125 actions in the cognito-idp service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.
Grants permission to add user attributes to the user pool schema
Grants permission to add a new secret to a confidential client
Grants permission to add any user to any group
Grants permission to confirm any user's registration without a confirmation code
Grants permission to create new users and send welcome messages via email or SMS
Grants permission to delete any user
Grants permission to delete attributes from any user
Grants permission to unlink any user pool user from a third-party identity provider (IdP) user
Grants permission to deactivate any user
Grants permission to activate any user
Grants permission to deregister any user's devices
Grants permission to get information about any user's devices
Grants permission to look up any user by user name
Grants permission to authenticate any user
Grants permission to link any user pool user to a third-party IdP user
Grants permission to list any user's remembered devices
Grants permission to list the groups that any user belongs to
Grants permission to lists sign-in events for any user
Grants permission to remove any user from any group
Grants permission to reset any user's password
Grants permission to respond to an authentication challenge during the authentication of any user
Grants permission to set any user's preferred MFA method
Grants permission to set any user's password
Grants permission to set user settings for any user
Grants permission to update advanced security feedback for any user's authentication event
Grants permission to update the status of any user's remembered devices
Grants permission to updates any user's standard or custom attributes
Grants permission to sign out any user from all sessions
Grants permission to return a unique generated shared secret key code for the user
Grants permission to associate the user pool with an AWS WAF web ACL
Grants permission to change the password for a specified user in a user pool
Grants permission to confirm tracking of the device. This API call is the call that begins device tracking
Grants permission to allow a user to enter a confirmation code to reset a forgotten password
Grants permission to confirm registration of a user and handles the existing alias from a previous user
Grants permission to create new user pool groups
Grants permission to add identity providers to user pools
Grants permission to create a branding settings for managed login and associate it with an app client
Grants permission to create and configure scopes for OAuth 2.0 resource servers
Grants permission to create terms and associate it with an app client
Grants permission to create user CSV import jobs
Grants permission to create and set password policy for user pools
Grants permission to create user pool app clients
Grants permission to add user pool domains
Grants permission to create a replica of a user pool
Grants permission to delete any empty user pool group
Grants permission to delete any identity provider from user pools
Grants permission to delete the managed login branding style for any app client
Grants permission to delete any OAuth 2.0 resource server from user pools
Grants permission to delete terms for an app client
Grants permission to allow a user to delete one's self
Grants permission to delete the attributes for a user
Grants permission to delete user pools
Grants permission to delete any user pool app client
Grants permission to delete a secret from a list of secrets associated with a client
Grants permission to delete any user pool domain
Grants permission to delete a replica of a user pool
Grants permission to describe any user pool identity provider
Grants permission to get the detailed information about the branding style of managed login
Grants permission to get the detailed information about the branding style of managed login associated with an appclient
Grants permission to describe any OAuth 2.0 resource server
Grants permission to describe the risk configuration settings of user pools and app clients
Grants permission to get the detailed information about terms for an app client
Grants permission to describe any user import job
Grants permission to describe user pools
Grants permission to describe any user pool app client
Grants permission to describe any user pool domain
Grants permission to disassociate the user pool with an AWS WAF web ACL
Grants permission to forget the specified device
Grants permission to send a message to the end user with a confirmation code that is required to change the user's password
Grants permission to generate headers for a user import .csv file
Grants permission to get the device
Grants permission to describe a user pool group
Grants permission to correlate a user pool IdP identifier to the IdP Name
Grants permission to get the detailed activity logging configuration for a user pool
Grants permission to look up signing certificates for user pools
Grants permission to update user tokens with refresh tokens
Grants permission to get UI customization information for the hosted UI of any app client
Grants permission to get the user attributes and metadata for a user
Grants permission to get the user attribute verification code for the specified attribute name
Grants permission to look up the MFA configuration of user pools
Grants permission to get the AWS WAF web ACL that is associated with an Amazon Cognito user pool
Grants permission to sign out users from all devices
Grants permission to initiate the authentication flow
Grants permission to list the devices
Grants permission to list all groups in user pools
Grants permission to list all identity providers in user pools
Grants permission to list all resource servers in user pools
Grants permission to list the user pools that are associated with an AWS WAF web ACL
Grants permission to list the tags that are assigned to an Amazon Cognito user pool
Grants permission to list all terms for a user pool
Grants permission to list all user import jobs
Grants permission to list all app clients in user pools
Grants permission to list all secrets associated with a client
Grants permission to list replicas of a user pool
Grants permission to list all user pools
Grants permission to list all user pool users
Grants permission to list the users in any group
Grants permission to resend the confirmation (for confirmation of registration) to a specific user in the user pool
Grants permission to respond to the authentication challenge
Grants permission to revoke all of the access tokens generated by the specified refresh token
Grants permission to set up or modify the detailed activity logging configuration of a user pool
Grants permission to set risk configuration for user pools and app clients
Grants permission to customize the hosted UI for any app client
Grants permission to set MFA preference for the user in the userpool
Grants permission to set user pool MFA configuration
Grants permission to set the user settings like multi-factor authentication (MFA)
Grants permission to register the user in the specified user pool and creates a user name, password, and user attributes
Grants permission to start any user import job
Grants permission to stop any user import job
Grants permission to tag a user pool
Grants permission to untag a user pool
Grants permission to update the feedback for the user authentication event
Grants permission to update the device status
Grants permission to update the configuration of any group
Grants permission to update the configuration of any user pool IdP
Grants permission to update the branding settings of a managed login
Grants permission to update the configuration of any OAuth 2.0 resource server
Grants permission to update terms for an app client
Grants permission to allow a user to update a specific attribute (one at a time)
Grants permission to updates the configuration of user pools
Grants permission to update any user pool client
Grants permission to replace the certificate for any custom domain
Grants permission to update a replica of a user pool
Grants permission to register a user's entered TOTP code and mark the user's software token MFA status as verified if successful
Grants permission to verify a user attribute using a one time verification code