AWS Amazon Cognito Resource Server
This page shows how to write Terraform and CloudFormation for Amazon Cognito Resource Server and write them securely.
aws_cognito_resource_server (Terraform)
The Resource Server in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_resource_server
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cognito_resource_server" "resource" {
identifier = "somresource"
name = "somresource"
user_pool_id = aws_cognito_user_pool.main.id
scope {
resource "aws_cognito_resource_server" "main" {
name = var.fqdn
identifier = var.fqdn
user_pool_id = aws_cognito_user_pool.main.id
}
resource "aws_cognito_resource_server" "resource" {
identifier = "orders-app"
name = "orders-app"
scope {
scope_name = "read_orders"
resource "aws_cognito_resource_server" "resource" {
identifier = var.identifier
name = var.name
user_pool_id = var.user_pool_id
scope {
Parameters
-
id
optional computed - string -
identifier
required - string -
name
required - string -
scope_identifiers
optional computed - list of string -
user_pool_id
required - string -
scope
set block-
scope_description
required - string -
scope_name
required - string
-
Explanation in Terraform Registry
Provides a Cognito Resource Server.
AWS::Cognito::UserPoolResourceServer (CloudFormation)
The UserPoolResourceServer in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::UserPoolResourceServer
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Cognito::UserPoolResourceServer
Properties:
Identifier: !Ref ApiGatewayRestApi
Name: resource-server
UserPoolId: !Ref UserPool
Scopes:
Type: AWS::Cognito::UserPoolResourceServer
Properties:
Identifier: users
Name: "Users Server"
Scopes:
- ScopeName: read
Type: AWS::Cognito::UserPoolResourceServer
Properties:
Identifier: InventoryAPI
Name: InventoryAPI
Scopes:
- ScopeDescription: readonly access to Inventory API
Type: AWS::Cognito::UserPoolResourceServer
Properties:
UserPoolId:
Ref: UserPoolResource
Identifier: ${self:custom.userPoolName}-deliveries
Name: ${self:custom.userPoolName}-deliveries
Type: AWS::Cognito::UserPoolResourceServer
Properties:
Identifier: users
Name: User API
UserPoolId:
Ref: ServiceUserPool
"Type": "AWS::Cognito::UserPoolResourceServer",
"Properties": {
"UserPoolId": {
"Ref": "UserPoolResource"
},
"Identifier": {
"Type": "AWS::Cognito::UserPoolResourceServer",
"Properties": {
"Identifier": "users",
"Name": "users",
"UserPoolId": {
"Ref": "myuserpool01998219"
"Type": "AWS::Cognito::UserPoolResourceServer",
"Properties": {
"Identifier": "users",
"Name": "users",
"UserPoolId": {
"Ref": "myuserpool01998219"
"Type": "AWS::Cognito::UserPoolResourceServer",
"Properties": {
"Identifier": "users",
"Name": "users",
"UserPoolId": {
"Ref": "myuserpool01998219"
"AWS::Cognito::UserPoolResourceServer.ResourceServerScopeType": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html",
"Properties": {
"ScopeName": {
"Required": true,
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopename",
Parameters
-
UserPoolId
required - String -
Identifier
required - String -
Scopes
optional - List of ResourceServerScopeType -
Name
required - String
Explanation in CloudFormation Registry
The
AWS::Cognito::UserPoolResourceServer
resource creates a new OAuth2.0 resource server and defines custom scopes in it.
Frequently asked questions
What is AWS Amazon Cognito Resource Server?
AWS Amazon Cognito Resource Server is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Cognito Resource Server?
For Terraform, the kronostechnologies/aws-mocks, JamesWoolfenden/terraform-aws-cognito and leomenezessz/pizza-orders source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the broswen/cognito-auth, c-rodwell/lambda and sandeeppnaik/AppAuthenticationInfrastructure-Cognito-ApiGateway source code examples are useful. See the CloudFormation Example section for further details.