AWS Management Console

AWS Management Console: User Pool Attributes

  • March 25, 2020
  • by Megha Dhawan
  • Web Development

Attributes are pieces of information that help you identify individual users. Two types of attributes:-  Standard and Custom 

## Standard(Default) Attributes: To make an attribute required, select the checkbox next to the attribute. Some standard attributes are:-  address, birthdate, email, family_name, gender, name, phone_number, preferred_username, updated_at.

NOTE: An attribute USERNAME is always required to register a user, and it cannot be changed after a user is created. The username must be unique within a user pool. A username can be reused, but only after it has been deleted and is no longer in use.

## Custom Attributes: You can add up to 25 custom attributes to your user pool. You can specify a minimum and/or maximum length for custom attributes. However, the maximum length for any custom attribute can be no more than 2048 characters. 

Each custom attribute:

  • It can be defined as a string or a number.
  • It cannot be required.
  • It cannot be removed or changed once added to the user pool.
  • It can have a name with a character length that is within the limit that is accepted by Amazon Cognito. 

Note: Each custom attributes require the custom: prefix to distinguish them from standard attributes.

## Add a custom attribute using the console:

  • Go to Attributes from the navigation.
  • Choose to add another attribute under Do you want to add custom attributes?.
  • Choose the properties for each custom attribute, such as the dataType (string or number), the NameMin length, and Max length.
  • If you want to allow the user to change the value of a custom attribute after the value has been provided by the user, select Mutable.
  • Always remember to set the permissions for the attributes. Permissions settings are discussed below.

## Attribute Permissions and Scopes: You can set per-app read and write permissions for each user attribute. This gives you the ability to control which applications can see and/or modify each of the attributes that are stored for your users. By default, any new custom attributes will not be available until you set to read and write permissions for them.

## How to set the read/write permissions for the custom attributes we use to save any more detail for the Cognito users
AWS Console -> Choose the User pool -> General Settings -> App Clients -> Show Details -> Set the attribute read and write permissions for each attribute -> Save app client changes. 
Repeat these steps for each app client using the custom attribute.

NotAuthorizedException exception:  If an app tries to update any attribute that is not writable.

GetUser Call: An app calling GetUser only receives the attributes that app.