaultRedirectURI == STRING
input.Body.AllowedOAuthFlows[_] == enum_OAuthFlowType[_]
input.Body.AllowedOAuthScopes[_] == STRING
input.Body.AllowedOAuthFlowsUserPoolClient == BOOLEAN
input.Body.AnalyticsConfiguration.ApplicationId == STRING
input.Body.AnalyticsConfiguration.ApplicationArn == STRING
input.Body.AnalyticsConfiguration.RoleArn == STRING
input.Body.AnalyticsConfiguration.ExternalId == STRING
input.Body.AnalyticsConfiguration.UserDataShared == BOOLEAN
input.Body.PreventUserExistenceErrors == enum_PreventUserExistenceErrorTypes[_]
input.Body.EnableTokenRevocation == BOOLEAN
input.Body.EnablePropagateAdditionalUserContextData == BOOLEAN
input.Body.AuthSessionValidity == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.Body.CustomDomainConfig.CertificateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUser
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserAttributes
valid {
input.Body.UserAttributeNames[_] == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserPool
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserPoolClient
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRiskConfiguration
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeUserPool
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeUserPoolClient
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeUserPoolDomain
valid {
input.Body.Domain == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ForgetDevice
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ForgotPassword
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.Username == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCSVHeader
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetDevice
valid {
input.Body.DeviceKey == STRING
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetIdentityProviderByIdentifier
valid {
input.Body.UserPoolId == STRING
input.Body.IdpIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetLogDeliveryConfiguration
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSigningCertificate
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUICustomization
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUser
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUserAttributeVerificationCode
valid {
input.Body.AccessToken == STRING
input.Body.AttributeName == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetUserPoolMfaConfig
valid {
input.Body.UserPoolId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GlobalSignOut
valid {
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
InitiateAuth
enum_AuthFlowType := [ "USER_SRP_AUTH", "REFRESH_TOKEN_AUTH", "REFRESH_TOKEN", "CUSTOM_AUTH", "ADMIN_NO_SRP_AUTH", "USER_PASSWORD_AUTH", "ADMIN_USER_PASSWORD_AUTH" ]
valid {
input.Body.AuthFlow == enum_AuthFlowType[_]
input.Body.AuthParameters.STRING == STRING
input.Body.ClientMetadata.STRING == STRING
input.Body.ClientId == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListDevices
valid {
input.Body.AccessToken == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListGroups
valid {
input.Body.UserPoolId == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListIdentityProviders
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourceServers
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUserImportJobs
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.PaginationToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUserPoolClients
valid {
input.Body.UserPoolId == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUserPools
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUsers
valid {
input.Body.UserPoolId == STRING
input.Body.AttributesToGet[_] == STRING
input.Body.Limit == INTEGER
input.Body.PaginationToken == STRING
input.Body.Filter == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListUsersInGroup
valid {
input.Body.UserPoolId == STRING
input.Body.GroupName == STRING
input.Body.Limit == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ResendConfirmationCode
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.Username == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RespondToAuthChallenge
enum_ChallengeNameType := [ "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED" ]
valid {
input.Body.ClientId == STRING
input.Body.ChallengeName == enum_ChallengeNameType[_]
input.Body.Session == STRING
input.Body.ChallengeResponses.STRING == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RevokeToken
valid {
input.Body.Token == STRING
input.Body.ClientId == STRING
input.Body.ClientSecret == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetLogDeliveryConfiguration
enum_EventSourceName := [ "userNotification", "userAuthEvents" ]
enum_LogLevel := [ "ERROR", "INFO" ]
valid {
input.Body.UserPoolId == STRING
input.Body.LogConfigurations[_].LogLevel == enum_LogLevel[_]
input.Body.LogConfigurations[_].EventSource == enum_EventSourceName[_]
input.Body.LogConfigurations[_].CloudWatchLogsConfiguration.LogGroupArn == STRING
input.Body.LogConfigurations[_].S3Configuration.BucketArn == STRING
input.Body.LogConfigurations[_].FirehoseConfiguration.StreamArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetRiskConfiguration
enum_AccountTakeoverEventActionType := [ "BLOCK", "MFA_IF_CONFIGURED", "MFA_REQUIRED", "NO_ACTION" ]
enum_CompromisedCredentialsEventActionType := [ "BLOCK", "NO_ACTION" ]
enum_EventFilterType := [ "SIGN_IN", "PASSWORD_CHANGE", "SIGN_UP" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.CompromisedCredentialsRiskConfiguration.EventFilter[_] == enum_EventFilterType[_]
input.Body.CompromisedCredentialsRiskConfiguration.Actions.EventAction == enum_CompromisedCredentialsEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.From == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.ReplyTo == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.SourceArn == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.BlockEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.NoActionEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.Subject == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.HtmlBody == STRING
input.Body.AccountTakeoverRiskConfiguration.NotifyConfiguration.MfaEmail.TextBody == STRING
input.Body.AccountTakeoverRiskConfiguration.Actions.LowAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.LowAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.Actions.MediumAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.MediumAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.AccountTakeoverRiskConfiguration.Actions.HighAction.Notify == BOOLEAN
input.Body.AccountTakeoverRiskConfiguration.Actions.HighAction.EventAction == enum_AccountTakeoverEventActionType[_]
input.Body.RiskExceptionConfiguration.BlockedIPRangeList[_] == STRING
input.Body.RiskExceptionConfiguration.SkippedIPRangeList[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetUICustomization
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.CSS == STRING
input.Body.ImageFile == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetUserMFAPreference
valid {
input.Body.SMSMfaSettings.Enabled == BOOLEAN
input.Body.SMSMfaSettings.PreferredMfa == BOOLEAN
input.Body.SoftwareTokenMfaSettings.Enabled == BOOLEAN
input.Body.SoftwareTokenMfaSettings.PreferredMfa == BOOLEAN
input.Body.EmailMfaSettings.Enabled == BOOLEAN
input.Body.EmailMfaSettings.PreferredMfa == BOOLEAN
input.Body.AccessToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetUserPoolMfaConfig
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
valid {
input.Body.UserPoolId == STRING
input.Body.SmsMfaConfiguration.SmsAuthenticationMessage == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.ExternalId == STRING
input.Body.SmsMfaConfiguration.SmsConfiguration.SnsRegion == STRING
input.Body.SoftwareTokenMfaConfiguration.Enabled == BOOLEAN
input.Body.EmailMfaConfiguration.Message == STRING
input.Body.EmailMfaConfiguration.Subject == STRING
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetUserSettings
enum_DeliveryMediumType := [ "SMS", "EMAIL" ]
valid {
input.Body.AccessToken == STRING
input.Body.MFAOptions[_].DeliveryMedium == enum_DeliveryMediumType[_]
input.Body.MFAOptions[_].AttributeName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SignUp
valid {
input.Body.ClientId == STRING
input.Body.SecretHash == STRING
input.Body.Username == STRING
input.Body.Password == STRING
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.ValidationData[_].Name == STRING
input.Body.ValidationData[_].Value == STRING
input.Body.AnalyticsMetadata.AnalyticsEndpointId == STRING
input.Body.UserContextData.IpAddress == STRING
input.Body.UserContextData.EncodedData == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopUserImportJob
valid {
input.Body.UserPoolId == STRING
input.Body.JobId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.ResourceArn == STRING
input.Body.Tags.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAuthEventFeedback
enum_FeedbackValueType := [ "Valid", "Invalid" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Username == STRING
input.Body.EventId == STRING
input.Body.FeedbackToken == STRING
input.Body.FeedbackValue == enum_FeedbackValueType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateDeviceStatus
enum_DeviceRememberedStatusType := [ "remembered", "not_remembered" ]
valid {
input.Body.AccessToken == STRING
input.Body.DeviceKey == STRING
input.Body.DeviceRememberedStatus == enum_DeviceRememberedStatusType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateGroup
valid {
input.Body.GroupName == STRING
input.Body.UserPoolId == STRING
input.Body.Description == STRING
input.Body.RoleArn == STRING
input.Body.Precedence == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateIdentityProvider
valid {
input.Body.UserPoolId == STRING
input.Body.ProviderName == STRING
input.Body.ProviderDetails.STRING == STRING
input.Body.AttributeMapping.STRING == STRING
input.Body.IdpIdentifiers[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateResourceServer
valid {
input.Body.UserPoolId == STRING
input.Body.Identifier == STRING
input.Body.Name == STRING
input.Body.Scopes[_].ScopeName == STRING
input.Body.Scopes[_].ScopeDescription == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateUserAttributes
valid {
input.Body.UserAttributes[_].Name == STRING
input.Body.UserAttributes[_].Value == STRING
input.Body.AccessToken == STRING
input.Body.ClientMetadata.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateUserPool
enum_AdvancedSecurityEnabledModeType := [ "AUDIT", "ENFORCED" ]
enum_AdvancedSecurityModeType := [ "OFF", "AUDIT", "ENFORCED" ]
enum_CustomEmailSenderLambdaVersionType := [ "V1_0" ]
enum_CustomSMSSenderLambdaVersionType := [ "V1_0" ]
enum_DefaultEmailOptionType := [ "CONFIRM_WITH_LINK", "CONFIRM_WITH_CODE" ]
enum_DeletionProtectionType := [ "ACTIVE", "INACTIVE" ]
enum_EmailSendingAccountType := [ "COGNITO_DEFAULT", "DEVELOPER" ]
enum_PreTokenGenerationLambdaVersionType := [ "V1_0", "V2_0" ]
enum_RecoveryOptionNameType := [ "verified_email", "verified_phone_number", "admin_only" ]
enum_UserPoolMfaType := [ "OFF", "ON", "OPTIONAL" ]
enum_VerifiedAttributeType := [ "phone_number", "email" ]
valid {
input.Body.UserPoolId == STRING
input.Body.Policies.PasswordPolicy.MinimumLength == INTEGER
input.Body.Policies.PasswordPolicy.RequireUppercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireLowercase == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireNumbers == BOOLEAN
input.Body.Policies.PasswordPolicy.RequireSymbols == BOOLEAN
input.Body.Policies.PasswordPolicy.PasswordHistorySize == INTEGER
input.Body.Policies.PasswordPolicy.TemporaryPasswordValidityDays == INTEGER
input.Body.DeletionProtection == enum_DeletionProtectionType[_]
input.Body.LambdaConfig.PreSignUp == STRING
input.Body.LambdaConfig.CustomMessage == STRING
input.Body.LambdaConfig.PostConfirmation == STRING
input.Body.LambdaConfig.PreAuthentication == STRING
input.Body.LambdaConfig.PostAuthentication == STRING
input.Body.LambdaConfig.DefineAuthChallenge == STRING
input.Body.LambdaConfig.CreateAuthChallenge == STRING
input.Body.LambdaConfig.VerifyAuthChallengeResponse == STRING
input.Body.LambdaConfig.PreTokenGeneration == STRING
input.Body.LambdaConfig.UserMigration == STRING
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaVersion == enum_PreTokenGenerationLambdaVersionType[_]
input.Body.LambdaConfig.PreTokenGenerationConfig.LambdaArn == STRING
input.Body.LambdaConfig.CustomSMSSender.LambdaVersion == enum_CustomSMSSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomSMSSender.LambdaArn == STRING
input.Body.LambdaConfig.CustomEmailSender.LambdaVersion == enum_CustomEmailSenderLambdaVersionType[_]
input.Body.LambdaConfig.CustomEmailSender.LambdaArn == STRING
input.Body.LambdaConfig.KMSKeyID == STRING
input.Body.AutoVerifiedAttributes[_] == enum_VerifiedAttributeType[_]
input.Body.SmsVerificationMessage == STRING
input.Body.EmailVerificationMessage == STRING
input.Body.EmailVerificationSubject == STRING
input.Body.VerificationMessageTemplate.SmsMessage == STRING
input.Body.VerificationMessageTemplate.EmailMessage == STRING
input.Body.VerificationMessageTemplate.EmailSubject == STRING
input.Body.VerificationMessageTemplate.EmailMessageByLink == STRING
input.Body.VerificationMessageTemplate.EmailSubjectByLink == STRING
input.Body.VerificationMessageTemplate.DefaultEmailOption == enum_DefaultEmailOptionType[_]
input.Body.SmsAuthenticationMessage == STRING
input.Body.UserAttributeUpdateSettings.AttributesRequireVerificationBeforeUpdate[_] == enum_VerifiedAttributeType[_]
input.Body.MfaConfiguration == enum_UserPoolMfaType[_]
input.Body.DeviceConfiguration.ChallengeRequiredOnNewDevice == BOOLEAN
input.Body.DeviceConfiguration.DeviceOnlyRememberedOnUserPrompt == BOOLEAN
input.Body.EmailConfiguration.SourceArn == STRING
input.Body.EmailConfiguration.ReplyToEmailAddress == STRING
input.Body.EmailConfiguration.EmailSendingAccount == enum_EmailSendingAccountType[_]
input.Body.EmailConfiguration.From == STRING
input.Body.EmailConfiguration.ConfigurationSet == STRING
input.Body.SmsConfiguration.SnsCallerArn == STRING
input.Body.SmsConfiguration.ExternalId == STRING
input.Body.SmsConfiguration.SnsRegion == STRING
input.Body.UserPoolTags.STRING == STRING
input.Body.AdminCreateUserConfig.AllowAdminCreateUserOnly == BOOLEAN
input.Body.AdminCreateUserConfig.UnusedAccountValidityDays == INTEGER
input.Body.AdminCreateUserConfig.InviteMessageTemplate.SMSMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailMessage == STRING
input.Body.AdminCreateUserConfig.InviteMessageTemplate.EmailSubject == STRING
input.Body.UserPoolAddOns.AdvancedSecurityMode == enum_AdvancedSecurityModeType[_]
input.Body.UserPoolAddOns.AdvancedSecurityAdditionalFlows.CustomAuthMode == enum_AdvancedSecurityEnabledModeType[_]
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Priority == INTEGER
input.Body.AccountRecoverySetting.RecoveryMechanisms[_].Name == enum_RecoveryOptionNameType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateUserPoolClient
enum_ExplicitAuthFlowsType := [ "ADMIN_NO_SRP_AUTH", "CUSTOM_AUTH_FLOW_ONLY", "USER_PASSWORD_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ]
enum_OAuthFlowType := [ "code", "implicit", "client_credentials" ]
enum_PreventUserExistenceErrorTypes := [ "LEGACY", "ENABLED" ]
enum_TimeUnitsType := [ "seconds", "minutes", "hours", "days" ]
valid {
input.Body.UserPoolId == STRING
input.Body.ClientId == STRING
input.Body.ClientName == STRING
input.Body.RefreshTokenValidity == INTEGER
input.Body.AccessTokenValidity == INTEGER
input.Body.IdTokenValidity == INTEGER
input.Body.TokenValidityUnits.AccessToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.IdToken == enum_TimeUnitsType[_]
input.Body.TokenValidityUnits.RefreshToken == enum_TimeUnitsType[_]
input.Body.ReadAttributes[_] == STRING
input.Body.WriteAttributes[_] == STRING
input.Body.ExplicitAuthFlows[_] == enum_ExplicitAuthFlowsType[_]
input.Body.SupportedIdentityProviders[_] == STRING
input.Body.CallbackURLs[_] == STRING
input.Body.LogoutURLs[_] == STRING
input.Body.DefaultRedirectURI == STRING
input.Body.AllowedOAuthFlows[_] == enum_OAuthFlowType[_]
input.Body.AllowedOAuthScopes[_] == STRING
input.Body.AllowedOAuthFlowsUserPoolClient == BOOLEAN
input.Body.AnalyticsConfiguration.ApplicationId == STRING
input.Body.AnalyticsConfiguration.ApplicationArn == STRING
input.Body.AnalyticsConfiguration.RoleArn == STRING
input.Body.AnalyticsConfiguration.ExternalId == STRING
input.Body.AnalyticsConfiguration.UserDataShared == BOOLEAN
input.Body.PreventUserExistenceErrors == enum_PreventUserExistenceErrorTypes[_]
input.Body.EnableTokenRevocation == BOOLEAN
input.Body.EnablePropagateAdditionalUserContextData == BOOLEAN
input.Body.AuthSessionValidity == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateUserPoolDomain
valid {
input.Body.Domain == STRING
input.Body.UserPoolId == STRING
input.Body.CustomDomainConfig.CertificateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
VerifySoftwareToken
valid {
input.Body.AccessToken == STRING
input.Body.Session == STRING
input.Body.UserCode == STRING
input.Body.FriendlyDeviceName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
VerifyUserAttribute
valid {
input.Body.AccessToken == STRING
input.Body.AttributeName == STRING
input.Body.Code == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 8 days ago