I already have my cognito user pool cloudformation template working, and have it integrated to my api gateway. But somehow i still have to manually configure the app client settings, domain, and federated identities to have a working login portal for the users. I have been looking here and there for possible solutions in automating these, but i cannot seem to find anything close to it.
I would like to automate the configuration of the app client settings, domain, and federated identities via cloudformation sam template so i do not have to do these manually.
Any suggestions are much appreciated. Thank you.
(attachments posted for additional info)
Santiago Trujillo
I have created two CloudFormation custom resources to apply Cognito app client settings and domain name. With these resources, you can have a script like this:
UserPoolTestClient:
Type: 'AWS::Cognito::UserPoolClient'
Properties:
ClientName: UserPoolTestClient
GenerateSecret: true
UserPoolId: !Ref UserPoolTest
UserPoolTestClientSettings:
Type: 'Custom::CognitoUserPoolClientSettings'
Properties:
ServiceToken: !GetAtt CloudFormationCognitoUserPoolClientSettings.Arn
UserPoolId: !Ref UserPoolTest
UserPoolClientId: !Ref UserPoolTestClient
SupportedIdentityProviders:
- COGNITO
CallbackURL: 'https://www.amazon.com'
LogoutURL: 'https://www.google.com'
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthFlows:
- code
AllowedOAuthScopes:
- openid
UserPoolTestDomain:
Type: 'Custom::CognitoUserPoolDomain'
Properties:
ServiceToken: !GetAtt CloudFormationCognitoUserPoolDomain.Arn
UserPoolId: !Ref UserPoolTest
Domain: 'userpool-test-01'
The complete code is here.
Update: Since end of 2019, AWS Cloudformation natively supports App Client Settings, Domain and Federated Identities. See other answers.
Looks like there is no way to provide App integration -> Domain name and Federation -> Identity providers via CloudFormation.
I found only reference for User Pool Client (General settings -> App clients) but it will not configure App integration -> App client settings.
If you need to automate process of providing Domain name, Identity providers and App client settings for user pool, you can do that by creating custom script (AWS CLI) or Lambda (AWS SDK) which should be performed after stack deployment.
Check out excellent example (answer below) that shows usage of CloudFormation Custom Resources with Lambda.
CloudFormation has added the resource AWS::Cognito::UserPoolDomain to manage the User Pool Domain:
Type: AWS::Cognito::UserPoolDomain
Properties:
CustomDomainConfig:
CertificateArn: !Ref CertificateArn
Domain: "your.custom.domain.com"
UserPoolId: !Ref UserPool
In addition, there has been added configuration to the AWS::Cognito::UserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
AllowedOAuthFlows:
- String
AllowedOAuthFlowsUserPoolClient: Boolean
AllowedOAuthScopes:
- String
AnalyticsConfiguration:
AnalyticsConfiguration
CallbackURLs:
- String
ClientName: String
DefaultRedirectURI: String
ExplicitAuthFlows:
- String
GenerateSecret: Boolean
LogoutURLs:
- String
ReadAttributes:
- String
RefreshTokenValidity: Integer
SupportedIdentityProviders:
- String
UserPoolId: String
WriteAttributes:
- String