v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_cognito_user_pool - Query AWS Cognito User Pools using SQL

The AWS Cognito User Pool is a user directory in Amazon Cognito. With a user pool, you can manage user directories, and let users sign in through Amazon Cognito or federate them through a social identity provider. This service also provides features for security, compliance, and user engagement.

Table Usage Guide

The aws_cognito_user_pool table in Steampipe provides you with information about User Pools within AWS Cognito. This table allows you, as a DevOps engineer, to query user pool-specific details, including the pool's configuration, status, and associated metadata. You can utilize this table to gather insights on user pools, such as the pool's creation and last modified dates, password policies, MFA and SMS configuration, and more. The schema outlines the various attributes of the user pool for you, including the pool ID, ARN, name, status, and associated tags.

Examples

Basic info

Explore which user pools are set up in your AWS Cognito service, allowing you to understand the distribution across different regions and accounts. This can be useful for managing access and assessing the overall configuration of your user authentication system.

select
  id,
  name,
  arn,
  tags,
  region,
  account_id
from
  aws_cognito_user_pool;
select
  id,
  name,
  arn,
  tags,
  region,
  account_id
from
  aws_cognito_user_pool;

List user pools with MFA enabled

Determine the areas in which multi-factor authentication is enabled for user pools, aiding in the assessment of security measures within your AWS Cognito service.

select
  name,
  arn,
  mfa_configuration
from
  aws_cognito_user_pool
where
  mfa_configuration != 'OFF';
select
  name,
  arn,
  mfa_configuration
from
  aws_cognito_user_pool
where
  mfa_configuration != 'OFF';

Schema for aws_cognito_user_pool

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
account_recovery_settingjsonbThe available verified method a user can use to recover their password when they call ForgotPassword.
admin_create_user_configjsonbThe configuration for AdminCreateUser requests.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
alias_attributestextThe attributes that are aliased in a user pool.
arntextThe Amazon Resource Name (ARN) for the user pool.
auto_verified_attributestextThe attributes that are auto-verified in a user pool.
creation_datetimestamp with time zoneThe date the user pool was created.
custom_domaintextA custom domain name that you provide to Amazon Cognito.
deletion_protectiontextWhen active, DeletionProtection prevents accidental deletion of your user pool.
device_configurationjsonbThe device-remembering configuration for a user pool.
domaintextThe domain prefix, if the user pool has a domain associated with it.
email_configurationjsonbThe email configuration of your user pool.
estimated_number_of_usersbigintA number estimating the size of the user pool.
idtext=The ID of the user pool.
lambda_configjsonbThe Lambda triggers associated with the user pool.
last_modified_datetimestamp with time zoneThe date the user pool was last modified.
mfa_configurationtextMulti-Factor Authentication (MFA) configuration for the User Pool.
nametextThe name of the Cognito User Pool.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
policiesjsonbThe policies associated with the user pool.
regiontextThe AWS Region in which the resource is located.
schema_attributesjsonbA container with the schema attributes of a user pool.
sms_authentication_messagetextThe contents of the SMS authentication message.
sms_configurationjsonbThe SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service.
sms_configuration_failuretextThe reason why the SMS configuration can't send the messages to your users.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of a user pool.
tagsjsonbA map of tags for the resource.
titletextTitle of the resource.
user_attribute_update_settingsjsonbThe settings for updates to user attributes.
user_pool_add_onsjsonbThe user pool add-ons.
username_attributesjsonbSpecifies whether a user can use an email address or phone number as a username when they sign up.
username_configurationjsonbCase sensitivity of the username input for the selected sign-in option.
verification_message_templatejsonbThe template for verification messages.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cognito_user_pool