【AWS】 Introducing the CloudFormation template created by Cognito UserPool
At first
To automate Cognito configuration, we created a CloudFormation template for creating a Cognito UserPool.
Example Template
AWSTemplateFormatVersion: 2010-09-09
Description:
This template creates an Amazon Cognito Userpool.
You will be billed for the AWS resources used if you create a stack from this
template.
Parameters:
FromEmailAddress:
Description: from email address
Type: String
FromEmailIdentityArn:
Description: from email ses arn
Type: String
Stage:
Type: String
Description: The name for a project stage, such as Prod, Acpt, Dev or Unit
UserPoolBaseName:
Description: User Pool Base Name
Type: String
UserPoolSuffixName:
Description: The suffix for UserPoolName
Type: String
UserPoolTagCost:
Description: The tag for cost management
Type: String
Resources:
UserPool:
Type: 'AWS::Cognito::UserPool'
Properties:
UserPoolName: !Sub '${UserPoolBaseName}${Stage}${UserPoolSuffixName}'
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
AllowAdminCreateUserOnly: true
UnusedAccountValidityDays: 90
AutoVerifiedAttributes:
- email
EmailConfiguration:
SourceArn: !Ref FromEmailIdentityArn
From: !Ref FromEmailAddress
EmailSendingAccount: DEVELOPER
Policies:
PasswordPolicy:
MinimumLength: 8
RequireLowercase: true
RequireNumbers: true
RequireSymbols: false
RequireUppercase: false
Schema:
- Name: email
AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Required: true
- Name: 'office_group_id'
AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Required: false
StringAttributeConstraints:
MinLength: 0
MaxLength: 256
- Name: 'office_id'
AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Required: false
StringAttributeConstraints:
MinLength: 0
MaxLength: 256
- Name: 'business_id'
AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Required: false
StringAttributeConstraints:
MinLength: 0
MaxLength: 256
- Name: 'user_type'
AttributeDataType: String
DeveloperOnlyAttribute: false
Mutable: true
Required: false
StringAttributeConstraints:
MinLength: 0
MaxLength: 256
UsernameAttributes:
- email
UsernameConfiguration:
CaseSensitive: true
UserPoolAddOns:
AdvancedSecurityMode: 'OFF'
UserPoolTags:
Cost: !Ref UserPoolTagCost
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_CODE
AppClientWeb:
Type: 'AWS::Cognito::UserPoolClient'
Properties:
UserPoolId: !Ref UserPool
ClientName: !Sub '${UserPoolBaseName}${Stage}${UserPoolSuffixName}_app_clientWeb'
AllowedOAuthFlowsUserPoolClient: false
EnableTokenRevocation: false
ExplicitAuthFlows:
- ALLOW_CUSTOM_AUTH
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
RefreshTokenValidity: 30
AccessTokenValidity: 1
IdTokenValidity: 1
TokenValidityUnits:
RefreshToken: days
AccessToken: hours
IdToken: hours
PreventUserExistenceErrors: LEGACY
ReadAttributes:
- 'birthdate'
- 'custom:office_group_id'
- 'custom:office_id'
- 'custom:business_id'
- 'custom:user_type'
- 'email'
- 'email_verified'
- 'family_name'
- 'given_name'
- 'middle_name'
- 'name'
WriteAttributes:
- 'birthdate'
- 'custom:office_group_id'
- 'custom:office_id'
- 'custom:business_id'
- 'custom:user_type'
- 'email'
- 'family_name'
- 'given_name'
- 'middle_name'
- 'name'
GenerateSecret: false
DependsOn:
- UserPool
supplement
configuration It is in the form of creating one UserPool and one app client contained therein.
restriction Because Japanese is not available, all items are not automatically reflected.
Parameters: Partial
The input definition of the parameter. The common part for each environment is set to the default value
* Japanese was garbled and could not be set.
AppClientWeb: Partial UserPoolClient definition for your app
External links
AWS::Cognito::UserPool AWS::Cognito::UserPoolClient This is the AWS official document that I used as a reference.
Create a Cognito AWS Cognito User Pool and Implement Signup in CloudFormation I used it as a reference for how to write and how to proceed
Conclusion
I hope you find the above helpful
