Top / Amazon Web Service / AWS Amazon Cognito / Resource Server

AWS Amazon Cognito Resource Server

This page shows how to write Terraform and CloudFormation for Amazon Cognito Resource Server and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_cognito_resource_server (Terraform)

The Resource Server in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_resource_server. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

resource_server.tf#L1
resource "aws_cognito_resource_server" "resource" {
    identifier = "somresource"
    name = "somresource"
    user_pool_id = aws_cognito_user_pool.main.id

    scope {
aws_cognito_resource_server.main.tf#L1
resource "aws_cognito_resource_server" "main" {
  name         = var.fqdn
  identifier   = var.fqdn
  user_pool_id = aws_cognito_user_pool.main.id
}
cognito.tf#L5
resource "aws_cognito_resource_server" "resource" {
  identifier = "orders-app"
  name       = "orders-app"

  scope {
    scope_name        = "read_orders"
main.tf#L1
resource "aws_cognito_resource_server" "resource" {
  identifier   = var.identifier
  name         = var.name
  user_pool_id = var.user_pool_id

  scope {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a Cognito Resource Server.

>> from Terraform Registry

AWS::Cognito::UserPoolResourceServer (CloudFormation)

The UserPoolResourceServer in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::UserPoolResourceServer. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

cognito-resources.yml#L32
    Type: AWS::Cognito::UserPoolResourceServer
    Properties:
      Identifier: !Ref ApiGatewayRestApi
      Name: resource-server
      UserPoolId: !Ref UserPool
      Scopes:
serverless.yml#L257
      Type: AWS::Cognito::UserPoolResourceServer
      Properties:
        Identifier: users
        Name: "Users Server"
        Scopes:
            - ScopeName: read
AWS-Cognito.yml#L21
    Type: AWS::Cognito::UserPoolResourceServer
    Properties:
      Identifier: InventoryAPI
      Name: InventoryAPI
      Scopes:
        - ScopeDescription: readonly access to Inventory API
serverless.yml#L146
      Type: AWS::Cognito::UserPoolResourceServer
      Properties:
        UserPoolId:
          Ref: UserPoolResource
        Identifier: ${self:custom.userPoolName}-deliveries
        Name: ${self:custom.userPoolName}-deliveries
serverless.yml#L119
      Type: AWS::Cognito::UserPoolResourceServer
      Properties:
        Identifier: users
        Name: User API
        UserPoolId:
          Ref: ServiceUserPool
cognito-userpool-oauth2-client-credentials-stack.json#L97
            "Type": "AWS::Cognito::UserPoolResourceServer",
            "Properties": {
                "UserPoolId": {
                    "Ref": "UserPoolResource"
                },
                "Identifier": {
integ.user-pool-resource-server.expected.json#L36
      "Type": "AWS::Cognito::UserPoolResourceServer",
      "Properties": {
        "Identifier": "users",
        "Name": "users",
        "UserPoolId": {
          "Ref": "myuserpool01998219"
integ.user-pool-resource-server.expected.json#L36
      "Type": "AWS::Cognito::UserPoolResourceServer",
      "Properties": {
        "Identifier": "users",
        "Name": "users",
        "UserPoolId": {
          "Ref": "myuserpool01998219"
integ.user-pool-resource-server.expected.json#L36
      "Type": "AWS::Cognito::UserPoolResourceServer",
      "Properties": {
        "Identifier": "users",
        "Name": "users",
        "UserPoolId": {
          "Ref": "myuserpool01998219"
CognitoUserPoolResourceServerSpecification.json#L3
    "AWS::Cognito::UserPoolResourceServer.ResourceServerScopeType": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html",
      "Properties": {
        "ScopeName": {
          "Required": true,
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolresourceserver-resourceserverscopetype.html#cfn-cognito-userpoolresourceserver-resourceserverscopetype-scopename",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::Cognito::UserPoolResourceServer resource creates a new OAuth2.

0 resource server and defines custom scopes in it.

>> from AWS CloudFormation Documentation

The Other Related AWS Amazon Cognito Resources

Frequently asked questions

What is AWS Amazon Cognito Resource Server?

AWS Amazon Cognito Resource Server is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Amazon Cognito Resource Server?

For Terraform, the kronostechnologies/aws-mocks, JamesWoolfenden/terraform-aws-cognito and leomenezessz/pizza-orders source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the broswen/cognito-auth, c-rodwell/lambda and sandeeppnaik/AppAuthenticationInfrastructure-Cognito-ApiGateway source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents