I already have my cognito user pool cloudformation template working, and have it integrated to my api gateway. But somehow i still have to manually configure the app client settings, domain, and federated identities to have a working login portal for the users. I have been looking here and there for possible solutions in automating these, but i cannot seem to find anything close to it.
I would like to automate the configuration of the app client settings, domain, and federated identities via cloudformation sam template so i do not have to do these manually.
Any suggestions are much appreciated. Thank you.
(attachments posted for additional info)
I have created two CloudFormation custom resources to apply Cognito app client settings and domain name. With these resources, you can have a script like this:
UserPoolTestClient: Type: 'AWS::Cognito::UserPoolClient' Properties: ClientName: UserPoolTestClient GenerateSecret: true UserPoolId: !Ref UserPoolTest UserPoolTestClientSettings: Type: 'Custom::CognitoUserPoolClientSettings' Properties: ServiceToken: !GetAtt CloudFormationCognitoUserPoolClientSettings.Arn UserPoolId: !Ref UserPoolTest UserPoolClientId: !Ref UserPoolTestClient SupportedIdentityProviders: - COGNITO CallbackURL: 'https://www.amazon.com' LogoutURL: 'https://www.google.com' AllowedOAuthFlowsUserPoolClient: true AllowedOAuthFlows: - code AllowedOAuthScopes: - openid UserPoolTestDomain: Type: 'Custom::CognitoUserPoolDomain' Properties: ServiceToken: !GetAtt CloudFormationCognitoUserPoolDomain.Arn UserPoolId: !Ref UserPoolTest Domain: 'userpool-test-01'
The complete code is here.
Update: Since end of 2019, AWS Cloudformation natively supports App Client Settings, Domain and Federated Identities. See other answers.
Looks like there is no way to provide App integration -> Domain name and Federation -> Identity providers via CloudFormation.
I found only reference for User Pool Client (General settings -> App clients) but it will not configure App integration -> App client settings.
If you need to automate process of providing Domain name, Identity providers and App client settings for user pool, you can do that by creating custom script (AWS CLI) or Lambda (AWS SDK) which should be performed after stack deployment.
CloudFormation has added the resource AWS::Cognito::UserPoolDomain to manage the User Pool Domain:
Type: AWS::Cognito::UserPoolDomain Properties: CustomDomainConfig: CertificateArn: !Ref CertificateArn Domain: "your.custom.domain.com" UserPoolId: !Ref UserPool
In addition, there has been added configuration to the AWS::Cognito::UserPoolClient:
Type: AWS::Cognito::UserPoolClient Properties: AllowedOAuthFlows: - String AllowedOAuthFlowsUserPoolClient: Boolean AllowedOAuthScopes: - String AnalyticsConfiguration: AnalyticsConfiguration CallbackURLs: - String ClientName: String DefaultRedirectURI: String ExplicitAuthFlows: - String GenerateSecret: Boolean LogoutURLs: - String ReadAttributes: - String RefreshTokenValidity: Integer SupportedIdentityProviders: - String UserPoolId: String WriteAttributes: - String