Aws cognito jwt

Aws cognito jwt. By default, HTTP APIs allow any type of request to the wish - list - service endpoint, so that’ll be the first thing to change. cs is now contained within Program. SigningKey(CognitoConstants. $ npm install. only). 1. 0 as an industry standard protocol for authorization, and the sample application in this blog post relies on JSON Web Tokens to authorize access to private content. You can decode the JWT token and also cache this expiry along with the token. Conclusion. CognitoIdentityCredentials({ Apr 19, 2019 · To retrieve the JWT Token, you could either try a login operation from the Cognito Hosted UI, or you could alternatively try the AWS provided InitiateAuth or AdminInitiateAuth API calls. How do I validate a jwt token that I got from Cognito. region = 'eu-central-1'; // Region AWS. It is a user directory, an authentication server, and an authorization service for OAuth 2. user, or any other property of your choice, with its deciphered content. To revoke a JWT token, refer to the relevant instructions based on your app client. You need to configure custom JWT claims, which you can do with a Lambda function. We have setup rules in ALB to authenticate user with Cognito client. How can I externally verify a JWT token that has been signed with an RSA private key. Choose Actions, Edit security configuration. To demonstrate the end-to-end authentication flow, we’ve created a simple REST API that’s built on Amazon API Gateway. NET Core with Cognito. answered Nov 28, 2017 at 7:38. Is it possible to configure Cognito to Encrypt access JWT? That configuration is needed because we'd like to make not visible user groups claims for clients (client applications). AWS. I am new to the jwt concept. NET Core application to understand those claims and authenticate the user from the ASP. Navigate to “Users and Groups”. Related questions. Mar 14, 2022 · Hi Nick. AddAuthentication(AwsJwtAuthorizerDefaults. amazon-cognito. The IdP redirects the user to the user pool with a SAML response or an authorization code. json file. aws-api-gateway. Decode and verify Amazon Cognito JWT tokens Note: tested on Python >= 3. Description. The following is the header of a sample ID token. We are trying to integrate AWS ALB with Cognito user pool. The exception is raised if the public information from the JWKS_URI is not downloaded. Check the exp claim and make sure the token is not expired. 0 flow to get a JWT from the AWS Cognito user pool, but by default, it will use the access_token, and sometimes you need to use the custom attributes included in the id_token. @JefreeSujit The JWT will contain a "kid" (key ID), which decides the JWK to use from the cognito-idp request shown above. aws/knowledge-center/revoke-cognito-jwt-tokenVarun shows you ho Jun 19, 2017 · JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. S. Under Domains, select the domain you want to configure. decode(encoded, algorithms=["RS256"], options={"verify_signature": False}) The options configuration will tell the PyJWT library to ignore the public-key aspect of the verification process, and decode the Base64 key Nov 5, 2018 · From my reading of the RFC I do not think that AWS is doing anything wrong, specifically (note my emphisis): If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. And I use AWS Cognito to manage user authentication and authorization. JWT tokens include three sections: a header, payload, and signature. NET if needed. Add the following lines to your Django settings. IssuerSigningKey = this. Select Enable Amazon Cognito authentication. Package works in two modes: synchronous - requests as http-client and asynchronous - aiohttp as http-client. Is there any approach to get the JWT token from the Amazon Cognito Oct 11, 2017 · These tokens are JWT tokens and hold the expiry time within themselves. User list in AWS Cognito Apr 24, 2019 · UPDATE: Looks like I need to pass a Logins field and data to the get_id function call, but to do that I need the login JWT token. This is all good. ts in your project root. Nov 23, 2021 · Refresh JWT token from AWS Cognito in Angular 5? 3. Using Amazon Cognito Refresh Token to get new token in javascript. For Region, select the AWS Region that contains your Amazon Cognito user pool and identity pool. In this developer tutorial, we are going to learn how to make an integration with Amazon Cognito using the AWS SDK for Java by providing all the necessary code samples and Amazon Cognito returns three tokens: the ID token, access token, and refresh token—the ID token contains the user fields defined in the Amazon Cognito user pool. AWS_COGNITO_USER_POOL_CLIENT_ID. decodePayload(); This contains an array of groups in the cognito:groups key returned. Net6) and get a JWT token. アクセストークンや ID トークンの形式が不正ではなく、期限切れでもなく、有効な署名が付い Mar 9, 2021 · The documentation states that Access Tokens contain the cognito:groups claim. MIT license 174 stars 60 forks Branches Tags Activity. If you chose Authenticated access, select one or more Identity types that you want to Aug 26, 2019 · How to verify JWT from AWS Cognito in the API backend? 3. Define the resource server and custom scopes. Oct 14, 2022 · A quick tutorial on how to secure your AWS REST APIs using AWS Cognito, JWT Tokens, and JWT Authorizers. 그런 다음 aws-jwt-verify 와 같은 라이브러리 또는 jwt. The identity/access tokens come with a expiration time so this is something you can do locally in your Oct 7, 2021 · Head back to the API Gateway console in AWS and click “wish-list-service-API” to open up the API’s details page. NET 6 Web API solution (so Startup. 確認できる値には次のものがあります。. clientid,//Same value you send in the cognito request url. jwt. 2,94762835. Step 6: Review and click on Create User Pool. AWS_COGNITO_USER_POOL_ID. config. If the JWT token is valid, you decode it and get the cognito:groups claim out of it. The following decoded jwt will be produced after a login via hosted-UI. NET Core, since it comes with a customizable aws-jwt-verify を使用すると、1 つ以上のユーザープールについて検証したいクレーム値を CognitoJwtVerifier に入力できます。. Normally Pre-Token generation trigger adds them to id token. Jun 23, 2016 · For Cognito User Pools + API Gateway + API Gateway Custom Authorizer + Cognito User Pools Access Token. currentSession()). Amazon Cognito. 0, last published: a year ago. NET Core (application) perspective. This library is built on top of @nestjs-cognito/core and aws-jwt-verify. Revoke a token. You can also revoke tokens using the Revoke endpoint. There are 92 other projects in the npm registry using aws-jwt-verify. Mar 2, 2024 · 1. expo), ValidIssuer = CognitoConstants. For example actions and scenarios, see Code examples for Amazon Cognito Identity Provider using Amazon Web Services SDKs. Verify RS256/RS384/RS512 signed JSON Web Tokens (JWT). Add a resource server with custom scopes in your user pool. We can authenticate and authorize the application users from our own built-in user directory, in our AWS Cognito user pool. Let’s start by creating an SST app. This could be a result of the JWKS_URI being constructed wrong. Every time the cache for the tokens is accessed, also check the current time against the cached expiry time. To create a user from command line, I think there are simpler cognito API calls, which are sign-up and admin-confirm-sign-up provided in cognito-idp CLI tool Apr 28, 2024 · JWT verification functionality is based on the work of awslabs/aws-support-tools, and we would like to thank the author for their work. The Access Token contains scopes, a feature of OIDC and OAuth 2. "Authenticating JWT tokens from AWS Cognito in a . getAccessToken(). An extension of the IdToken class that provides access to the registered claims found in IdToken and public Feb 5, 2020 · If you are trying to add custom attrs to access token then, injecting custom attrs to access token is not supported. Your users list should contain at least the user was just created. If the session cookie is set and valid then the ALB will route the request to the target group with X-AMZN-OIDC-* headers set. In your cognito user pool go to General Settings -> App Clients, then on each app client you have to show details then "Set attribute read and write permissions". Amazon Cognito user pools implements ID, access, and refresh tokens as defined by the OpenID Connect (OIDC) open standard. The user enters their MFA code. io. You can also submit refresh tokens to the Token endpoint in a user pool where you have configured a domain. 21. jwks-rsa はcognitoのサーバーからキーを取得して If the API has the AWS_LAMBDA and AWS_IAM authorization modes enabled, then the SigV4 signature cannot be used as the AWS_LAMBDA authorization token. Choose Manage User Pools, then choose the user pool you created in Step 1: Create an Amazon Cognito user pool. decodePayload is not a function". credentials = new AWS. Follow these steps for in-depth information about getting started with Cognito User Pools. For example, you can use the access token to grant your user access to add, change, or delete user attributes. js app. NET Web API app". ID tokens (with openid scope) will include this group. And this is exactly my question. I have a specific api end point in my application and I want only users with a valid jwt to be able to access this end point. Is there an option to tell cognito to add my custom claim/attribute to the JWT access token? (Without a pre token generation Lambda) Jun 8, 2022 · August 2, 2023: Amazon Verified Permissions now offers a direct integration with Amazon Cognito to add fine-grained authorization within your applications. Example. JWT origin. . This cognito-jwt package provides four convenience classes to access token claims: An extension of the AccessToken class that provides access to the registered claims found in AccessToken and public/private claims added by Cognito. I tried looking at various resources on the web but I couldn't understand anything. Mar 3, 2023 · Cognitoを使ってもカスタム認証フローの中で自力でJWTの検証が必要ですので、Cognitoを通した方が手間がかかります。 にもかかわらず、あえてCognitoを使う理由は、主に次の2点が上げられます。 理由その1 : AWSのリソース間の連携をしたい Mar 31, 2022 · The JWT (id) token provided by AWS cognito is not passing token validation on my gRPC service, I keep getting unauthenticated as the response. Also update the rest framework settings to use the Jul 23, 2021 · 95. io 또는 OpenID Foundation 에서 권장하는 라이브러리를 사용하여 토큰 서명을 검증하고 만료 및 사용자 Mar 3, 2018 · How to verify JWT from AWS Cognito in the API backend? 1. During this process, we will create all the necessary AWS resources using the AWS Management Console. Sign in to the Amazon Cognito console and select Identity pools. If you’re interested in learning more about JWTs, have a look at JWT. Latest version: 4. 6, compatible with PEP-492 (async/await coroutines syntax) Installation. Intro to AWS Cognito. Does this have something to do with the default JwtBearer options? gRPC service Program. For flask_awscognito integration you should set these properties: AWS_DEFAULT_REGION. If the JWT token or the request itself is invalid you throw an exception with the message "Unauthorized". Open the Amazon Cognito console. After the API is deployed, the client must first sign the user in to the user pool, obtain an identity or access token for the user, and then call the API method with one Hi everyone, Currently I'm looking a way to login to cognito through code (I'm using . Aug 2, 2020 · If you run this script without the token - or open the URL in your browser - you will get a 401 Unauthorized response instead. Start using aws-jwt-verify in your project by running `npm i aws-jwt-verify`. Jun 2, 2022 · Step 4: Configure message delivery, choose Send email with Cognito for Email provider and leave all other default options then click on Next. 0 access tokens and AWS credentials. AuthenticationScheme May 25, 2023 · Amazon Cognito user pool client hosted UI 2. state. Login Flow. 要验证 Amazon Cognito JWT 的签名，请首先搜索具有与令牌标头中的密钥 ID 匹配的密钥 ID 的公钥。. In the request body, include a grant_type value of refresh_token and a refresh_token value of your user's refresh token. To do this, navigate to the “Routes” section from the left-hand menu. If you want it in your JWT token make it readable. Installation. 0 authorization server issues JSON web tokens (JWTs) from the token endpoint to the following types of sessions: Users who have completed a request for an authorization code grant. HTTP Bearer Authentication Header. aws cognito-idp initiate-auth --region us-west-2 --auth-flow USER_PASSWORD_AUTH --client-id Mar 19, 2023 · The developed Web API would rely on JSON Web Tokens (JWTs) that are generated by AWS Cognito User Pool for authentication into the API Endpoints. I had the exact same issue and ended up creating a library for it. In the left sidebar, choose App client settings, then look for the app client you created in Step 4: Create an app client and use the newly created SAML IDP for Azure AD. To give further clarity, if you select the Implicit Grant Flow, you get only an ID Token and an Access Token back. The output of the AWS CloudFormation template is a URL for an Amazon Cognito hosted UI where clients can sign up and sign in to receive a JWT. May 4, 2018 · However, you still need to configure your ASP. :param cognito_idp_client: A Boto3 Amazon Cognito Identity Provider client. This can be changed in the sst. 4. Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version. 28. An Authentication backend for Django Rest Framework for AWS Cognito JWT tokens License. py file: (Optional) If you want to cache the Cognito public keys between requests you can enable the COGNITO_PUBLIC_KEYS_CACHING_ENABLED setting (it only works if you have the Django CACHES setup to anything other than the dummy backend). user1459144. It validates a JWT token (either an id or access token) and populates ctx. To ensure that no-one tampered with the payload, we have to verify that the signature still matches the payload using the public key. As expected! The API is only accessible with a valid, non-expired JWT from an authenticated user. You should create Cognito Authorizer (Available as a option when you create a custom authorizer) and link your User pool & Identity Pool, Then the client needs to send idToken (generated using User pool SDK) to access endpoint. Amazon Cognito User Pools and identity pools can be used in conjunction to provide access to your application. This post will help us automate getting the Cognito JWT id_token by using a pre-request script in postman. @nestjs-cognito/auth is a library for NestJS that provides authentication and authorization decorators and guards for applications using AWS Cognito. client('cognito-idp') These are the available methods: add_custom_attributes. I think making a temporary user with a random password for each test run is a fair approach. asked Feb 5, 2020 at 7:42. The header contains the key ID (“kid”), as well as the May 30, 2018 · ALB Authentication works by defining an authentication action in a listener rule. I use amazon-cognito-identity-js for handling user signin/signout and @nestjs/passport / @UseGuards (AuthGuard ('jwt')) for validating tokens and user access for the routes. The IdP prompts the user to enter an MFA code. Verify AWS id Token on Java. The Cognito JS SDK refreshes the token automatically. Note: if you are using amplify in your frontend you could get the id token as. Here's the AWS CLI command to authenticate and receive an auth token: aws cognito-idp initiate-auth --region YOU_REGION --auth-flow USER_PASSWORD_AUTH --client-id YOUR_CLIENT_ID --auth-parameters USERNAME=YOUR_EMAIL,PASSWORD=YOUR_PASSWORD. The resources include AWS Cognito User Pool, default users, User Pool Clients, etc. A successful authentication gives an ID Token (JWT), Access Token (JWT) and a Refresh Token. You need the refresh token, that helps you get new identity and access tokens. Now in your case, seems like you need to call the RefreshToken and add a check to see if the token is expired. However, when authenticating the user on my express backend using the @aws-sdk/client-cognito-identity-provider: Aug 17, 2019 · For my own project, I was also thinking a similar strategy to test Cognito-protected APIs. Now I would like this "userType" claim/attribute to be added to the JWT access token whenever the user signs in or the token gets refreshed. $ npx create-sst@latest --template=base/example api-auth-jwt-cognito-user-pool. 2. I have used it this week with the a HTTPOnly cookie and it has worked perfectly. A high level overview of how the application works is as follows. Verify the signature of the decoded JWT token. I came up with it because I couldn't find anything checking all the boxes for me: minimal dependencies; framework agnostic; JWKS (public keys) caching JS library for verifying JWTs signed by Amazon Cognito, and any OIDC-compatible IDP that signs JWTs with RS256, RS384, and RS512 - awslabs/aws-jwt-verify The purpose of the access token is to authorize API operations. The ID Token contains claims about the identity of the authenticated user such as name, email, and phone_number. Here's what I used for a new . AWS Cognito: update JWT ID token on user's attribute change. After webapp authentication, a session cookie is set. If you are using both tokens, the value is either id or access. @nestjs/passport はNestJSでパスポートモジュールを扱うためのものです。. You can use the revocation endpoint on either an Amazon Cognito hosted domain Jun 19, 2020 · To do that, head over to your AWS console: Open “Cognito”. If you want the client to be able to edit it (essentially allowing the user to edit their own property) set it to writeable. Search jobs The Koa middleware to authenticate and authorized users using AWS Cognito user pools . まず以下をインストールしてください。. Simple helpers are provided to make decisions on accessibility of API endpoints for a given user. Oct 28, 2016 · cognito-jwt-verifier is a tiny npm package to verify ID and access JWT tokens obtained from AWS Cognito in your node/Lambda backend with minimal dependencies. However, if you select the Authorization @nestjs-cognito/auth. 除了签名之外，验证以下 Feb 25, 2020 · Under policies of API Manager, select JWT Validation policy and use below value to validate the JWT Claim generated by AWS Cognito. Create a JWT authorizer using AWS CloudFormation. Oct 7, 2021 · 1. Now I need to get access to the current user attributes (email Create an SST app. This endpoint is available after you add a domain to your user pool. Jan 29, 2018 · In addition, Amazon Cognito supports OAuth 2. In order to avoid installing unnecessary dependencies I separated installation flow into two AWS Cognito JWT token validation. To use the Amazon Cognito user pools API to refresh tokens for a hosted UI user, generate an InitiateAuth request. It is very simple in case of ASP. Choose Create identity pool. importboto3client=boto3. // Basic settings - signing key to validate with, IssuerSigningKey and issuer. With that, you can: services. 6. Apr 7, 2022 · インストール. The expectation is that when a user authenticated in AWS Cognito and obtained a Token tries to access the API using the Token, the API must be able to validate the Token for its authenticity and let the user pass or deny access. getIdToken(). Apr 2, 2024 · The IdP validates the user's credentials and determines that the user has activated multi-factor authentication (MFA). The ALB’s authentication action will check if a session cookie exists on incoming requests, then check that it’s valid. In Configure identity pool trust, choose to set up your identity pool for Authenticated access, Guest access, or both. Adjust to fit your version of . It’s a user directory, an authentication server, and an authorization service for OAuth 2. This package uses the pycognito library for authentication, which is a Python library that provides a simple interface for working with AWS Cognito. We will have the API Gateway setup with JWT Authoriz Apr 16, 2018 · 2. :param client_id: The ID of a client application registered with the user pool. My web application requires an auth-code, and I would need the JWT token. Feb 26, 2022 · Within the Lambda function you must verify the JWT token. Jan 17, 2022 · Postman allows us to specify an OAuth2. 然后，您可以使用库（如 aws-jwt-verify 或 OpenID Foundation 或 OpenID Foundation 建议的库）来验证令牌的签名并提取值（如到期信息和用户名）。. revoke-token CLI command. Dec 28, 2021 · We are trying to integrate AWS ALB with Cognito user pool. 8. But a setup like in the Image below does not include this claim in my token. Oct 16, 2023 · Validate AWS Cognito JWT Token (Access token) 3 aws cognito get jwt token in single api call. Your user pool OAuth 2. With Amazon Cognito, you can authenticate and authorize users from the built-in user directory, from your enterprise directory, and from consumer Aug 29, 2019 · When a JWT is created–in our case by AWS–the issuer uses a secret key to create the signature. admin_add_user_to_group. $ npm install --save @nestjs/passport passport jwks-rsa passport-jwt $ npm install --save-dev @types/passport-jwt. . Step 5: Integrate your app, provide the User pool name : Demo-user-pool, App client name: Dockerdemo-app, leave other default options and click Next. This cognito was setup in a way that, it only allows login though Federated Identity (in our case it is SAML) and it doesn't have any hosted UI. bwobbones. AWS documentation still leaves much to be desired. cs. Issuer, ValidAudience = CognitoConstants. Amplify. Jan 24, 2017 · You can now easily get the user groups from the user session: session. API Gateway will translate this to a 401 "Unauthorized" response. Feb 14, 2018 · Stack Overflow Jobs powered by Indeed: A job site that puts thousands of tech jobs at your fingertips (U. After you create the resource server, choose the App Integration tab. You can revoke a refresh token using a RevokeToken API request, for example with the aws cognito-idp. I have created the Nest. With Amazon Cognito, you can quickly add user sign-up, sign-in, and access control to your web and mobile applications. The documentation here, clearly mentions that the refresh token can be used to refresh access token, but does not mention how. To install the library, use npm: Find the complete example and learn how to set up and run in the AWS Code Examples Repository . 2,568 4 24 33. Add Custom Claims to the JWT With a Lambda Function. Amplify Auth primarily makes use of Amazon Cognito to build authentication features. Jan 20, 2023 · For more details, see the Knowledge Center article associated with this video: https://repost. Aug 17, 2023 · 1. 658 JWT (JSON Web Token) automatic prolongation of To create a new identity pool in the console. Amazon Cognito is an identity platform for web and mobile apps. Jan 19, 2018 · Usage. 0 scopes in an access token, derived from the custom scopes that you add to Jan 19, 2015 · Amazon Cognito is an identity platform for web and mobile apps. The following AWS CloudFormation template creates an HTTP API with a JWT authorizer that uses Amazon Cognito as an identity provider. Feb 25, 2019 · Actually I retrieved an signed JWT for an unauthenticated user by the following code. After a user signs in successfully, Cognito generates an identity token for user […] The AWS documentation has an extensive section on setting up user pools and enabling a hosted web UI. AWS_COGNITO_DOMAIN. If expired, use the Refresh token to obtain the latest Access and ID token and cache API Gateway is not possible to use, ALB with Cognito doesn't allow on using JWT token that are generated with it, which is quite necessary in the current concept of microservices. Dec 4, 2023 · User pool app clients — JSON web tokens. May 25, 2016 · I am using Cognito user pool to authenticate users in my system. ). Amazon Cognito user pool app clients can have an optional secret for the app. Disclaimer: I'm the author of this. Hi, On the following AWS Samples GitHub repository you can find an example that validates the JWT using the Cognito public key from the well-known/jwks. Learn more. encoded = token # replace this with your encoded token. After webapp authentication, a session Apr 16, 2019 · Using the PyJWT library, you can decode a JWT token via: import jwt. From the App clients and analytics section, select your app client. This information can be verified and trusted because it is digitally signed. Your user pool accepts access tokens to authorize user self-service operations. Get the kid from the JWT token header and retrieve the corresponding JSON Web Key that was stored in step 1. Auth. As you can see the claim is missing. Jul 10, 2019 · My app creates a custom attribute "userType" for each new signed-up user. 0. Cognito user pools are simply user databases for your web and mobile applications in which you can implement OAuth flows for these users Jul 22, 2023 · JWT Auth in ASP. getJwtToken() To get started with an Amazon Web Services SDK, see Tools to Build on Amazon Web Services. An example serverless web application using Flask and AWS Cognito with JSON Web Tokens (JWT) to protect specific routes, powered by API Gateway and Lambda. Aug 13, 2018 · More specifically, this post explains how to integrate Amazon Cognito user pools with Active Directory Federation Services (AD FS) to obtain JWT tokens in your web app—that in turn can be used for downstream authentication. Jul 5, 2019 · How can I validate and get info from a JWT received from Amazon Cognito? I have setup Google authentication in Cognito, and set the redirect uri to to hit API Gateway, I then receive a code which Nov 19, 2021 · Open the Amazon Cognito console. You then need the JWK's n (modulus) and e (public exponent) to convert to a "pem" formatted RSA public key. Apr 5, 2017 · return new TokenValidationParameters. Getting the AWS Cognito public keys AWS Amplify is a complete solution that lets frontend web and mobile developers easily build, connect, and host fullstack applications on AWS, with the flexibility to leverage the breadth of AWS services as your use cases evolve. Successful redemption of a code returns ID, access, and refresh tokens. 3. JSON Web Token (JWT) is a JSON-based open standard for creating access tokens which assert a series of claims as a JSON object. If I am running this inside a webapp (eg a Django backend) where I use the AWS Cognito prepackaged login screens, then yes I can get this from the homepage URL after redirection from successful login. getIdToken (). In this post I went through the steps required to authenticate to an HTTP API with a JWT issued by AWS Cognito. 0. Now, we have a desktop application which does internally connect with Cognito, get access token JWT and manage it (refresh etc. With OAuth 2. Cannot get this to work, it says "session. To use an Amazon Cognito user pool with your API, you must first create an authorizer of the COGNITO_USER_POOLS type and then configure an API method to use that authorizer. Jul 7, 2021 · The problem I'm having is that my users have these custom attributes set to them that aren't present in the jwt access_token when authenticating a user: These are the custom attributes I need in the token. For Cognito user pool, select a user pool or create one. cs: Feb 5, 2020 · 3. Star Notifications Amazon Cognito JWT의 서명을 확인하려면 먼저 토큰 헤더의 키 ID와 일치하는 키 ID를 사용하여 공개 키를 검색합니다. If the API has the AWS_LAMBDA and OPENID_CONNECT authorization modes or the AMAZON_COGNITO_USER_POOLS authorization mode enabled, then the OIDC token cannot be used as the AWS_LAMBDA authorization token. the thing is, when send the request to cognito i'll get an auth-code, not the JWT Token. Mar 26, 2018 · I have a jwt token that I have retrieved from cognito after my user logs in. $ cd api-auth-jwt-cognito-user-pool. By default, our app will be deployed to the us-east-1 AWS region. :param user_pool_id: The ID of an existing Amazon Cognito user pool. key,CognitoConstants. rd lf oq zu zy nf ds um nr vk