Cloudformation Cognito - how to setup App Client Settings, Domain, and Federated Identities via SAM template

Jeff picture Jeff · Mar 28, 2018 · Viewed 13.6k times · Source

I already have my cognito user pool cloudformation template working, and have it integrated to my api gateway. But somehow i still have to manually configure the app client settings, domain, and federated identities to have a working login portal for the users. I have been looking here and there for possible solutions in automating these, but i cannot seem to find anything close to it.

I would like to automate the configuration of the app client settings, domain, and federated identities via cloudformation sam template so i do not have to do these manually.

Any suggestions are much appreciated. Thank you.

(attachments posted for additional info)

Answer

Rosberg Linhares picture Rosberg Linhares · Jun 22, 2018

I have created two CloudFormation custom resources to apply Cognito app client settings and domain name. With these resources, you can have a script like this:

UserPoolTestClient:
  Type: 'AWS::Cognito::UserPoolClient'
  Properties:
    ClientName: UserPoolTestClient
    GenerateSecret: true
    UserPoolId: !Ref UserPoolTest
UserPoolTestClientSettings:
  Type: 'Custom::CognitoUserPoolClientSettings'
  Properties:
    ServiceToken: !GetAtt CloudFormationCognitoUserPoolClientSettings.Arn
    UserPoolId: !Ref UserPoolTest
    UserPoolClientId: !Ref UserPoolTestClient
    SupportedIdentityProviders:
      - COGNITO
    CallbackURL: 'https://www.amazon.com'
    LogoutURL: 'https://www.google.com'
    AllowedOAuthFlowsUserPoolClient: true
    AllowedOAuthFlows:
      - code
    AllowedOAuthScopes:
      - openid
UserPoolTestDomain:
  Type: 'Custom::CognitoUserPoolDomain'
  Properties:
    ServiceToken: !GetAtt CloudFormationCognitoUserPoolDomain.Arn
    UserPoolId: !Ref UserPoolTest
    Domain: 'userpool-test-01'

The complete code is here.