steampipe plugin install awssteampipe plugin install aws

Table: aws_cognito_user_pool - Query AWS Cognito User Pools using SQL

The AWS Cognito User Pool is a user directory in Amazon Cognito. With a user pool, you can manage user directories, and let users sign in through Amazon Cognito or federate them through a social identity provider. This service also provides features for security, compliance, and user engagement.

Table Usage Guide

The aws_cognito_user_pool table in Steampipe provides you with information about User Pools within AWS Cognito. This table allows you, as a DevOps engineer, to query user pool-specific details, including the pool's configuration, status, and associated metadata. You can utilize this table to gather insights on user pools, such as the pool's creation and last modified dates, password policies, MFA and SMS configuration, and more. The schema outlines the various attributes of the user pool for you, including the pool ID, ARN, name, status, and associated tags.

Examples

Basic info

Explore which user pools are set up in your AWS Cognito service, allowing you to understand the distribution across different regions and accounts. This can be useful for managing access and assessing the overall configuration of your user authentication system.

select
  id,
  name,
  arn,
  tags,
  region,
  account_id
from
  aws_cognito_user_pool;

select
  id,
  name,
  arn,
  tags,
  region,
  account_id
from
  aws_cognito_user_pool;

List user pools with MFA enabled

Determine the areas in which multi-factor authentication is enabled for user pools, aiding in the assessment of security measures within your AWS Cognito service.

select
  name,
  arn,
  mfa_configuration
from
  aws_cognito_user_pool
where
  mfa_configuration != 'OFF';

select
  name,
  arn,
  mfa_configuration
from
  aws_cognito_user_pool
where
  mfa_configuration != 'OFF';

Schema for aws_cognito_user_pool

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
account_recovery_setting	jsonb		The available verified method a user can use to recover their password when they call ForgotPassword.
admin_create_user_config	jsonb		The configuration for AdminCreateUser requests.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
alias_attributes	text		The attributes that are aliased in a user pool.
arn	text		The Amazon Resource Name (ARN) for the user pool.
auto_verified_attributes	text		The attributes that are auto-verified in a user pool.
creation_date	timestamp with time zone		The date the user pool was created.
custom_domain	text		A custom domain name that you provide to Amazon Cognito.
deletion_protection	text		When active, DeletionProtection prevents accidental deletion of your user pool.
device_configuration	jsonb		The device-remembering configuration for a user pool.
domain	text		The domain prefix, if the user pool has a domain associated with it.
email_configuration	jsonb		The email configuration of your user pool.
estimated_number_of_users	bigint		A number estimating the size of the user pool.
id	text	=	The ID of the user pool.
lambda_config	jsonb		The Lambda triggers associated with the user pool.
last_modified_date	timestamp with time zone		The date the user pool was last modified.
mfa_configuration	text		Multi-Factor Authentication (MFA) configuration for the User Pool.
name	text		The name of the Cognito User Pool.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
policies	jsonb		The policies associated with the user pool.
region	text		The AWS Region in which the resource is located.
schema_attributes	jsonb		A container with the schema attributes of a user pool.
sms_authentication_message	text		The contents of the SMS authentication message.
sms_configuration	jsonb		The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service.
sms_configuration_failure	text		The reason why the SMS configuration can't send the messages to your users.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
status	text		The status of a user pool.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
user_attribute_update_settings	jsonb		The settings for updates to user attributes.
user_pool_add_ons	jsonb		The user pool add-ons.
username_attributes	jsonb		Specifies whether a user can use an email address or phone number as a username when they sign up.
username_configuration	jsonb		Case sensitivity of the username input for the selected sign-in option.
verification_message_template	jsonb		The template for verification messages.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cognito_user_pool