/

POST

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can't use it to change the domain for a user pool.

A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.

Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.

However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.

When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.

After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.

Request Example

Shell

JavaScript

Java

Swift

curl --location --request POST '/' \
--header 'X-Amz-Target;' \
--header 'Content-Type: application/json' \
--data-raw '{
    "Domain": "string",
    "UserPoolId": "string",
    "CustomDomainConfig": {
        "CertificateArn": "string"
    }
}'

Response Example

200 - Example 1

{
    "CloudFrontDomain": "string"
}

Request

Header Params

X-Amz-Target

string

required

Body Params application/json

The UpdateUserPoolDomain request input.

Domain

string

required

The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be auth.example.com.

This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.

>= 1 characters<= 63 characters

Match pattern:

^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

UserPoolId

string

required

The ID of the user pool that is associated with the custom domain whose certificate you're updating.

>= 1 characters<= 55 characters

Match pattern:

[\w-]+_[0-9a-zA-Z]+

CustomDomainConfig

object

required

The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.

CertificateArn

string

required

The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.

>= 20 characters<= 2048 characters

Match pattern:

arn:[\w+=/,.@-]+:[\w+=/,.@-]+:([\w+=/,.@-]*)?:[0-9]+:[\w+=/,.@-]+(:[\w+=/,.@-]+)?(:[\w+=/,.@-]+)?

Examples

Responses

🟢200Success

application/json

Body

The UpdateUserPoolDomain response output.

CloudFrontDomain

string

optional

The Amazon CloudFront endpoint that Amazon Cognito set up when you added the custom domain to your user pool.

>= 1 characters<= 63 characters

Match pattern:

^[a-z0-9](?:[a-z0-9\-]{0,61}[a-z0-9])?$

🟠480InvalidParameterException

🟠481NotAuthorizedException

🟠482ResourceNotFoundException

🟠483TooManyRequestsException

🟠484InternalErrorException

Modified at 2023-08-15 07:11:07