Namespace Pulumi.Aws.Cognito
Classes
GetUserPools
GetUserPoolsArgs
GetUserPoolsResult
IdentityPool
Provides an AWS Cognito Identity Pool.
Example Usage
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var @default = new Aws.Iam.SamlProvider("default", new Aws.Iam.SamlProviderArgs
{
SamlMetadataDocument = File.ReadAllText("saml-metadata.xml"),
});
var main = new Aws.Cognito.IdentityPool("main", new Aws.Cognito.IdentityPoolArgs
{
AllowUnauthenticatedIdentities = false,
CognitoIdentityProviders =
{
new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs
{
ClientId = "6lhlkkfbfb4q5kpp90urffae",
ProviderName = "cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ",
ServerSideTokenCheck = false,
},
new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs
{
ClientId = "7kodkvfqfb4qfkp39eurffae",
ProviderName = "cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu",
ServerSideTokenCheck = false,
},
},
IdentityPoolName = "identity pool",
OpenidConnectProviderArns =
{
"arn:aws:iam::123456789012:oidc-provider/foo.example.com",
},
SamlProviderArns =
{
@default.Arn,
},
SupportedLoginProviders =
{
{ "accounts.google.com", "123456789012.apps.googleusercontent.com" },
{ "graph.facebook.com", "7346241598935552" },
},
});
}
}
IdentityPoolArgs
IdentityPoolRoleAttachment
Provides an AWS Cognito Identity Pool Roles Attachment.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainIdentityPool = new Aws.Cognito.IdentityPool("mainIdentityPool", new Aws.Cognito.IdentityPoolArgs
{
AllowUnauthenticatedIdentities = false,
IdentityPoolName = "identity pool",
SupportedLoginProviders =
{
{ "graph.facebook.com", "7346241598935555" },
},
});
var authenticatedRole = new Aws.Iam.Role("authenticatedRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = mainIdentityPool.Id.Apply(id => @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Effect"": ""Allow"",
""Principal"": {{
""Federated"": ""cognito-identity.amazonaws.com""
}},
""Action"": ""sts:AssumeRoleWithWebIdentity"",
""Condition"": {{
""StringEquals"": {{
""cognito-identity.amazonaws.com:aud"": ""{id}""
}},
""ForAnyValue:StringLike"": {{
""cognito-identity.amazonaws.com:amr"": ""authenticated""
}}
}}
}}
]
}}
"),
});
var authenticatedRolePolicy = new Aws.Iam.RolePolicy("authenticatedRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Action"": [
""mobileanalytics:PutEvents"",
""cognito-sync:*"",
""cognito-identity:*""
],
""Resource"": [
""*""
]
}
]
}
",
Role = authenticatedRole.Id,
});
var mainIdentityPoolRoleAttachment = new Aws.Cognito.IdentityPoolRoleAttachment("mainIdentityPoolRoleAttachment", new Aws.Cognito.IdentityPoolRoleAttachmentArgs
{
IdentityPoolId = mainIdentityPool.Id,
RoleMappings =
{
new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs
{
AmbiguousRoleResolution = "AuthenticatedRole",
IdentityProvider = "graph.facebook.com",
MappingRule =
{
{
{ "claim", "isAdmin" },
{ "matchType", "Equals" },
{ "roleArn", authenticatedRole.Arn },
{ "value", "paid" },
},
},
Type = "Rules",
},
},
Roles =
{
{ "authenticated", authenticatedRole.Arn },
},
});
}
}
IdentityPoolRoleAttachmentArgs
IdentityPoolRoleAttachmentState
IdentityPoolState
IdentityProvider
Provides a Cognito User Identity Provider resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Cognito.UserPool("example", new Aws.Cognito.UserPoolArgs
{
AutoVerifiedAttributes =
{
"email",
},
});
var exampleProvider = new Aws.Cognito.IdentityProvider("exampleProvider", new Aws.Cognito.IdentityProviderArgs
{
AttributeMapping =
{
{ "email", "email" },
{ "username", "sub" },
},
ProviderDetails =
{
{ "authorize_scopes", "email" },
{ "client_id", "your client_id" },
{ "client_secret", "your client_secret" },
},
ProviderName = "Google",
ProviderType = "Google",
UserPoolId = example.Id,
});
}
}
IdentityProviderArgs
IdentityProviderState
ResourceServer
Provides a Cognito Resource Server.
Example Usage
Create a basic resource server
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
var resource = new Aws.Cognito.ResourceServer("resource", new Aws.Cognito.ResourceServerArgs
{
Identifier = "https://example.com",
UserPoolId = pool.Id,
});
}
}
Create a resource server with sample-scope
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
var resource = new Aws.Cognito.ResourceServer("resource", new Aws.Cognito.ResourceServerArgs
{
Identifier = "https://example.com",
Scopes =
{
new Aws.Cognito.Inputs.ResourceServerScopeArgs
{
ScopeDescription = "a Sample Scope Description",
ScopeName = "sample-scope",
},
},
UserPoolId = pool.Id,
});
}
}
ResourceServerArgs
ResourceServerState
UserGroup
Provides a Cognito User Group resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainUserPool = new Aws.Cognito.UserPool("mainUserPool", new Aws.Cognito.UserPoolArgs
{
});
var groupRole = new Aws.Iam.Role("groupRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Federated"": ""cognito-identity.amazonaws.com""
},
""Action"": ""sts:AssumeRoleWithWebIdentity"",
""Condition"": {
""StringEquals"": {
""cognito-identity.amazonaws.com:aud"": ""us-east-1:12345678-dead-beef-cafe-123456790ab""
},
""ForAnyValue:StringLike"": {
""cognito-identity.amazonaws.com:amr"": ""authenticated""
}
}
}
]
}
",
});
var mainUserGroup = new Aws.Cognito.UserGroup("mainUserGroup", new Aws.Cognito.UserGroupArgs
{
Description = "Managed by Pulumi",
Precedence = 42,
RoleArn = groupRole.Arn,
UserPoolId = mainUserPool.Id,
});
}
}
UserGroupArgs
UserGroupState
UserPool
Provides a Cognito User Pool resource.
Example Usage
Basic configuration
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
}
}
UserPoolArgs
UserPoolClient
Provides a Cognito User Pool Client resource.
Example Usage
Create a basic user pool client
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
var client = new Aws.Cognito.UserPoolClient("client", new Aws.Cognito.UserPoolClientArgs
{
UserPoolId = pool.Id,
});
}
}
Create a user pool client with no SRP authentication
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
var client = new Aws.Cognito.UserPoolClient("client", new Aws.Cognito.UserPoolClientArgs
{
ExplicitAuthFlows =
{
"ADMIN_NO_SRP_AUTH",
},
GenerateSecret = true,
UserPoolId = pool.Id,
});
}
}
Create a user pool client with pinpoint analytics
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
var testUserPool = new Aws.Cognito.UserPool("testUserPool", new Aws.Cognito.UserPoolArgs
{
});
var testApp = new Aws.Pinpoint.App("testApp", new Aws.Pinpoint.AppArgs
{
});
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""cognito-idp.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
});
var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = Output.Tuple(current, testApp.ApplicationId).Apply(values =>
{
var current = values.Item1;
var applicationId = values.Item2;
return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Action"": [
""mobiletargeting:UpdateEndpoint"",
""mobiletargeting:PutItems""
],
""Effect"": ""Allow"",
""Resource"": ""arn:aws:mobiletargeting:*:{current.AccountId}:apps/{applicationId}*""
}}
]
}}
";
}),
Role = testRole.Id,
});
var testUserPoolClient = new Aws.Cognito.UserPoolClient("testUserPoolClient", new Aws.Cognito.UserPoolClientArgs
{
AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs
{
ApplicationId = testApp.ApplicationId,
ExternalId = "some_id",
RoleArn = testRole.Arn,
UserDataShared = true,
},
UserPoolId = testUserPool.Id,
});
}
}
UserPoolClientArgs
UserPoolClientState
UserPoolDomain
Provides a Cognito User Pool Domain resource.
Example Usage
Amazon Cognito domain
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Cognito.UserPool("example", new Aws.Cognito.UserPoolArgs
{
});
var main = new Aws.Cognito.UserPoolDomain("main", new Aws.Cognito.UserPoolDomainArgs
{
Domain = "example-domain",
UserPoolId = example.Id,
});
}
}
Custom Cognito domain
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Cognito.UserPool("example", new Aws.Cognito.UserPoolArgs
{
});
var main = new Aws.Cognito.UserPoolDomain("main", new Aws.Cognito.UserPoolDomainArgs
{
CertificateArn = aws_acm_certificate.Cert.Arn,
Domain = "example-domain.example.com",
UserPoolId = example.Id,
});
}
}