AWS Amazon Cognito User Pool Client
This page shows how to write Terraform and CloudFormation for Amazon Cognito User Pool Client and write them securely.
aws_cognito_user_pool_client (Terraform)
The User Pool Client in Amazon Cognito can be configured in Terraform with the resource name aws_cognito_user_pool_client
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cognito_user_pool_client" "app_client" {
name = "some-client"
user_pool_id = aws_cognito_user_pool.main.id
generate_secret = true
allowed_oauth_flows_user_pool_client = true
allowed_oauth_flows = ["client_credentials"]
resource "aws_cognito_user_pool_client" "TransferDigitalRecordsApp" {
name = "TransferDigitalRecordsApp"
user_pool_id = aws_cognito_user_pool.pool.id
refresh_token_validity = "30"
generate_secret = false
}
resource "aws_cognito_user_pool_client" "app_user" {
name = "mobile_app_user"
generate_secret = false
user_pool_id = aws_cognito_user_pool.user_pool.id
}
Parameters
-
access_token_validity
optional - number -
allowed_oauth_flows
optional - set of string -
allowed_oauth_flows_user_pool_client
optional - bool -
allowed_oauth_scopes
optional - set of string -
callback_urls
optional - set of string -
client_secret
optional computed - string -
default_redirect_uri
optional - string -
explicit_auth_flows
optional - set of string -
generate_secret
optional - bool -
id
optional computed - string -
id_token_validity
optional - number -
logout_urls
optional - set of string -
name
required - string -
prevent_user_existence_errors
optional computed - string -
read_attributes
optional - set of string -
refresh_token_validity
optional - number -
supported_identity_providers
optional - set of string -
user_pool_id
required - string -
write_attributes
optional - set of string -
analytics_configuration
list block-
application_arn
optional - string -
application_id
optional - string -
external_id
optional - string -
role_arn
optional computed - string -
user_data_shared
optional - bool
-
-
token_validity_units
list block-
access_token
optional - string -
id_token
optional - string -
refresh_token
optional - string
-
Explanation in Terraform Registry
Provides a Cognito User Pool Client resource.
AWS::Cognito::UserPoolClient (CloudFormation)
The UserPoolClient in Cognito can be configured in CloudFormation with the resource name AWS::Cognito::UserPoolClient
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::Cognito::UserPoolClient
Properties:
# Generate an App Client Name based on stage
ClientName: hex-${self:custom.stage}-web-app-client
UserPoolId:
Ref: HexUserPool
Type: AWS::Cognito::UserPoolClient
Properties:
# Generate an app client name based on the stage
ClientName: sfa-user-pool-client
UserPoolId:
Ref: CognitoUserPool
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${self:service}-${self:custom.stage}-UserPoolClientAndroid
GenerateSecret: false
UserPoolId:
Ref: CognitoUserPoolMyUserPool
# Type: AWS::Cognito::UserPoolClient
# Properties:
# # Generate an app client name based on the stage
# ClientName: ${self:custom.stage}-${self:service}-userpool-client
# UserPoolId:
# Ref: CognitoUserPool
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: wbeat-cognito-client-${self:provider.stage}
UserPoolId:
Ref: CognitoUserPool
ExplicitAuthFlows:
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"ClientName": "yyp-user-pool-client",
"GenerateSecret": false,
"UserPoolId": {
"Ref": "CognitoUserPool"
"Type" : "AWS::Cognito::UserPoolClient",
"Properties" : {
"ClientName" : "AdminUserPoolClient",
"GenerateSecret" : false,
"RefreshTokenValidity" : 30,
"UserPoolId" : {"Ref":"AdminUserPool"}
"path": "/ResourceTypes/AWS::Cognito::UserPoolClient/Properties/ExplicitAuthFlows/Value",
"value": {
"ValueType": "AWS::Cognito::UserPoolClient.ExplicitAuthFlows"
}
},
{
"Type" : "AWS::Cognito::UserPoolClient",
"Properties" : {
"UserPoolId" : {"Ref":"TodoUserPool"}
}
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"RefreshTokenValidity": 30,
"UserPoolId": {
"Ref": "UserPool"
}
Parameters
-
AnalyticsConfiguration
optional - AnalyticsConfiguration -
GenerateSecret
optional - Boolean -
CallbackURLs
optional - List -
IdTokenValidity
optional - Integer -
AllowedOAuthScopes
optional - List -
TokenValidityUnits
optional - TokenValidityUnits -
ReadAttributes
optional - List -
AllowedOAuthFlowsUserPoolClient
optional - Boolean -
DefaultRedirectURI
optional - String -
SupportedIdentityProviders
optional - List -
ClientName
optional - String -
UserPoolId
required - String -
AllowedOAuthFlows
optional - List -
ExplicitAuthFlows
optional - List -
LogoutURLs
optional - List -
AccessTokenValidity
optional - Integer -
RefreshTokenValidity
optional - Integer -
WriteAttributes
optional - List -
PreventUserExistenceErrors
optional - String -
EnableTokenRevocation
optional - Boolean
Explanation in CloudFormation Registry
The
AWS::Cognito::UserPoolClient
resource specifies an Amazon Cognito user pool client.
Frequently asked questions
What is AWS Amazon Cognito User Pool Client?
AWS Amazon Cognito User Pool Client is a resource for Amazon Cognito of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon Cognito User Pool Client?
For Terraform, the kronostechnologies/aws-mocks, nationalarchives/tdr-prototype-terraform and ccteng/nursing_capstone source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the TriangularCube/hex-backend, cotta0322/sample-angular-awslambda and rolme/refactor-services source code examples are useful. See the CloudFormation Example section for further details.