AWS Amazon Cognito Identity Pool

This page shows how to write Terraform and CloudFormation for Amazon Cognito Identity Pool and write them securely.

aws_cognito_identity_pool (Terraform)

The Identity Pool in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_identity_pool. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L13
resource "aws_cognito_identity_pool" "identity_pool" {
  identity_pool_name               = "identity pool"
  allow_unauthenticated_identities = false

  cognito_identity_providers {
    client_id               = aws_cognito_user_pool_client.client.id

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides an AWS Cognito Identity Pool.

AWS::Cognito::IdentityPool (CloudFormation)

The IdentityPool in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::IdentityPool. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

IdentityPool.yml#L4
    Type: "AWS::Cognito::IdentityPool"
    Properties:
      IdentityPoolName: ${self:service}-${self:custom.stage}
      AllowUnauthenticatedIdentities: false
      CognitoIdentityProviders:
        - ClientId: !Ref UserPoolClient
IdenityPool.yml#L3
  Type: AWS::Cognito::IdentityPool
  Properties:
    IdentityPoolName: ${self:provider.environment.COGNITO_IDENTITY_POOL_NAME}
    AllowUnauthenticatedIdentities: false
    CognitoIdentityProviders:
      - ClientId:
cognito-identity-pool.yml#L3
        Type: AWS::Cognito::IdentityPool
        Properties:
            AllowUnauthenticatedIdentities: false
            IdentityPoolName: ${self:provider.stackTags.name}-v1-identity-pool
Outputs:
    IdentityPoolId:
CognitoIdentityPool.yml#L1
Type: AWS::Cognito::IdentityPool
Properties:
  IdentityPoolName: ${self:provider.stage}-${self:provider.stage}
  AllowUnauthenticatedIdentities: true
  CognitoIdentityProviders:
    - ClientId:
identity-pool.yml#L1
Type: AWS::Cognito::IdentityPool
Properties:
  IdentityPoolName: ${self:service}${self:custom.currentStage}IdentityPool
  AllowUnauthenticatedIdentities: false
  CognitoIdentityProviders:
    - ClientId: { Ref: UserPoolClient }
cognito-tmp.json#L4
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "IdentityPoolName": "UserPool",
        "AllowUnauthenticatedIdentities": true
      }
    },
cognito-tmp.json#L4
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "IdentityPoolName": "UserPool",
        "AllowUnauthenticatedIdentities": true
      }
    },
template.json#L23
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "IdentityPoolName": {
          "Fn::Join": [
            "__",
            [
template.json#L23
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "IdentityPoolName": {
          "Fn::Join": [
            "__",
            [
identityPool.json#L2
    "Type": "AWS::Cognito::IdentityPool",
    "Properties": {
        "AllowUnauthenticatedIdentities": true,
        "CognitoIdentityProviders": [
            {
                "ClientId": {

Parameters

Explanation in CloudFormation Registry

The AWS::Cognito::IdentityPool resource creates an Amazon Cognito identity pool.

To avoid deleting the resource accidentally from AWS CloudFormation, use DeletionPolicy Attribute and the UpdateReplacePolicy Attribute to retain the resource on deletion or replacement.

Frequently asked questions

What is AWS Amazon Cognito Identity Pool?

AWS Amazon Cognito Identity Pool is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon Cognito Identity Pool?

For Terraform, the andrzejsydor/aws source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the Ankcorn/serverless-fullstack-example-app, NicKAnderson038/CognitoAuth and syngenta-digital/docs-examples-security-by-design source code examples are useful. See the CloudFormation Example section for further details.